Abstract
Security protocols are small distributed programs that are designed to ensure security over untrusted networks such as the Internet. They are notoriously dificult to design and flaws can be found several years after their publication and even their deployment. In particular, they are not securely composable in general: two protocols may be secure when analyzed separately but may cause harmful interactions to each other. We explore how tagging protocols allows to securely compose protocols.
The research leading to these results was performed as part of the ProSecure project which is funding by the European Research Council under the European Union’s Seventh Framework Programme (FP7/2007-2013) / ERC grant agreement number 258865.
Chapter PDF
Similar content being viewed by others
References
Abadi, M., Needham, R.M.: Prudent engineering practice for cryptographic protocols. IEEE Trans. Software Eng. 22(1), 6–15 (1996)
Amadio, R., Charatonik, W.: On name generation and set-based analysis in the Dolev-Yao model. In: Brim, L., Jančar, P., Křetínský, M., Kučera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 499–514. Springer, Heidelberg (2002)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The Avispa tool for the automated validation of internet security protocols and ap plications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: Proc. 14th Computer Security Foundations Workshop (CSFW 2001), pp. 82–96. IEEE Comp. Soc. Press, Los Alamitos (2001)
Blanchet, B., Podelski, A.: Verification of cryptographic protocols: Tagging enforces termination. In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 136–152. Springer, Heidelberg (2003)
Canetti, R., Meadows, C., Syverson, P.F.: Environmental requirements for authentication protocols. In: Okada, M., Babu, C. S., Scedrov, A., Tokuda, H. (eds.) ISSS 2002. LNCS, vol. 2609, pp. 339–355. Springer, Heidelberg (2003)
Ciobâcă, Ş., Cortier, V.: Protocol composition for arbitrary primitives. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium (CSF 2010), Edinburgh, Scotland, UK, pp. 322–336. IEEE Computer Society Press, Los Alamitos (July 2010)
Comon-Lundh, H., Cortier, V.: New decidability results for fragments of first-order logic and application to cryptographic protocols. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 148–164. Springer, Heidelberg (2003)
Cortier, V., Delaitre, J., Delaune, S.: Safely composing security protocols. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 352–363. Springer, Heidelberg (2007)
Cremers, C.: Scyther - Semantics and Verification of Security Protocols. Ph.D. dissertation, Eindhoven University of Technology (2006)
Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: Proc. of the Workshop on Formal Methods and Security Protocols (1999)
Kelsey, J., Schneier, B., Wagner, D.: Protocol interactions and the chosen protocol attack. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361, pp. 91–104. Springer, Heidelberg (1998)
Lowe, G.: Casper: A compiler for the analysis of security protocols. In: Proc. 10th Computer Security Foundations Workshop (CSFW 1997). IEEE Comp. Soc. Press, Los Alamitos (1997)
Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theoretical Computer Science 299, 451–475 (2003)
Schneider, S.: Security properties and CSP. In: Proc. of the Symposium on Security and Privacy, Oakland, pp. 174–187. IEEE Computer Society Press, Los Alamitos (1996)
Seidl, H., Verma, K.N.: Flat and one-variable clauses: Complexity of verifying cryptographic protocols with single blind copying. In: Baader, F., Voronkov, A. (eds.) LPAR 2004. LNCS (LNAI), vol. 3452, pp. 79–94. Springer, Heidelberg (2005)
Song, D.X.: Athena: A new efficient automatic checker for security protocol analysis. In: Proc. 12th Computer Security Foundations Workshop (CSFW 1999), Mordano, Italy. IEEE Computer Society Press, Los Alamitos (June 1999)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Cortier, V. (2012). Secure Composition of Protocols. In: Mödersheim, S., Palamidessi, C. (eds) Theory of Security and Applications. TOSCA 2011. Lecture Notes in Computer Science, vol 6993. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27375-9_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-27375-9_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27374-2
Online ISBN: 978-3-642-27375-9
eBook Packages: Computer ScienceComputer Science (R0)