Advertisement

Symbolic Timed Trace Equivalence

  • Vivek Nigam
  • Carolyn TalcottEmail author
  • Abraão Aires Urquiza
Chapter
  • 204 Downloads
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11565)

Abstract

Intruders can infer properties of a system by measuring the time it takes for the system to respond to some request of a given protocol, that is, by exploiting time side channels. These properties may help intruders distinguish whether a system is a honeypot or concrete system helping them avoid defense mechanisms, or track a user among others violating his privacy. Observational and trace equivalence are technical machineries used for verifying whether two systems are distinguishable. Automating the check for trace equivalence suffers the state-space explosion problem. Symbolic verification is used to mitigate this problem allowing for the verification of relatively large systems. This paper introduces a novel definition of timed trace equivalence based on symbolic time constraints. Protocol verification problems can then be reduced to problems solvable by off-the-shelf SMT solvers. We implemented such machinery in Maude and carry out a number of experiments demonstrating the feasibility of our approach.

Notes

Acknowledgments

We thank the anonymous reviewer for careful reading and helpful suggestions for improvement. Nigam was partially supported by NRL grant N0017317-1-G002 and by CNPq grant 303909/2018-8. Talcott was partly supported by ONR grant N00014-15-1-2202 and NRL grant N0017317-1-G002.

