Cryptographically-Masked Flows

  • Aslan Askarov
  • Daniel Hedin
  • Andrei Sabelfeld
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4134)


Cryptographic operations are essential for many security-critical systems. Reasoning about information flow in such systems is challenging because typical (noninterference-based) information-flow definitions allow no flow from secret to public data. Unfortunately, this implies that programs with encryption are ruled out because encrypted output depends on secret inputs: the plaintext and the key. However, it is desirable to allow flows arising from encryption with secret keys provided that the underlying cryptographic algorithm is strong enough. In this paper we conservatively extend the noninterference definition to allow safe encryption, decryption, and key generation. To illustrate the usefulness of this approach, we propose (and implement) a type system that guarantees noninterference for a small imperative language with primitive cryptographic operations. The type system prevents dangerous program behavior (e.g., giving away a secret key or confusing keys and non-keys), which we exemplify with secure implementations of cryptographic protocols. Because the model is based on a standard noninterference property, it allows us to develop some natural extensions. In particular, we consider public-key cryptography and integrity, which accommodate reasoning about primitives that are vulnerable to chosen-ciphertext attacks.


Encryption Scheme Security Level Cryptographic Protocol Cryptographic Primitive Cryptographic Operation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M.: Secrecy by typing in security protocols. J. ACM 46(5), 749–786 (1999)CrossRefMathSciNetMATHGoogle Scholar
  2. 2.
    Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). J. of Cryptology 15(2), 103–127 (2002)MathSciNetMATHGoogle Scholar
  3. 3.
    Askarov, A., Hedin, D., Sabelfeld, A.: Cryptographically-masked flows. Technical report, Chalmers University of Technology (June 2006), located at:
  4. 4.
    Askarov, A., Sabelfeld, A.: Security-typed languages for implementation of cryptographic protocols: A case study. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 197–221. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  5. 5.
    Bellare, M., Desai, A., Pointcheval, D., Rogaway, P.: Relations among notions of security for public-key encryption schemes. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 26–46. Springer, Heidelberg (1998)Google Scholar
  6. 6.
    Bellare, M., Namprempre, C.: Authenticated encryption: Relations among notions and analysis of the generic composition paradigm. In: Okamoto, T. (ed.) ASIACRYPT 2000. LNCS, vol. 1976, pp. 531–545. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Black, J., Rogaway, P., Shrimpton, T.: Encryption-scheme security in the presence of key-dependent messages. In: Nyberg, K., Heys, H.M. (eds.) SAC 2002. LNCS, vol. 2595, pp. 62–75. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Burrows, M., Abadi, M., Needham, R.: A logic of authentication. ACM Transactions on Computer Systems 8(1), 18–36 (1990)CrossRefGoogle Scholar
  9. 9.
    Chong, S., Myers, A.C.: Security policies for downgrading. In: ACM Conference on Computer and Communications Security, pp. 198–209 (October 2004)Google Scholar
  10. 10.
    Chothia, T., Duggan, D., Vitek, J.: Type-based distributed access control. In: Proc. IEEE Computer Security Foundations Workshop, pp. 170–186 (2003)Google Scholar
  11. 11.
    Cohen, E.S.: Information transmission in sequential programs. In: DeMillo, R.A., Dobkin, D.P., Jones, A.K., Lipton, R.J. (eds.) Foundations of Secure Computation, pp. 297–335. Academic Press, London (1978)Google Scholar
  12. 12.
    Dam, M., Giambiagi, P.: Confidentiality for mobile code: The case of a simple payment protocol. In: Proc. IEEE Computer Security Foundations Workshop, pp. 233–244 (July 2000)Google Scholar
  13. 13.
    Denning, D.E., Denning, P.J.: Certification of programs for secure information flow. Comm. of the ACM 20(7), 504–513 (1977)CrossRefMATHGoogle Scholar
  14. 14.
