Advertisement

Computational Soundness Results for Stateful Applied \(\pi \) Calculus

  • Jianxiong Shao
  • Yu QinEmail author
  • Dengguo Feng
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9635)

Abstract

In recent years, many researches have been done to establish symbolic models of stateful protocols. Two works among them, the SAPIC tool and StatVerif tool, provide a high-level specification language and an automated analysis. Their language, the stateful applied \(\pi \) calculus, is extended from the applied \(\pi \) calculus by defining explicit state constructs. Symbolic abstractions of cryptography used in it make the analysis amenable to automation. However, this might overlook the attacks based on the algebraic properties of the cryptographic algorithms. In our paper, we establish the computational soundness results for stateful applied \(\pi \) calculus used in SAPIC tool and StatVerif tool.

In our approach, we build our results on the CoSP framework. For SAPIC, we embed the non-monotonic protocol states into the CoSP protocols, and prove that the resulting CoSP protocols are efficient. Through the embedding, we provide the computational soundness result for SAPIC (by Theorem 1). For StatVerif, we encode the StatVerif process into a subset of SAPIC process, and obtain the computational soundness result for StatVerif (by Theorem 2). Our encoding shows the differences between the semantics of the two languages. Our work inherits the modularity of CoSP, which allows for easily extending the proofs to specific cryptographic primitives. Thus we establish a computationally sound automated verification result for the input languages of SAPIC and StatVerif that use public-key encryption and signatures (by Theorem 3).

Keywords

Computational soundness Applied \(\pi \) calculus Stateful protocols 

References

  1. 1.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: 2001 Proceedings of the 14th IEEE Computer Security Foundations Workshopp, pp. 82–96 (2001)Google Scholar
  2. 2.
    Armando, A., et al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007/2008/2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, SFCS 1981, pp. 350–357. IEEE Computer Society, Washington, DC (1981)Google Scholar
  5. 5.
    Even, S., Goldreich, O.: On the security of multi-party ping-pong protocols. In: 24th Annual Symposium on Foundations of Computer Science, pp. 34–39, November 1983Google Scholar
  6. 6.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography. In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 3–22. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Janvier, R., Lakhnech, Y., Mazaré, L.: Completing the picture: soundness of formal encryption in the presence of active adversaries. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 172–185. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  8. 8.
    Micciancio, D., Warinschi, B.: Soundness of formal encryption in the presence of active adversaries. In: Naor, M. (ed.) TCC 2004. LNCS, vol. 2951, pp. 133–151. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Cortier, V., Warinschi, B.: Computationally sound, automated proofs for security protocols. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 157–171. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  10. 10.
    Cortier, V., Kremer, S., Küsters, R., Warinschi, B.: Computationally sound symbolic secrecy in the presence of hash functions. In: Arun-Kumar, S., Garg, N. (eds.) FSTTCS 2006. LNCS, vol. 4337, pp. 176–187. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Backes, M., Hofheinz, D., Unruh, D.: CoSP: a general framework for computational soundness proofs. In: Proceedings of the 16th ACM Conference on Computer and Communications Security, CCS 2009, pp. 66–78. ACM, New York (2009)Google Scholar
  12. 12.
    Backes, M., Bendun, F., Unruh, D.: Computational soundness of symbolic zero-knowledge proofs: weaker assumptions and mechanized verification. In: Basin, D., Mitchell, J.C. (eds.) POST 2013 (ETAPS 2013). LNCS, vol. 7796, pp. 206–225. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. 13.
    Cortier, V., Warinschi, B.: A composable computational soundness notion. In: Proceedings of the 18th ACM Conference on Computer and Communications Security, CCS 2011, pp. 63–74. ACM, New York (2011)Google Scholar
  14. 14.
    Böhl, F., Cortier, V., Warinschi, B.: Deduction soundness: prove one, get five for free. In: Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, CCS 2013, pp. 1261–1272. ACM, New York (2013)Google Scholar
  15. 15.
    Backes, M., Malik, A., Unruh, D.: Computational soundness without protocol restrictions. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, CCS 2012, pp. 699–711. ACM, New York (2012)Google Scholar
  16. 16.
    Arapinis, M., Liu, J., Ritter, E., Ryan, M.: Stateful applied Pi Calculus. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 22–41. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  17. 17.
    Guttman, J.D.: State and progress in strand spaces: proving fair exchange. J. Autom. Reason. 48, 159–195 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: 2012 IEEE 25th Computer Security Foundations Symposium (CSF), pp. 78–94, June 2012Google Scholar
  19. 19.
    Delaune, S., Kremer, S., Ryan, M.D., Steel, G.: Formal analysis of protocols based on TPM state registers. In: Proceedings of the 2011 IEEE 24th Computer Security Foundations Symposium, CSF 2011, pp. 66–80. IEEE Computer Society, Washington, DC (2011)Google Scholar
  20. 20.
    Kremer, S., Künnemann, R.: Automated analysis of security protocols with global state. In: Proceedings of the 35th IEEE Symposium on Security and Privacy, SP 2014. IEEE Computer Society, Washington (2014)Google Scholar
  21. 21.
    Arapinis, M., Ritter, E., Ryan, M.D.: StatVerif: verification of stateful processes. In: 2011 IEEE 24th Computer Security Foundations Symposium (CSF), pp. 33–47, June 2011Google Scholar
  22. 22.
    Mödersheim, S.A.: Abstraction by set-membership: verifying security protocols and web services with databases. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 351–360. ACM, New York (2010)Google Scholar
  23. 23.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages, vol. 36, pp. 104–115, January 2001Google Scholar
  24. 24.
    Backes, M., Mohammadi, E., Ruffing, T.: Computational soundness results for ProVerif: bridging the gap from trace properties to uniformity. In: Abadi, M., Kremer, S. (eds.) POST 2014 (ETAPS 2014). LNCS, vol. 8414, pp. 42–62. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  25. 25.
    Backes, M., Maffei, M., Unruh, D.: Computationally sound verification of source code. In: Proceedings of the 17th ACM Conference on Computer and Communications Security, CCS 2010, pp. 387–398. ACM, New York (2010)Google Scholar
  26. 26.
    Shao, J., Qin, Y., Feng, D.: Computational Soundness Results for Stateful Applied \(\pi \) Calculus. http://arxiv.org/abs/1601.00363

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  1. 1.Trusted Computing and Information Assurance Laboratory, Institute of SoftwareChinese Academy of SciencesBeijingChina

Personalised recommendations