Advertisement

Enrich-by-Need Protocol Analysis for Diffie-Hellman

  • Moses D. Liskov
  • Joshua D. Guttman
  • John D. RamsdellEmail author
  • Paul D. Rowe
  • F. Javier Thayer
Chapter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11565)

Abstract

Enrich-by-need analysis characterizes all executions of a security protocol that extend a given scenario. It computes a strongest security goal the protocol achieves in that scenario. cpsa, a Cryptographic Protocol Shapes Analyzer, implements enrich-by-need analysis.

In this paper, we show how cpsa now analyzes protocols with Diffie-Hellman key agreement (DH) in the enrich-by-need style. While this required substantial changes both to the cpsa implementation and its theory, the new version retains cpsa’s efficient and informative behavior. Moreover, the new functionality is justified by an algebraically natural model of the groups and fields which DH manipulates.

The model entails two lemmas that describe the conditions under which the adversary can deliver DH values to protocol participants. These lemmas determined how cpsa handles the new cases. The lemmas may also be of use in other approaches.

This paper is dedicated to Cathy Meadows, with warmth and gratitude.

References

  1. 1.
    Ankney, R., Johnson, D., Matyas, M.: The Unified Model. Contribution to ANSI X9F1. Standards Projects (Financial Crypto Tools), ANSI X, 42 (1995)Google Scholar
  2. 2.
    Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005).  https://doi.org/10.1007/11513988_27CrossRefGoogle Scholar
  3. 3.
    Barthe, G., Fagerholm, E., Fiore, D., Mitchell, J.C., Scedrov, A., Schmidt, B.: Automated analysis of cryptographic assumptions in generic group models. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 95–112. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44371-2_6CrossRefzbMATHGoogle Scholar
  4. 4.
    Basin, D.A., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. J. Comput. Secur. 21(6), 817–846 (2013)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Entity authentication and key distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994).  https://doi.org/10.1007/3-540-48329-2_21CrossRefGoogle Scholar
  6. 6.
    Cremers, C.: Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 315–334. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-23822-2_18CrossRefGoogle Scholar
  7. 7.
    Cremers, C., Mauw, S.: Operational Semantics and Verification of Security Protocols. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-540-78636-8CrossRefzbMATHGoogle Scholar
  8. 8.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)MathSciNetCrossRefGoogle Scholar
  9. 9.
    Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Cryptogr. 2(2), 107–125 (1992)MathSciNetCrossRefGoogle Scholar
  10. 10.
    Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Trans. Inf. Theory 29, 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  11. 11.
    Dougherty, D.J., Guttman, J.D.: Decidability for lightweight Diffie-Hellman protocols. In: IEEE Symposium on Computer Security Foundations (2014)Google Scholar
  12. 12.
    Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03829-7_1CrossRefzbMATHGoogle Scholar
  13. 13.
    Guttman, J.D.: Shapes: surveying crypto protocol runs. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols, Cryptology and Information Security Series. IOS Press (2011)Google Scholar
  14. 14.
    Guttman, J.D.: Establishing and preserving protocol security goals. J. Comput. Secur. 22(2), 201–267 (2014)CrossRefGoogle Scholar
  15. 15.
    Küsters, R., Truderung, T.: Using ProVerif to analyze protocols with Diffie-Hellman exponentiation. In: IEEE Computer Security Foundations Symposium, pp. 157–171. IEEE (2009)Google Scholar
  16. 16.
    Liskov, M., Javier Thayer, F.: Modeling Diffie-Hellman derivability for automated analysis. In: IEEE Computer Security Foundations, pp. 232–243 (2014)Google Scholar
  17. 17.
    Liskov, M.D., Guttman, J.D., Ramsdell, J.D., Rowe, P.D., Javier Thayer, F.: Enrich-by-need protocol analysis for Diffie-Hellman (extended version), April 2018. http://arxiv.org/abs/1804.05713
  18. 18.
    Liskov, M.D., Rowe, P.D., Javier Thayer, F.: Completeness of CPSA. Technical Report MTR110479, The MITRE Corporation, March 2011. http://www.mitre.org/publications/technical-papers/completeness-of-cpsa
  19. 19.
    Liskov, M.D., Javier Thayer, F.: Formal modeling of Diffie-Hellman derivability for exploratory automated analysis. Technical report, MITRE, June 2013. TR 13–0411Google Scholar
  20. 20.
    Lowe, G.: A hierarchy of authentication specifications. In: 10th Computer Security Foundations Workshop Proceedings, pp. 31–43. IEEE CS Press (1997)Google Scholar
  21. 21.
    Maurer, U.M.: Abstract models of computation in cryptography. In: Smart, N.P. (ed.) Cryptography and Coding 2005. LNCS, vol. 3796, pp. 1–12. Springer, Heidelberg (2005).  https://doi.org/10.1007/11586821_1CrossRefzbMATHGoogle Scholar
  22. 22.
    Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-39799-8_48CrossRefGoogle Scholar
  23. 23.
    Ramsdell, J.D.: Deducing security goals from shape analysis sentences. The MITRE Corporation, April 2012. http://arxiv.org/abs/1204.0480
  24. 24.
    Ramsdell, J.D., Guttman, J.D.: CPSA: a cryptographic protocol shapes analyzer (2009). http://hackage.haskell.org/package/cpsa
  25. 25.
    Rowe, P.D., Guttman, J.D., Liskov, M.D.: Measuring protocol strength with security goals. Int. J. Inf. Secur. 15(6), 575–596 (2016).  https://doi.org/10.1007/s10207-016-0319-z. http://web.cs.wpi.edu/~guttman/pubs/ijis_measuring-security.pdf
  26. 26.
    Shoup, V.: Lower bounds for discrete logarithms and related problems. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 256–266. Springer, Heidelberg (1997).  https://doi.org/10.1007/3-540-69053-0_18CrossRefGoogle Scholar
  27. 27.
    Javier Thayer, F., Herzog, J.C., Guttman, J.D.: Strand spaces: proving security protocols correct. J. Comput. Secur. 7(2/3), 191–230 (1999)CrossRefGoogle Scholar
  28. 28.
    Turuani, M.: The CL-Atse protocol analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006).  https://doi.org/10.1007/11805618_21CrossRefGoogle Scholar
  29. 29.
    Viganò, L.: Automated security protocol analysis with the AVISPA tool. Electron. Notes Theor. Comput. Sci. 155, 61–86 (2006)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Moses D. Liskov
    • 1
  • Joshua D. Guttman
    • 1
  • John D. Ramsdell
    • 1
    Email author
  • Paul D. Rowe
    • 1
  • F. Javier Thayer
    • 1
  1. 1.The MITRE CorporationBedfordUSA

Personalised recommendations