Formal Verification of the mERA-Based eServices with Trusted Third Party Protocol

  • Maria Christofi
  • Aline Gouget
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 376)


Internet services such as online banking, social networking and other web services require identification and authentication means. The European Citizen card can be used to provide a privacy-preserving authentication for Internet services enabling e.g. an anonymous age verification or other forms of anonymous attribute verification. The Modular Enhanced Symmetric Role Authentication (mERA) - based eServices with trusted third party protocol is a privacy-preserving protocol based on eID card recently standardized at CEN TC224 WG16. In this paper, we provide a formal analysis of its security by verifying formally several properties, such as secrecy, message authentication, unlinkability, as well as its liveness property. In the course of this verification, we obtain positive results about this protocol. We implement this verification with the ProVerif tool.


privacy authentication mERA formal verification cryptographic protocol ProVerif 


  1. 1.
    Abadi, M., Blanchet, B.: Computer-assisted verification of a protocol for certified email. Sci. Comput. Program. 58(1-2), 3–27 (2005)MathSciNetMATHCrossRefGoogle Scholar
  2. 2.
    Abadi, M., Blanchet, B., Fournet, C.: Just fast keying in the pi calculus. ACM Trans. Inf. Syst. Secur. 10(3) (2007)Google Scholar
  3. 3.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL, pp. 104–115 (2001)Google Scholar
  4. 4.
    ANTS, Gemalto, Oberthur Technologies, and Safran Morpho. Access to e-services with privacy-preserving credentials. Technical Report (August 10, 2011),
  5. 5.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  6. 6.
    Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium, CSF 2008, Pittsburgh, Pennsylvania, June 23-25, pp. 195–209. IEEE Computer Society (2008)Google Scholar
  7. 7.
    Blanchet, B.: From Secrecy to Authenticity in Security Protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 342–359. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  8. 8.
    Dolev, D., Yao, A.C.-C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)MathSciNetMATHCrossRefGoogle Scholar
  9. 9.
    Krawczyk, H.: SKEME: a versatile secure key exchange mechanism for Internet. In: Symposium on Network and Distributed System Security, p. 114 (1996)Google Scholar
  10. 10.
    Kremer, S., Ryan, M.: Analysis of an Electronic Voting Protocol in the Applied Pi Calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  11. 11.
    Pfitzmann, A., Köhntopp, M.: Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology. In: Federrath, H. (ed.) Anonymity 2000. LNCS, vol. 2009, pp. 1–9. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    CEN/TC224 prEN 14890-1:2008. Application interface for smart cards used as secure signature creation devices (2008)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Maria Christofi
    • 1
    • 2
  • Aline Gouget
    • 1
  1. 1.GemaltoMeudon sur SeineFrance
  2. 2.Versailles Saint-Quentin-en-Yvelines UniversityFrance

Personalised recommendations