Advertisement

Safely Composing Security Protocols

  • Véronique Cortier
  • Jérémie Delaitre
  • Stéphanie Delaune
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4855)

Abstract

Security protocols are small programs that are executed in hostile environments. Many results and tools have been developed to formally analyze the security of a protocol. However even when a protocol has been proved secure, there is absolutely no guarantee if the protocol is executed in an environment where other protocols, possibly sharing some common identities and keys like public keys or long-term symmetric keys, are executed.

In this paper, we show that whenever a protocol is secure, it remains secure even in an environment where arbitrary protocols are executed, provided each encryption contains some tag identifying each protocol, like e.g. the name of the protocol.

Keywords

Security Protocol Deduction System Constraint System Security Property Cryptographic Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Needham, R.M.: Prudent engineering practice for cryptographic protocols. IEEE Trans. Software Eng. 22(1), 6–15 (1996)CrossRefGoogle Scholar
  2. 2.
    Amadio, R., Charatonik, W.: On name generation and set-based analysis in the Dolev-Yao model. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 499–514. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  3. 3.
    Andova, S., Cremers, C., Steen, K.G., Mauw, S., lsnes, S.M., Radomirović, S.: Sufficient conditions for composing security protocols. Information and Computation (to appear, 2007)Google Scholar
  4. 4.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: CSFW 2001. Proc. 14th Computer Security Foundations Workshop, pp. 82–96. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  5. 5.
    Blanchet, B., Podelski, A.: Verification of cryptographic protocols: Tagging enforces termination. In: Gordon, A.D. (ed.) ETAPS 2003 and FOSSACS 2003. LNCS, vol. 2620, Springer, Heidelberg (2003)Google Scholar
  6. 6.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: FOCS 2001. Proc. 42nd Annual Symposium on Foundations of Computer Science, Las Vegas (Nevada, USA), pp. 136–145. IEEE Computer Society Press, Los Alamitos (2001)Google Scholar
  7. 7.
    Canetti, R., Meadows, C., Syverson, P.F.: Environmental requirements for authentication protocols. In: Okada, M., Pierce, B.C., Scedrov, A., Tokuda, H., Yonezawa, A. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 339–355. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Comon-Lundh, H., Cortier, V.: Security properties: two agents are sufficient. Science of Computer Programming 50(1-3), 51–71 (2004)MathSciNetzbMATHCrossRefGoogle Scholar
  9. 9.
    Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: LICS 2003. Proc. 18th Annual Symposium on Logic in Comp. Science, pp. 271–280. IEEE Computer Society Press, Los Alamitos (2003)Google Scholar
  10. 10.
    Cortier, V., Delaitre, J., Delaune, S.: Safely composing security protocols. Research Report 6234, INRIA, p. 26(2007)Google Scholar
  11. 11.
    Cortier, V., Zalinescu, E.: Deciding key cycles for security protocols. In: Hermann, M., Voronkov, A. (eds.) LPAR 2006. LNCS (LNAI), vol. 4246, pp. 317–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Datta, A., Derek, A., Mitchell, J.C., Roy, A.: Protocol composition logic (PCL). Electr. Notes Theor. Comput. Sci. 172, 311–358 (2007)MathSciNetCrossRefGoogle Scholar
  13. 13.
    Gong, L., Syverson, P.: Fail-stop protocols: An approach to designing secure protocols. In: Proc. 5th Inter. Working Conference on Dependable Computing for Critical Applications, pp. 44–55 (1995)Google Scholar
  14. 14.
    Guttman, J.D., Thayer, F.J.: Protocol independence through disjoint encryption. In: CSFW 2000. Proc. 13th Computer Security Foundations Workshop, pp. 24–34. IEEE Computer Society Press, Los Alamitos (2000)Google Scholar
  15. 15.
    Kelsey, J., Schneier, B., Wagner, D.: Protocol interactions and the chosen protocol attack. In: Christianson, B., Lomas, M. (eds.) Security Protocols. LNCS, vol. 1361, pp. 91–104. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  17. 17.
    Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: CCS 2001. Proc. 8th ACM Conference on Computer and Communications Security, pp. 166–175. ACM Press, New York (2001)CrossRefGoogle Scholar
  18. 18.
    Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Communication of the ACM 21(12), 993–999 (1978)zbMATHCrossRefGoogle Scholar
  19. 19.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theoretical Comp. Sc. 299, 451–475 (2003)MathSciNetzbMATHCrossRefGoogle Scholar
  20. 20.
    Seidl, H., Verma, K.N.: Flat and one-variable clauses: Complexity of verifying cryptographic protocols with single blind copying. In: Baader, F., Voronkov, A. (eds.) LPAR 2004. LNCS (LNAI), vol. 3452, Springer, Heidelberg (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Véronique Cortier
    • 1
  • Jérémie Delaitre
    • 1
  • Stéphanie Delaune
    • 1
  1. 1.LORIA, CNRS & INRIA, project Cassis, NancyFrance

Personalised recommendations