Abstract
Type systems are effective tools for verifying the security of cryptographic protocols and implementations. They provide automation, modularity and scalability, and have been applied to large protocols. In this tutorial, we illustrate the use of types for verifying authenticity properties, first using a symbolic model of cryptography, then relying on a concrete computational assumption.
-
1
We introduce refinement types (that is, types carrying formulas to record invariants) for programs written in F# and verified by F7, an SMT-based type checker.
-
2
We describe a sample authenticated RPC protocol, we implement it in F#, and we specify its security against active adversaries.
-
3
We develop a sample symbolic library, we present its main cryptographic invariants, and we show that our RPC implementation is perfectly secure when linked to this symbolic library.
-
4
We implement the same library using concrete cryptographic primitives, we make a standard computational assumption, and we show that our RPC implementation is also secure with overwhelming probability when linked to this concrete library.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Blanchet, B.: Analyzing security protocols with secrecy types and logic programs. JACM 52(1), 102–146 (2005)
Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Information and Computation 148, 1–70 (1999)
Acar, T., Fournet, C., Shumow, D.: DKM: Design and verification of a crypto-agile distributed key manager (2011), http://research.microsoft.com/en-us/um/people/fournet/dkm/
Aizatulin, M., Gordon, A.D., Jürjens, J.: Extracting and verifying cryptographic models from C protocol code by symbolic execution (in submission, 2011)
Albrecht, M., Paterson, K., Watson, G.: Plaintext recovery attacks against SSH. In: 2009 30th IEEE Symposium on Security and Privacy, pp. 16–26 (May 2009)
Backes, M., Maffei, M., Unruh, D.: Computationally sound verification of source code. In: ACM CCS, pp. 387–398 (2010)
Backes, M., Hriţcu, C., Maffei, M.: Union and intersection types for secure protocol implementations. In: TOSCA (2011)
Baltopoulos, I., Gordon, A.D.: Secure compilation of a multi-tier web language. In: ACM SIGPLAN Workshop on Types in Language Design and Implementation (TLDI 2009), pp. 27–38 (2009)
Baltopoulos, I., Borgström, J., Gordon, A.D.: Maintaining database integrity with refinement types. In: ECOOP 2011 (2011)
Bellare, M., Rogaway, P.: Introduction to modern cryptography. In: UCSD CSE 207 Course Notes (2005)
Bellare, M., Canetti, R., Krawczyk, H.: Keying hash functions for message authentication. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 1–15. Springer, Heidelberg (1996)
Bhargavan, K., Fournet, C., Gordon, A.D., Swamy, N.: Verified implementations of the Information Card federated identity-management protocol. In: Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS 2008), pp. 123–135. ACM Press, New York (2008)
Bhargavan, K., Fournet, C., Gordon, A.D., Tse, S.: Verified interoperable implementations of security protocols. ACM TOPLAS 31, 5:1–5:61 (2008)
Bhargavan, K., Corin, R., Deniélou, P.-M., Fournet, C., Leifer, J.J.: Cryptographic protocol synthesis and verification for multiparty sessions. In: CSF, pp. 124–140. IEEE Computer Society, Los Alamitos (2009)
Bhargavan, K., Corin, R., Deniélou, P.-M., Fournet, C., Leifer, J.J.: Cryptographic protocol synthesis and verification for multiparty sessions. In: 22nd IEEE Computer Security Foundations Symposium (CSF 2009), pp. 124–140. IEEE Computer Society, Los Alamitos (2009)
Bhargavan, K., Fournet, C., Gordon, A.D.: Modular verification of security protocol code by typing. In: ACM Symposium on Principles of Programming Languages (POPL 2010), pp. 445–456 (2010)
Bleichenbacher, D.: Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS #1. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 1–12. Springer, Heidelberg (1998)
