Abstract
The composition of processes is in general not secrecy preserving under the Dolev-Yao attacker model. In this paper, we describe an algorithmic decision procedure which determines whether the composition of secrecy preserving processes is still secrecy preserving. As a case-study we consider a variant of the TLS protocol where, even though the client and server considered separately would be viewed as preserving the secrecy of the data to be communicated, its composition to the complete protocol does not preserve that secrecy. We also show results on tool support that allows one to validate the efficiency of our algorithm for multiple compositions.
This research was partially supported by the MoDelSec Project of the DFG Priority Programme 1496 “Reliably Secure Software Systems – RS3” and the EU project NESSoS (FP7 256890).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M.: Security protocols and their properties. In: Bauer, F., Steinbrüggen, R. (eds.) 20th International Summer School on Foundations of Secure Computation, Marktoberdorf, Germany, pp. 39–60. IOS Press, Amsterdam (2000)
Apostolopoulos, G., Peris, V., Saha, D.: Transport layer security: How much does it really cost? In: Proceedings of the IEEE Infocom, pp. 717–725 (1999)
Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Tobarra, M.L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Shmatikov, V. (ed.) FMSE, pp. 1–10. ACM (2008)
Broy, M.: A logical basis for component-based systems engineering. In: Calculational System Design. IOS Press (1999)
Clarke, E.M., Long, D.E., Mcmillan, K.L.: Compositional model checking. In: Proceedings of the Fourth Annual Symposium on Logic in Computer Science (LICS 1989). IEEE Computer Society (1989)
Datta, A., Derek, A., Mitchell, J.C., Roy, A.: Protocol composition logic (pcl). Electronic Notes in Theoretical Computer Science 172(0), 311–358 (2007); Computation, Meaning, and Logic: Articles dedicated to Gordon Plotkin
Guttman, J.D.: Cryptographic Protocol Composition via the Authentication Tests. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 303–317. Springer, Heidelberg (2009)
Guttman, J.D., Javier, F., Fábrega, F.J.T.: Protocol independence through disjoint encryption. In: Proceedings 13th Computer Security Foundations Workshop, pp. 24–34. IEEE Computer Society Press (2000)
Jürjens, J.: Composability of Secrecy. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 28–38. Springer, Heidelberg (2001)
Jürjens, J.: A domain-specific language for cryptographic protocols based on streams. J. Log. Algebr. Program. 78(2), 54–73 (2009)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. Software Concepts and Tools 17(3), 93–102 (1996)
Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: DARPA Information Survivability Conference and Exposition (DISCEX 2000), pp. 237–250. IEEE Computer Society (2000)
Paulson, L.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)
Stoller, S.D.: A bound on attacks on authentication protocols. In: Proc. of the 2nd IFIP International Conference on Theoretical Computer Science: Foundations of Information Technology in the Era of Network and Mobile Computing (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ochoa, M., Jürjens, J., Warzecha, D. (2012). A Sound Decision Procedure for the Compositionality of Secrecy. In: Barthe, G., Livshits, B., Scandariato, R. (eds) Engineering Secure Software and Systems. ESSoS 2012. Lecture Notes in Computer Science, vol 7159. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28166-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-28166-2_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-28165-5
Online ISBN: 978-3-642-28166-2
eBook Packages: Computer ScienceComputer Science (R0)