References

  1. 1.
    Abadi, M., Fournet, C.: Private authentication. Theor. Comput. Sci. 322(3), 427–476 (2004)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Agha, G., Mason, I.A., Smith, S.F., Talcott, C.L.: A foundation for actor computation. J. Funct. Program. 7, 1–72 (1997)MathSciNetCrossRefGoogle Scholar
  3. 3.
    Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, Edinburgh, United Kingdom, 17–19 July 2010, pp. 107–121 (2010)Google Scholar
  4. 4.
    Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22110-1_14CrossRefGoogle Scholar
  5. 5.
    Basin, D., Sebastian Mödersheim, L.V.: OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. (2004).  https://doi.org/10.1007/s10207-004-0055-7
  6. 6.
    Bella, G., Paulson, L.C.: Kerberos version IV: inductive analysis of the secrecy goals. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 361–375. Springer, Heidelberg (1998).  https://doi.org/10.1007/BFb0055875CrossRefGoogle Scholar
  7. 7.
    Benton, N., Hofmann, M., Nigam, V.: Effect-dependent transformations for concurrent programs. In: Proceedings of the 18th International Symposium on Principles and Practice of Declarative Programming, 5–7 September 2016, Edinburgh, United Kingdom, pp. 188–201 (2016)Google Scholar
  8. 8.
    Brands, S., Chaum, D.: Distance-bounding protocols (extended abstract). In: EUROCRYPT, pp. 344–359 (1993)Google Scholar
  9. 9.
    Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: CSFW, pp. 55–69 (1999)Google Scholar
  10. 10.
    Cheval, V., Cortier, V.: Timing attacks in security protocols: symbolic framework and proof techniques. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 280–299. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46666-7_15CrossRefGoogle Scholar
  11. 11.
    Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-14577-3_5CrossRefGoogle Scholar
  12. 12.
    Clavel, M., et al.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007).  https://doi.org/10.1007/978-3-540-71999-1CrossRefzbMATHGoogle Scholar
  13. 13.
    Corin, R., Etalle, S., Hartel, P.H., Mader, A.: Timed model checking of security protocols. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, New York, NY, USA, pp. 23–32. ACM (2004)Google Scholar
  14. 14.
    Cortier, V., Delaune, S.: A method for proving observational equivalence. In: Proceedings of the 22nd IEEE Computer Security Foundations Symposium, CSF 2009, Port Jefferson, New York, USA, 8–10 July 2009, pp. 266–276 (2009)Google Scholar
  15. 15.
    Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)MathSciNetCrossRefGoogle Scholar
  16. 16.
    Durán, F., Eker, S., Escobar, S., Martí-Oliet, N., Meseguer, J., Talcott, C.: Built-in variant generation and unification, and their applications in Maude 2.7. In: Olivetti, N., Tiwari, A. (eds.) IJCAR 2016. LNCS (LNAI), vol. 9706, pp. 183–192. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-40229-1_13CrossRefGoogle Scholar
  17. 17.
    Biere, A., Bloem, R. (eds.): CAV 2014. LNCS, vol. 8559. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-08867-9CrossRefGoogle Scholar
  18. 18.
    Dutertre, B.: Solving exists/forall problems with yices. In: SMT (2015)Google Scholar
  19. 19.
    Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-03829-7_1CrossRefzbMATHGoogle Scholar
  20. 20.
    Evans, N., Schneider, S.: Analysing time dependent security properties in CSP using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000).  https://doi.org/10.1007/10722599_14CrossRefGoogle Scholar
  21. 21.
    Gazeau, I., Kremer, S.: Automated analysis of equivalence properties for security protocols using else branches. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 1–20. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66399-9_1CrossRefGoogle Scholar
  22. 22.
    González-Burgueño, A., Aparicio-Sánchez, D., Escobar, S., Meadows, C.A., Meseguer, J.: Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA. In: 22nd International Conference on Logic for Programming, Artificial Intelligence and Reasoning, pp. 400–417 (2018)Google Scholar
  23. 23.
    González-Burgueño, A., Santiago, S., Escobar, S., Meadows, C.A., Meseguer, J.: Analysis of the PKCS#11 API using the Maude-NPA tool. In: Proceedings of the Security Standardisation Research - Second International Conference, SSR 2015, Tokyo, Japan, 15–16 December 2015, pp. 86–106 (2015)Google Scholar
  24. 24.
    Gorrieri, R., Locatelli, E., Martinelli, F.: A simple language for real-time cryptographic protocol analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 114–128. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36575-3_9CrossRefGoogle Scholar
  25. 25.
    Gunter, C.A.: Semantics of Programming Languages - Structures and Techniques. Foundations of Computing. MIT Press, Cambridge (1993)Google Scholar
  26. 26.
    Ho, G., Boneh, D., Ballard, L., Provos, N.: Tick tock: building browser red pills from timing side channels. In: Bratus, S., Lindner, F.F.X. (eds.) 8th USENIX Workshop on Offensive Technologies, WOOT 2014 (2014)Google Scholar
  27. 27.
    Jakubowska, G., Penczek, W.: Modelling and checking timed authentication of security protocols. Fundam. Inf. 79(3–4), 363–378 (2007)MathSciNetzbMATHGoogle Scholar
  28. 28.
    Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L.: Towards timed models for cyber-physical security protocols (2014). Available in Nigam’s homepageGoogle Scholar
  29. 29.
    Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L., Perovic, R.: A rewriting framework for activities subject to regulations. In: 23rd International Conference on Rewriting Techniques and Applications (RTA 2012), Nagoya, Japan, 28 May–2 June 2012, pp. 305–322 (2012)Google Scholar
  30. 30.
    Mason, I.A., Talcott, C.L.: IOP: The interoperability platform & IMaude: an interactive extension of Maude. In: Fifth International Workshop on Rewriting Logic and Its Applications (WRLA 2004). Electronic Notes in Theoretical Computer Science. Elsevier (2004)Google Scholar
  31. 31.
    Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26(2), 113–131 (1996)CrossRefGoogle Scholar
  32. 32.
    Meadows, C.A.: Analysis of the internet key exchange protocol using the NRL protocol analyzer. In: 1999 IEEE Symposium on Security and Privacy, pp. 216–231 (1999)Google Scholar
  33. 33.
    Meadows, C.A.: A cost-based framework for analysis of denial of service networks. J. Comput. Secur. 9(1/2), 143–164 (2001)CrossRefGoogle Scholar
  34. 34.
    Meadows, C.A., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: authentication logic analysis and collusion attacks. In: Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks, pp. 279–298 (2007)Google Scholar
  35. 35.
    Milner, R.: Communicating and Mobile Systems - The Pi-Calculus. Cambridge University Press, Cambridge (1999)zbMATHGoogle Scholar
  36. 36.
    Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978).  https://doi.org/10.1145/359657.359659CrossRefzbMATHGoogle Scholar
  37. 37.
    Nigam, V., Talcott, C., Urquiza, A.A.: Symbolic timed observational equivalence (2018). https://arxiv.org/abs/1801.04066
  38. 38.
    Nigam, V., Talcott, C., Aires Urquiza, A.: Towards the automated verification of cyber-physical security protocols: bounding the number of timed intruders. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 450–470. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-45741-3_23CrossRefGoogle Scholar
  39. 39.
    Rocha, C.: Symbolic reachability analysis for rewrite theories. Ph.D. thesis, University of Illinois at Urbana-Champagne (2012)Google Scholar
  40. 40.
    Santiago, S., Escobar, S., Meadows, C., Meseguer, J.: A formal definition of protocol indistinguishability and its verification using Maude-NPA. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 162–177. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11851-2_11CrossRefzbMATHGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Vivek Nigam
    • 1
    • 2
  • Carolyn Talcott
    • 3
    Email author
  • Abraão Aires Urquiza
    • 1
  1. 1.Federal University of ParaíbaJoão PessoaBrazil
  2. 2.fortiss GmbHMunichGermany
  3. 3.SRI InternationalMenlo ParkUSA

Personalised recommendations