Borgström, J., Gordon, A.D., Pucella, R.: Roles, stacks, histories: A triple for Hoare. Journal of Functional Programming 21(2), 159–207 (2011)
Cervesato, I., Jaggard, A.D., Scedrov, A., Tsay, J.-K., Walstad, C.: Breaking and fixing public-key Kerberos. Information and Computation 206(2-4), 402–424 (2008)
Chaki, S., Datta, A.: ASPIER: An automated framework for verifying security protocol implementations. In: IEEE Computer Security Foundations Symposium, pp. 172–185 (2009)
Cohen, E., Dahlweid, M., Hillebrand, M.A., Leinenbach, D., Moskal, M., Santen, T., Schulte, W., Tobies, S.: VCC: A practical system for verifying concurrent C. In: Berghofer, S., Nipkow, T., Urban, C., Wenzel, M. (eds.) TPHOLs 2009. LNCS, vol. 5674, pp. 23–42. Springer, Heidelberg (2009)
Corin, R., Manzano, F.A.: Efficient symbolic execution for analysing cryptographic protocol implementations. In: Erlingsson, Ú., Wieringa, R., Zannone, N. (eds.) ESSoS 2011. LNCS, vol. 6542, pp. 58–72. Springer, Heidelberg (2011)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(2), 198–208 (1983)
Dupressoir, F., Gordon, A., Jürjens, J., Naumann, D.: Guiding a general-purpose C verifier to prove cryptographic protocols. In: 24th IEEE Computer Security Foundations Symposium (to appear, 2011)
Eastlake, D., Jones, P.: US Secure Hash Algorithm 1 (SHA1). RFC 3174 (2001)
Fournet, C., Kohlweiss, M., Strub, P.-Y.: Modular code-based cryptographic verification. Technical report, sample code, and formal proofs (2011), http://research.microsoft.com/~fournet/comp-f7/
Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attack. SIAM Journal on Computing 17(2), 281–308 (1988)
Gordon, A.D., Fournet, C.: Principles and applications of refinement types. In: Esparza, J., Spanfelner, B., Grumberg, O. (eds.) Logics and Languages for Reliability and Security. IOS Press, Amsterdam (2010); Available as Microsoft Research Technical Report MSR–TR–2009–147
Goubault-Larrecq, J., Parrennes, F.: Cryptographic protocol analysis on real C code. In: Cousot, R. (ed.) VMCAI 2005. LNCS, vol. 3385, pp. 363–379. Springer, Heidelberg (2005)
Guts, N., Fournet, C., Zappa Nardelli, F.: Reliable evidence: Auditability by typing. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 168–183. Springer, Heidelberg (2009)
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-hashing for message authentication. RFC 2104 (1997)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Milner, R.: Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, Cambridge (1999)
Needham, R., Schroeder, M.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)
Pironti, A., Jürjens, J.: Formally-based black-box monitoring of security protocols. In: Massacci, F., Wallach, D., Zannone, N. (eds.) ESSoS 2010. LNCS, vol. 5965, pp. 79–95. Springer, Heidelberg (2010)
Swamy, N., Chen, J., Chugh, R.: Enforcing stateful authorization and information flow policies in fine. In: Gordon, A.D. (ed.) ESOP 2010. LNCS, vol. 6012, pp. 529–549. Springer, Heidelberg (2010)
Swamy, N., Chen, J., Fournet, C., Strub, P.-Y., Bhargavan, K., Yang, J.: Secure distributed programming with value-dependent types. In: International Conference on Functional Programming, ICFP 2011 (to appear, 2011)
Vaudenay, S.: Security flaws induced by CBC padding - applications to SSL, IPSEC, WTLS... In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 534–545. Springer, Heidelberg (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Fournet, C., Bhargavan, K., Gordon, A.D. (2011). Cryptographic Verification by Typing for a Sample Protocol Implementation. In: Aldini, A., Gorrieri, R. (eds) Foundations of Security Analysis and Design VI. FOSAD 2011. Lecture Notes in Computer Science, vol 6858. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23082-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-642-23082-0_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23081-3
Online ISBN: 978-3-642-23082-0
eBook Packages: Computer ScienceComputer Science (R0)