Skip to main content
SpringerLink
Log in

Safely composing security protocols

  • Published:
Formal Methods in System Design Aims and scope Submit manuscript

Abstract

Security protocols are small programs that are executed in hostile environments. Many results and tools have been developed to formally analyze the security of a protocol in the presence of an active attacker that may block, intercept and send new messages. However even when a protocol has been proved secure, there is absolutely no guarantee if the protocol is executed in an environment where other protocols are executed, possibly sharing some common keys like public keys or long-term symmetric keys.

In this paper, we show that security of protocols can be easily composed. More precisely, we show that whenever a protocol is secure, it remains secure even in an environment where arbitrary protocols satisfying a reasonable (syntactic) condition are executed. This result holds for a large class of security properties that encompasses secrecy and various formulations of authentication.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi M, Needham RM (1996) Prudent engineering practice for cryptographic protocols. IEEE Trans Softw Eng 22(1):6–15

    Article  Google Scholar 

  2. Abadi M, Rogaway P (2000) Reconciling two views of cryptography. In: Proc of the international conference on theoretical computer science (IFIP TCS2000), August 2000, pp 3–22

  3. Amadio R, Charatonik W (2002) On name generation and set-based analysis in the Dolev-Yao model. In: Proc international conference on concurrency theory (CONCUR’02). LNCS, vol 2421. Springer, Berlin, pp 499–514

    Google Scholar 

  4. Andova S, Cremers C, Steen KG, Mauw S, lsnes SM, Radomirović S (2008) Sufficient conditions for composing security protocols. Inf Comput 206(2–4):425–459

    Article  MATH  Google Scholar 

  5. Arapinis M, Delaune S, Kremer S (2008) From one session to many: Dynamic tags for security protocols. In: Cervesato I (ed) Proc 15th international conference on logic for programming, artificial intelligence, and reasoning (LPAR’08), Doha, Qatar, LNAI. Springer, Berlin (to appear)

  6. Arapinis M, Duflot M (2007) Bounding messages for free in security protocols. In: Proc 27th conference on foundations of software technology and theoretical computer science (FSTTCS’07). LNCS, vol 4855. Springer, Berlin, pp 376–387

    Chapter  Google Scholar 

  7. Armando A, Basin D, Boichut Y, Chevalier Y, Compagna L, Cuellar J, Drielsma PH, Héam P, Kouchnarenko O, Mantovani J, Mödersheim S, von Oheimb D, Rusinowitch M, Santiago J, Turuani M, Viganò L, Vigneron L (2005) The Avispa tool for the automated validation of Internet security protocols and applications. In: Proc 17th international conference on computer aided verification (CAV’05). LNCS, vol 3576. Springer, Berlin

    Google Scholar 

  8. Backes M, Pfitzmann B, Waidner M (2003) A composable cryptographic library with nested operations (extended abstract). In: Proc of 10th ACM conference on computer and communications security (CCS’05), pp 220–230

  9. Barak B, Canetti R, Nielsen J, Pass R (2004) Universally composable protocols with relaxed set-up assumptions. In: Proc 45th symposium on foundations of computer science (FOCS’04). IEEE Comput Soc Press, Los Alamitos, pp 186–195

    Chapter  Google Scholar 

  10. Blanchet B (2001) An efficient cryptographic protocol verifier based on Prolog rules. In: Proc 14th computer security foundations workshop (CSFW’01). IEEE Comput Soc Press, Los Alamitos, pp 82–96

    Chapter  Google Scholar 

  11. Blanchet B, Podelski A (2003) Verification of cryptographic protocols: Tagging enforces termination. In: Proc 6th international conference on foundations of software science and computation structures (FoSSaCS’03). LNCS, vol 2620. Springer, Berlin

    Chapter  Google Scholar 

  12. Canetti R (2001) Universally composable security: A new paradigm for cryptographic protocols. In: Proc 42nd annual symposium on foundations of computer science (FOCS’01). IEEE Comput Soc, Los Alamitos, pp 136–145

    Google Scholar 

  13. Canetti R, Dodis Y, Pass R, Walfish S (2007) Universally composable security with global setup. In: Proc 4th theory of cryptography conference (TCC’07). LNCS. Springer, Berlin, pp 61–85

    Google Scholar 

  14. Canetti R, Meadows C, Syverson PF (2002) Environmental requirements for authentication protocols. In: Proc symposium on software security—theories and systems. LNCS, vol 2609. Springer, Berlin, pp 339–355

    Google Scholar 

  15. Canetti R, Rabin T (2003) Universal composition with joint state. In: Proc 23rd international cryptology conference (CRYPTO’03). LNCS. Springer, Berlin, pp 265–281

    Google Scholar 

  16. Chevalier Y (2003) Résolution de problèmes d’accessibilité pour la compilation et la validation de protocoles cryptographiques. PhD thesis, Université Henri Poincaré, Nancy, France

  17. Clulow J (2003) The design and analysis of cryptographic APIs for security devices. Master’s thesis, University of Natal, Durban, South Africa. Chap 3

  18. Comon-Lundh H, Cortier V (2003) New decidability results for fragments of first-order logic and application to cryptographic protocols. In: Proc 14th int conf on rewriting techniques and applications (RTA’2003), June 2003. LNCS, vol 2706. Springer, Berlin, pp 148–164

    Chapter  Google Scholar 

  19. Comon-Lundh H, Cortier V (2004) Security properties: two agents are sufficient. Sci Comput Program 50(1-3):51–71

    Article  MATH  MathSciNet  Google Scholar 

  20. Comon-Lundh H, Shmatikov V (2003) Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proc 18th annual symposium on logic in comput sci (LICS’03). IEEE Comput Soc Press, Los Alamitos, pp 271–280