    Duggan, D.: Cryptographic types. In: Proc. IEEE Computer Security Foundations Workshop, pp. 238–252 (June 2002)Google Scholar
  15. 15.
    Giambiagi, P., Dam, M.: On the secure implementation of security protocols. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 144–158. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  16. 16.
    Goguen, J.A., Meseguer, J.: Security policies and security models. In: Proc. IEEE Symp. on Security and Privacy, pp. 11–20 (April 1982)Google Scholar
  17. 17.
    Goldwasser, S., Micali, S.: Probabilistic encryption. Journal of Computer and System Sciences 28, 270–299 (1984)CrossRefMathSciNetMATHGoogle Scholar
  18. 18.
    Gordon, A., Jeffrey, A.: Secrecy despite compromise: Types, cryptography, and the pi-calculus. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 186–201. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Hicks, B., King, D., McDaniel, P.: Declassification with cryptographic functions in a security-typed language. Technical Report NAS-TR-0004-2005, Network and Security Center, Department of Computer Science, Pennsylvania State University (May 2005)Google Scholar
  20. 20.
    Laud, P.: Semantics and program analysis of computationally secure information flow. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 77–91. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Laud, P.: Handling encryption in an analysis for secure information flow. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 159–173. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  22. 22.
    Laud, P., Vene, V.: A type system for computationally secure information flow. In: Liśkiewicz, M., Reischuk, R. (eds.) FCT 2005. LNCS, vol. 3623, pp. 365–377. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  23. 23.
    Lincoln, P., Mitchell, J.C., Mitchell, M., Scedrov, A.: A probabilistic poly-time framework for protocol analysis. In: ACM Conference on Computer and Communications Security, pp. 112–121 (November 1998)Google Scholar
  24. 24.
    McCullough, D.: Noninterference and the composability of security properties. In: Proc. IEEE Symp. on Security and Privacy, pp. 177–186 (May 1988)Google Scholar
  25. 25.
    Mitchell, J.C.: Probabilistic polynomial-time process calculus and security protocol analysis. In: Sands, D. (ed.) ESOP 2001. LNCS, vol. 2028, pp. 23–29. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  26. 26.
    Myers, A.C., Sabelfeld, A., Zdancewic, S.: Enforcing robust declassification and qualified robustness. J. Computer Security (to appear, 2006)Google Scholar
  27. 27.
    Sabelfeld, A., Myers, A.C.: Language-based information-flow security. IEEE J. Selected Areas in Communications 21(1), 5–19 (2003)CrossRefGoogle Scholar
  28. 28.
    Sabelfeld, A., Myers, A.C.: A model for delimited information release. In: Futatsugi, K., Mizoguchi, F., Yonezaki, N. (eds.) ISSS 2003. LNCS, vol. 3233, pp. 174–191. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  29. 29.
    Sabelfeld, A., Sands, D.: Dimensions and principles of declassification. In: Proc. IEEE Computer Security Foundations Workshop, pp. 255–269 (June 2005)Google Scholar
  30. 30.
    Shannon, C.E.: A mathematical theory of communication. Bell System Tech. J. 27, 623–656 (1948)MathSciNetGoogle Scholar
  31. 31.
    Sumii, E., Pierce, B.: Logical relations for encryption. In: Proc. IEEE Computer Security Foundations Workshop, pp. 256–269 (June 2001)Google Scholar
  32. 32.
    Volpano, D.: Secure introduction of one-way functions. In: Proc. IEEE Computer Security Foundations Workshop, pp. 246–254 (July 2000)Google Scholar
  33. 33.
    Volpano, D., Smith, G.: Verifying secrets and relative secrecy. In: Proc. ACM Symp. on Principles of Programming Languages, pp. 268–276 (January 2000)Google Scholar
  34. 34.
    Volpano, D., Smith, G., Irvine, C.: A sound type system for secure flow analysis. J. Computer Security 4(3), 167–187 (1996)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Aslan Askarov
    • 1
  • Daniel Hedin
    • 1
  • Andrei Sabelfeld
    • 1
  1. 1.Department of Computer Science and EngineeringChalmers University of TechnologyGöteborgSweden

Personalised recommendations