Secrecy Despite Compromise: Types, Cryptography, and the Pi-Calculus

  • Andrew D. Gordon
  • Alan Jeffrey
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3653)


A realistic threat model for cryptographic protocols or for language-based security should include a dynamically growing population of principals (or security levels), some of which may be compromised, that is, come under the control of the adversary. We explore such a threat model within a pi-calculus. A new process construct records the ordering between security levels, including the possibility of compromise. Another expresses the expectation of conditional secrecy of a message—that a particular message is unknown to the adversary unless particular levels are compromised. Our main technical contribution is the first system of secrecy types for a process calculus to support multiple, dynamically-generated security levels, together with the controlled compromise or downgrading of security levels. A series of examples illustrates the effectiveness of the type system in proving secrecy of messages, including dynamically-generated messages. It also demonstrates the improvement over prior work obtained by including a security ordering in the type system. Perhaps surprisingly, the soundness proof for our type system for symbolic cryptography is via a simple translation into a core typed pi-calculus, with no need to take symbolic cryptography as primitive.


Type System Security Level Security Protocol Cryptographic Protocol Process Construct 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M.: Secrecy by typing in security protocols. J. ACM 46(5), 749–786 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Abadi, M.: Security protocols and their properties. In: Foundations of Secure Computation, pp. 39–60. IOS Press, Amsterdam (2000)Google Scholar
  3. 3.
    Abadi, M., Blanchet, B.: Secrecy types for asymmetric communication. Theoretical Comput. Sci. 298(3), 387–415 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    Abadi, M., Blanchet, B.: Analyzing Security Protocols with Secrecy Types and Logic Programs. Journal of the ACM 52(1), 102–146 (2005)CrossRefMathSciNetzbMATHGoogle Scholar
  5. 5.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148, 1–70 (1999)zbMATHCrossRefMathSciNetGoogle Scholar
  6. 6.
    Blanchet, B.: From secrecy to authenticity in security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 242–259. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Boudol, G., Matos, A.: On declassification and the non-disclosure policy. In: 18th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (2005) (to appear)Google Scholar
  8. 8.
    Bugliesi, M., Focardi, R., Maffei, M.: Authenticity by tagging and typing. In: Formal Methods in Security Engineering (FMSE 2004), pp. 1–12 (2004)Google Scholar
  9. 9.
    Cardelli, L., Ghelli, G., Gordon, A.D.: Secrecy and group creation. Information and Computation 196(2), 127–155 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Fournet, C., Gordon, A.D., Maffeis, S.: A type discipline for authorization policies. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 141–156. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Gordon, A.D., Jeffrey, A.: Typing one-to-one and one-to-many correspondences in security protocols. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 270–282. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Gordon, A.D., Jeffrey, A.: Authenticity by typing for security protocols. Journal of Computer Security 11(4), 451–521 (2003)Google Scholar
  13. 13.
    Gordon, A.D., Jeffrey, A.: Types and effects for asymmetric cryptographic protocols. Journal of Computer Security 12(3/4), 435–484 (2003)Google Scholar
  14. 14.
    Gordon, A.D., Jeffrey, A.: Typing correspondence assertions for communication protocols. Theoretical Computer Science 300, 379–409 (2003)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Gordon, A.D., Jeffrey, A.: Secrecy despite compromise: Types, cryptography, and the pi-calculus. Technical Report MSR–TR–2005–76, Microsoft Research (2005) Google Scholar
  16. 16.
    Hoshina, D., Sumii, E., Yonezawa, A.: A typed process calculus for fine-grained resource access control in distributed computation. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 64–81. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  17. 17.
    Milner, R.: Communicating and Mobile Systems: the π-Calculus. CUP (1999)Google Scholar
  18. 18.
    Myers, A.C., Liskov, B.: Protecting privacy using the decentralized label model. ACM Transactions on Software Engineering and Methodology 9(4), 410–442 (2000)CrossRefGoogle Scholar
  19. 19.
    Odersky, M.: Polarized name passing. In: Thiagarajan, P.S. (ed.) FSTTCS 1995. LNCS, vol. 1026, pp. 324–335. Springer, Heidelberg (1995)Google Scholar
  20. 20.
    Riely, J., Hennessy, M.: Trust and partial typing in open systems of mobile agents. In: 26th ACM Symposium on Principles of Programming Languages, pp. 93–104 (1999)Google Scholar
  21. 21.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE Journal on Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  22. 22.
    Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: 18th IEEE Computer Security Foundations Workshop. IEEE Computer Society Press, Los Alamitos (2005) (to appear)Google Scholar
  23. 23.
    Simonet, V.: The Flow Caml system: documentation and user’s manual. Technical Report 0282, INRIA (2003) Google Scholar
  24. 24.
    Tse, S., Zdancewic, S.: Run-time principals in information-flow type systems. In: IEEE Computer Society Symposium on Research in Security and Privacy (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Andrew D. Gordon
    • 1
  • Alan Jeffrey
    • 2
  1. 1.Microsoft Research 
  2. 2.Lucent TechnologiesDePaul University and Bell Labs 

Personalised recommendations