    Chapter  Google Scholar 

  21. Corin R (2006) Analysis models for security protocols. PhD thesis, University of Twente

  22. Cortier V, Delaitre J, Delaune S (2007) Safely composing security protocols. In: Proc 27th conference on foundations of software technology and theoretical computer science (FSTTCS’07). LNCS, vol 4855. Springer, Berlin, pp 352–363

    Chapter  Google Scholar 

  23. Cortier V, Zalinescu E (2006) Deciding key cycles for security protocols. In: Proc. 13th international conference on logic for programming, artificial intelligence, and reasoning (LPAR’06). LNCS, vol 4246. Springer, Berlin, pp 317–331

    Chapter  Google Scholar 

  24. Cremers C (2006) Scyther—semantics and verification of security protocols. PhD dissertation, Eindhoven University of Technology

  25. Datta A, Derek A, Mitchell JC, Roy A (2007) Protocol composition logic (PCL). Electr Not Theor Comput Sci 172:311–358

    Article  MathSciNet  Google Scholar 

  26. Delaune S, Kremer S, Ryan MD (2008) Composition of password-based protocols. In: Proc of the 21st IEEE computer security foundations symposium (CSF’08), Pittsburgh, PA, USA, 2008. IEEE Computer Society Press, Los Alamitos, pp 239–251

    Google Scholar 

  27. Durgin N, Lincoln P, Mitchell J, Scedrov A (1999) Undecidability of bounded security protocols. In: Proc of the workshop on formal methods and security protocols

  28. Gong L, Syverson P (1995) Fail-stop protocols: An approach to designing secure protocols. In: Proc 5th international working conference on dependable computing for critical applications, pp 44–55

  29. Guttman JD, Thayer FJ (2000) Protocol independence through disjoint encryption. In: Proc 13th computer security foundations workshop (CSFW’00). IEEE Comput Soc Press, Los Alamitos, pp 24–34

    Chapter  Google Scholar 

  30. Kelsey J, Schneier B, Wagner D (1997) Protocol interactions and the chosen protocol attack. In: Proc 5th international workshop on security protocols. LNCS, vol 1361. Springer, Berlin, pp 91–104

    Google Scholar 

  31. Küsters R, Tuengerthal M (2008) Joint state theorems for public-key encryption and digital signature functionalities with local computation. In: Proceedings of the 21st IEEE computer security foundations symposium (CSF 2008). IEEE Comput Soc Press, Los Alamitos

    Google Scholar 

  32. Lowe G (1996) Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Proc 2nd international workshop on tools and algorithms for the construction and analysis of systems (TACAS’96), Berlin Germany, 1996. LNCS, vol 1055. Springer, Berlin, pp 147–166

    Google Scholar 

  33. Lowe G (1997) Casper: A compiler for the analysis of security protocols. In: Proc 10th computer security foundations workshop (CSFW’97). IEEE Comput Soc Press, Los Alamitos

    Google Scholar 

  34. Lowe G (1997) A hierarchy of authentication specifications. In: Proceedings of the 10th computer security foundations workshop (CSFW’97), Rockport, Massachusetts, USA, 1997. IEEE Computer Society Press, Los Alamitos, pp 18–30

    Chapter  Google Scholar 

  35. Martelli A, Montanari U (1982) An efficient unification algorithm. ACM Trans Program Lang Syst 4(2):258–282

    Article  MATH  Google Scholar 

  36. Millen JK, Shmatikov V (2001) Constraint solving for bounded-process cryptographic protocol analysis. In Proc 8th ACM conference on computer and communications security (CCS’01), pp 166–175

  37. Needham R, Schroeder M (1978) Using encryption for authentication in large networks of computers. Commun ACM 21(12):993–999

    Article  MATH  Google Scholar 

  38. Rusinowitch M, Turuani M (2003) Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theor Comput Sci 299:451–475

    Article  MATH  MathSciNet  Google Scholar 

  39. Schneider S (1996) Security properties and CSP. In: Proc of the symposium on security and privacy, Oakland, 1996. IEEE Computer Society Press, Los Alamitos, pp 174–187

    Google Scholar 

  40. Seidl H, Verma KN (2005) Flat and one-variable clauses: Complexity of verifying cryptographic protocols with single blind copying. In: Proc 11th international conference on logic for programming, artificial intelligence, and reasoning (LPAR’04). LNCS, vol 3452. Springer, Berlin

    Google Scholar 

  41. Song DX (1999) Athena: A new efficient automatic checker for security protocol analysis. In: Proc 12th computer security foundations workshop (CSFW’99), Mordano, Italy, June 1999. IEEE Computer Society Press, Los Alamitos

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LORIA, CNRS & INRIA project Cassis, Nancy, France

    Véronique Cortier & Stéphanie Delaune

  2. LSV, CNRS & INRIA project Secsi & ENS de Cachan, Cachan, France

    Stéphanie Delaune

Authors
  1. Véronique Cortier
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stéphanie Delaune
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stéphanie Delaune.

Additional information

This work has been partly supported by the RNTL project POSÉ and the ARA SSIA Formacrypt.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cortier, V., Delaune, S. Safely composing security protocols. Form Methods Syst Des 34, 1–36 (2009). https://doi.org/10.1007/s10703-008-0059-4

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10703-008-0059-4

Keywords

Search

Navigation