Skip to main content
SpringerLink
Log in

Symbolic Analysis of Identity-Based Protocols

  • Chapter
  • First Online:
Foundations of Security, Protocols, and Equational Reasoning

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11565))

Abstract

We show how the Tamarin tool can be used to model and reason about security protocols using identity-based cryptography, including identity-based encryption and signatures. Although such protocols involve rather different primitives than conventional public-key cryptography, we illustrate how suitable abstractions and Tamarin ’s support for equational theories can be used to model and analyze realistic industry protocols, either finding flaws or gaining confidence in their security with respect to different classes of adversaries.

Technically, we propose two models of identity-based cryptography. First, we formalize an abstract model, based on simple equations, in which verification of realistic protocols is feasible. Second, we formalize a more precise model, leveraging Tamarin ’s support for bilinear pairing and exclusive-or. This model is much closer to practical realizations of identity-based cryptography, but deduction is substantially more complex. Along the way, we point out the limits of precise modeling and highlight challenges in providing support for equational reasoning. We also evaluate our models on an industrial protocol where we find and fix flaws.

This work was done while the second author was also at ETH Zurich.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    There are settings where key escrow may be desirable or even required, for example due to legal reasons. In such cases, identity-based cryptography fits perfectly.

  2. 2.

    In general, bilinear pairings can take values in two different groups, provided that they are of the same order. For simplicity and because our formal model will eventually require it, we only present bilinear pairing taking values in the same group.

  3. 3.

    denotes a variable that can be instantiated by any public constant.

  4. 4.

    We also checked that all authentication properties fail in the presence of signing key reveals but when the master private key of AUTH-PKG is not revealed. This result is as expected since one cannot then rely on signatures to authenticate agents.

References

  1. Tamarin Manual. https://tamarin-prover.github.io/manual/

  2. Baek, J., Newmarch, J., Safavi-Naini, R., Susilo, W.: A survey of identity-based cryptography. In: Proceedings of Australian Unix Users Group Annual Conference, pp. 95–102 (2004)

    Google Scholar 

  3. Basin, D., Cremers, C.: Modeling and analyzing security in the presence of compromising adversaries. In: Gritzalis, D., Preneel, B., Theoharidou, M. (eds.) ESORICS 2010. LNCS, vol. 6345, pp. 340–356. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-15497-3_21

    Chapter  Google Scholar 

  4. Basin, D., Cremers, C.: Know your enemy: compromising adversaries in protocol analysis. ACM Trans. Inf. Syst. Secur. 17(2), 7:1–7:31 (2014)

    Article  Google Scholar 

  5. Basin, D., Cremers, C., Meadows, C.: Model checking security protocols. Handbook of Model Checking, pp. 727–762. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-10575-8_22

    Chapter  MATH  Google Scholar 

  6. Basin, D., Dreier, J., Hirschi, L., Radomirović, S., Sasse, R., Stettler, V.: A formal analysis of 5G authentication. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, CCS 2018, pp. 1383–1396. ACM, New York (2018)

    Google Scholar 

  7. Basin, D., Dreier, J., Sasse, R.: Automated symbolic proofs of observational equivalence. In: Ray, I., Li, N., Kruegel, C. (eds.) Proceedings of the 2015 ACM SIGSAC Conference on Computer and Communications Security, pp. 1144–1155. ACM (2015)

    Google Scholar 

  8. Basin, D., Hirschi, L., Sasse, R.: Case study Tamarin models (2019). https://github.com/tamarin-prover/tamarin-prover/tree/develop/examples/idbased. Accessed 05 Mar 2019

  9. Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 213–229. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44647-8_13

    Chapter  Google Scholar 

  10. Choon, J.C., Hee Cheon, J.: An identity-based signature from gap Diffie-Hellman groups. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 18–30. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36288-6_2

    Chapter  Google Scholar 

  11. Clavel, M., et al.: All About Maude-A High-Performance Logical Framework: How to Specify, Program and Verify Systems in Rewriting Logic, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1

    Book  MATH  Google Scholar 

  12. Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1773–1788. ACM (2017)

