A User Interface for a Game-Based Protocol Verification Tool

  • Peeter Laud
  • Ilja Tšahhirov
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5983)


We present a platform that allows a protocol researcher to specify the sequence of games from an initial protocol to a protocol where the security property under consideration can be shown to hold using “conventional” means. Our tool represents the protocol in the form of a program dependency graph. A step in the sequence corresponds to replacing a local fragment in the current graph. The researcher interacts with the tool by pointing out the location of this fragment and choosing the applied transformation from a list. The tool guarantees the error-freeness of the sequence. By our knowledge, this is the first time where the aspects of user interaction have been seriously considered for a sequence-of-games-based protocol analyzer.


Tame Veri 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M., Corin, R., Fournet, C.: Computational secrecy by typing for the pi calculus. In: Kobayashi, N. (ed.) APLAS 2006. LNCS, vol. 4279, pp. 253–269. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  2. 2.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL 2001, pp. 104–115 (2001)Google Scholar
  3. 3.
    Abadi, M., Jürjens, J.: Formal eavesdropping and its computational interpretation. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 82–94. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  4. 4.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). J. Cryptology 15(2), 103–127 (2002)MATHMathSciNetGoogle Scholar
  5. 5.
    Backes, M., Berg, M., Unruh, D.: A formal language for cryptographic pseudocode. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS (LNAI), vol. 5330, pp. 353–376. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Backes, M., Laud, P.: Computationally sound secrecy proofs by mechanized flow analysis. In: ACM CCS  2006, pp. 370–379 (2006)Google Scholar
  7. 7.
    Backes, M., Pfitzmann, B., Waidner, M.: A composable cryptographic library with nested operations. In: ACM CCS 2003, pp. 220–230 (2003)Google Scholar
  8. 8.
    Ballance, R.A., Maccabe, A.B., Ottenstein, K.J.: The program dependence web: A representation supporting control, data, and demand-driven interpretation of imperative languages. In: PLDI 1990, pp. 257–271 (1990)Google Scholar
  9. 9.
    Barthe, G., Grégoire, B., Béguelin, S.Z.: Formal certification of code-based cryptographic proofs. In: POPL 2009, pp. 90–101 (2009)Google Scholar
  10. 10.
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–535. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  11. 11.
    Bellare, M., Rogaway, P.: The security of triple encryption and a framework for code-based game-playing proofs. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 409–426. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  12. 12.
    Blanchet, B.: A computationally sound mechanized prover for security protocols. In: IEEE S&P 2006, pp. 140–154 (2006)Google Scholar
  13. 13.
    Blanchet, B.: A Computationally Sound Mechanized Prover for Security Protocols. Cryptology ePrint Archive, Report 2005/401 (February 2, 2007)Google Scholar
  14. 14.
    Corin, R., den Hartog, J.: A probabilistic hoare-style logic for game-based cryptographic proofs. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 252–263. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  15. 15.
    Cortier, V., Kremer, S., Küsters, R., Warinschi, B.: Computationally sound symbolic secrecy in the presence of hash functions. In: Arun-Kumar, S., Garg, N. (eds.) FSTTCS 2006. LNCS, vol. 4337, pp. 176–187. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  16. 16.
    Cortier, V., Warinschi, B.: Computationally sound, automated proofs for security protocols. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 157–171. Springer, Heidelberg (2005)Google Scholar
  17. 17.
    Datta, A., Derek, A., Mitchell, J.C., Shmatikov, V., Turuani, M.: Probabilistic polynomial-time semantics for a protocol security logic. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 16–29. Springer, Heidelberg (2005)Google Scholar
  18. 18.
    Datta, A., Derek, A., Mitchell, J.C., Warinschi, B.: Computationally sound compositional logic for key exchange protocols. In: CSFW 2006, pp. 321–334 (2006)Google Scholar
  19. 19.
    Ferrante, J., Ottenstein, K.J., Warren, J.D.: The program dependence graph and its use in optimization. ACM Trans. Program. Lang. Syst. 9(3), 319–349 (1987)MATHCrossRefGoogle Scholar
  20. 20.
    Fournet, C., Rezk, T.: Cryptographically sound implementations for typed information-flow security. In: POPL 2008, pp. 323–335 (2008)Google Scholar
  21. 21.
    Fröhlich, M., Werner, M.: Demonstration of the interactive graph-visualization system vinci. In: Tamassia, R., Tollis, I.G. (eds.) GD 1994. LNCS, vol. 894, pp. 266–269. Springer, Heidelberg (1995)Google Scholar
  22. 22.
    Janvier, R., Lakhnech, Y., Mazaré, L.: Completing the picture: Soundness of formal encryption in the presence of active adversaries. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 172–185. Springer, Heidelberg (2005)Google Scholar
  23. 23.
    Laud, P.: Semantics and program analysis of computationally secure information flow. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 77–91. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  24. 24.
    Laud, P.: Handling encryption in an analysis for secure information flow. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 159–173. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  25. 25.
    Laud, P.: Symmetric encryption in automatic analyses for confidentiality against active adversaries. In: IEEE S&P 2004, pp. 71–85 (2004)Google Scholar
  26. 26.
    Laud, P.: Secrecy types for a simulatable cryptographic library. In: ACM CCS 2005, pp. 26–35 (2005)Google Scholar
  27. 27.
    Laud, P., Vene, V.: A type system for computationally secure information flow. In: Liśkiewicz, M., Reischuk, R. (eds.) FCT 2005. LNCS, vol. 3623, pp. 365–377. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  28. 28.
    Lincoln, P., Mitchell, J.C., Mitchell, M., Scedrov, A.: A probabilistic poly-time framework for protocol analysis. In: ACM CCS 1998, pp. 112–121 (1998)Google Scholar
  29. 29.
    Micciancio, D., Warinschi, B.: Soundness of formal encryption in the presence of active adversaries. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 133–151. Springer, Heidelberg (2004)Google Scholar
  30. 30.
    Nowak, D.: A framework for game-based security proofs. In: Qing, S., Imai, H., Wang, G. (eds.) ICICS 2007. LNCS, vol. 4861, pp. 319–333. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  31. 31.
    Pingali, K., Beck, M., Johnson, R., Moudgill, M., Stodghill, P.: Dependence flow graphs: An algebraic approach to program dependencies. In: POPL 1991, pp. 67–78 (1991)Google Scholar
  32. 32.
    Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004), http://eprint.iacr.org/
  33. 33.
    Smith, G.: Secure information flow with random assignment and encryption. In: FMSE 2006, pp. 33–44 (2006)Google Scholar
  34. 34.
    Sprenger, C., Backes, M., Basin, D.A., Pfitzmann, B., Waidner, M.: Cryptographically sound theorem proving. In: CSFW 2006, pp. 153–166 (2006)Google Scholar
  35. 35.
    Sprenger, C., Basin, D.A.: Cryptographically-sound protocol-model abstractions. In: CSF 2008, pp. 115–129 (2008)Google Scholar
  36. 36.
    Tšahhirov, I.: Security Protocols Analysis in the Computational Model — Dependency Flow Graphs-Based Approach. PhD thesis, Tallinn University of Technology (2008)Google Scholar
  37. 37.
    Tšahhirov, I., Laud, P.: Application of dependency graphs to security protocol analysis. In: Barthe, G., Fournet, C. (eds.) TGC 2007 and FODO 2008. LNCS, vol. 4912, pp. 294–311. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  38. 38.
  39. 39.
    Volpano, D.M.: Secure introduction of one-way functions. In: CSFW 2000, pp. 246–254 (2000)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Peeter Laud
    • 1
  • Ilja Tšahhirov
    • 2
  1. 1.Cybernetica AS and Tartu University 
  2. 2.Institute of Cybernetics at Tallinn University of Technology 

Personalised recommendations