Sessions and Separability in Security Protocols

  • Marco Carbone
  • Joshua D. Guttman
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7796)


Despite much work on sessions and session types in non-adversarial contexts, session-like behavior given an active adversary has not received an adequate definition and proof methods. We provide a syntactic property that guarantees that a protocol has session-respecting executions. Any uncompromised subset of the participants are still guaranteed that their interaction will respect sessions. A protocol transformation turns any protocol into a session-respecting protocol.

We do this via a general theory of separability. Our main theorem applies to different separability requirements, and characterizes when we can separate protocol executions sufficiently to meet a particular requirement. This theorem also gives direct proofs of some old and new protocol composition results. Thus, our theory of separability appears to cover protocol composition and session-like behavior within a uniform framework, and gives a general pattern for reasoning about independence.


Sessions Security Protocols Strand Spaces 


  1. 1.
    Andova, S., Cremers, C., Gjøsteen, K., Mauw, S., Mjølsnes, S., Radomirović, S.: Sufficient conditions for composing security protocols. Information and Computation (2007)Google Scholar
  2. 2.
    Arapinis, M., Delaune, S., Kremer, S.: From One Session to Many: Dynamic Tags for Security Protocols. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS (LNAI), vol. 5330, pp. 128–142. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Hankes Drielsma, P., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Bellare, M., Rogaway, P.: Entity Authentication and Key Distribution. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 232–249. Springer, Heidelberg (1994)CrossRefGoogle Scholar
  5. 5.
    Bhargavan, K., Corin, R., Deniélou, P.-M., Fournet, C., Leifer, J.J.: Cryptographic protocol synthesis and verification for multiparty sessions. In: IEEE Computer Security Foundations Symposium (2009)Google Scholar
  6. 6.
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. Technical Report 2000/067, IACR (October 2001), appeared in FOCS (2001)Google Scholar
  7. 7.
    Canetti, R., Krawczyk, H.: Analysis of Key-Exchange Protocols and Their Use for Building Secure Channels. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 453–474. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  8. 8.
    Ciobâcă, Ş., Cortier, V.: Protocol composition for arbitrary primitives. In: CSF, pp. 322–336. IEEE Computer Society Press (July 2010)Google Scholar
  9. 9.
    Cortier, V., Delaune, S.: Safely composing security protocols. Formal Methods in System Design 34(1), 1–36 (2009)zbMATHCrossRefGoogle Scholar
  10. 10.
    Cortier, V., Warinschi, B., Zălinescu, E.: Synthesizing Secure Protocols. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 406–421. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: A derivation system and compositional logic for security protocols. Journal of Computer Security 13(3), 423–482 (2005)Google Scholar
  12. 12.
    Delaune, S., Kremer, S., Ryan, M.D.: Composition of password-based protocols. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), pp. 239–251. IEEE Computer Society Press (June 2008)Google Scholar
  13. 13.
    Deniélou, P.-M., Yoshida, N.: Dynamic multirole session types. In: POPL, pp. 435–446 (2011)Google Scholar
  14. 14.
    Dilloway, C., Lowe, G.: Specifying secure transport channels. In: CSF, pp. 210–223. IEEE (2008)Google Scholar
  15. 15.
    Dolev, D., Yao, A.: On the security of public-key protocols. IEEE Transactions on Information Theory 29, 198–208 (1983)MathSciNetzbMATHCrossRefGoogle Scholar
  16. 16.
    Groß, T., Modersheim, S.: Vertical protocol composition. In: CSF, pp. 235–250. IEEE (2011)Google Scholar
  17. 17.
    Guttman, J.D.: Security Goals and Protocol Transformations. In: Mödersheim, S., Palamidessi, C. (eds.) TOSCA 2011. LNCS, vol. 6993, pp. 130–147. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. 18.
    Guttman, J.D.: Shapes: Surveying crypto protocol runs. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols. Cryptology and Information Security Series, IOS Press (2011)Google Scholar
  19. 19.
    Guttman, J.D., Thayer, F.J.: Protocol independence through disjoint encryption. In: Computer Security Foundations Workshop. IEEE CS Press (2000)Google Scholar
  20. 20.
    Guttman, J.D., Thayer, F.J.: Authentication tests and the structure of bundles. Theoretical Computer Science 283(2), 333–380 (2002)MathSciNetzbMATHCrossRefGoogle Scholar
  21. 21.
    Honda, K., Vasconcelos, V.T., Kubo, M.: Language Primitives and Type Discipline for Structured Communication-Based Programming. In: Hankin, C. (ed.) ESOP 1998. LNCS, vol. 1381, pp. 122–138. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  22. 22.
    Honda, K., Yoshida, N., Carbone, M.: Multiparty asynchronous session types. In: Proc. of POPL, vol. 43(1), pp. 273–284. ACM (2008)Google Scholar
  23. 23.
    Kamil, A., Lowe, G.: Analysing TLS in the strand spaces model. Journal of Computer Security 19(5), 975–1025 (2011)Google Scholar
  24. 24.
    Küsters, R., Tuengerthal, M.: Composition theorems without pre-established session identifiers. In: CCS, pp. 41–50. ACM (2011)Google Scholar
  25. 25.
    Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  26. 26.
    Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: CCS, pp. 166–175. ACM (2001)Google Scholar
  27. 27.
    Mödersheim, S., Viganò, L.: Secure Pseudonymous Channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 337–354. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  28. 28.
    Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. CACM 21(12) (December 1978)Google Scholar
  29. 29.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions is NP-complete. In: Computer Security Foundations Workshop, pp. 174–187 (2001)Google Scholar
  30. 30.
    Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7(2/3), 191–230 (1999)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Marco Carbone
    • 1
  • Joshua D. Guttman
    • 2
  1. 1.IT University of CopenhagenDenmark
  2. 2.Worcester Polytechnic InstituteUSA

Personalised recommendations