    Google Scholar 

  13. Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  Google Scholar 

  14. Dowling, B., Fischlin, M., Günther, F., Stebila, D.: A cryptographic analysis of the TLS 1.3 handshake protocol candidates. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 1197–1210. ACM (2015)

    Google Scholar 

  15. Dreier, J., Hirschi, L., Radomirović, S., Sasse, R.: Automated unbounded verification of stateful cryptographic protocols with exclusive OR. In: 31st IEEE Computer Security Foundations Symposium, CSF 2018, Oxford, United Kingdom, 9–12 July 2018, pp. 359–373. IEEE Computer Society (2018)

    Google Scholar 

  16. Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theor. Comput. Sci. 367(1–2), 162–202 (2006)

    Article  MathSciNet  Google Scholar 

  17. Fiat, A., Shamir, A.: How to prove yourself: practical solutions to identification and signature problems. In: Odlyzko, A.M. (ed.) CRYPTO 1986. LNCS, vol. 263, pp. 186–194. Springer, Heidelberg (1987). https://doi.org/10.1007/3-540-47721-7_12

    Chapter  Google Scholar 

  18. Longley, D., Rigby, S.: An automatic search for security flaws in key management schemes. Comput. Secur. 11(1), 75–89 (1992)

    Article  Google Scholar 

  19. Meadows, C.: The NRL protocol analyzer: an overview. J. Log. Program. 26(2), 113–131 (1996)

    Article  Google Scholar 

  20. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

  21. Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proceedings of the 8th ACM Conference on Computer and Communications Security, pp. 166–175. ACM (2001)

    Google Scholar 

  22. Millen, J.K., Clark, S.C., Freedman, S.B.: The interrogator: protocol security analysis. IEEE Trans. Softw. Eng. 13(2), 274–288 (1987)

    Article  Google Scholar 

  23. Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: Proceedings of the 25th IEEE Computer Security Foundations Symposium (CSF), pp. 78–94 (2012)

    Google Scholar 

  24. Schmidt, B., Sasse, R., Cremers, C., Basin, D.: Automated verification of group key agreement protocols. In: 2014 IEEE Symposium on Security and Privacy, SP 2014, Berkeley, CA, USA, 18–21 May 2014, pp. 179–194. IEEE Computer Society (2014)

    Google Scholar 

  25. Shamir, A.: Identity-based cryptosystems and signature schemes. In: Blakley, G.R., Chaum, D. (eds.) CRYPTO 1984. LNCS, vol. 196, pp. 47–53. Springer, Heidelberg (1985). https://doi.org/10.1007/3-540-39568-7_5

    Chapter  Google Scholar 

  26. Syverson, P.F., Meadows, C.: A formal language for cryptographic protocol requirements. Des. Codes Crypt. 7(1–2), 27–59 (1996)

    MathSciNet  MATH  Google Scholar 

Download references

Acknowledgments

The authors thank Huawei Singapore Research Center for their support for parts of this research.

Author information

Authors and Affiliations

  1. Department of Computer Science, ETH Zurich, Zurich, Switzerland

    David Basin & Ralf Sasse

  2. Inria & LORIA, Nancy, France

    Lucca Hirschi

Authors
  1. David Basin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lucca Hirschi
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ralf Sasse
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ralf Sasse .

Editor information

Editors and Affiliations

  1. Worcester Polytechnic Institute, Worcester, MA, USA

    Joshua D. Guttman

  2. George Washington University, Washington, DC, USA

    Carl E. Landwehr

  3. University of Illinois, Urbana, IL, USA

    José Meseguer

  4. University of Hawai'i, Honolulu, HI, USA

    Dusko Pavlovic

Additional information

Dedicated to Catherine Meadows on her 65th Birthday.

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Basin, D., Hirschi, L., Sasse, R. (2019). Symbolic Analysis of Identity-Based Protocols. In: Guttman, J., Landwehr, C., Meseguer, J., Pavlovic, D. (eds) Foundations of Security, Protocols, and Equational Reasoning. Lecture Notes in Computer Science(), vol 11565. Springer, Cham. https://doi.org/10.1007/978-3-030-19052-1_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-19052-1_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-19051-4

  • Online ISBN: 978-3-030-19052-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation