Privacy Compliance Verification in Cryptographic Protocols

  • Suriadi Suriadi
  • Chun Ouyang
  • Ernest Foo
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7400)


To provide privacy protection, cryptographic primitives are frequently applied to communication protocols in an open environment (e.g. the Internet). We call these protocols privacy enhancing protocols (PEPs) which constitute a class of cryptographic protocols. Proof of the security properties, in terms of the privacy compliance, of PEPs is desirable before they can be deployed. However, the traditional provable security approach, though well-established for proving the security of cryptographic primitives, is not applicable to PEPs. We apply the formal language of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various privacy properties of PIEMCP using state space analysis techniques. This investigation provides insights into the modelling and analysis of PEPs in general, and demonstrates the benefit of applying a CPN-based formal approach to the privacy compliance verification of PEPs.


Trusted Platform Module Cryptographic Protocol Attack Scenario Cryptographic Primitive Computational Tree Logic 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    van der Aalst, W.: Pi calculus versus Petri nets: Let us eat humble pie rather than further inflate the Pi hype. BPTrends, 1–11 (May 2005)Google Scholar
  2. 2.
    Al-Azzoni, I., Down, D.G., Khedri, R.: Modeling and verification of cryptographic protocols using Coloured Petri nets and Design/CPN. Nordic Journal of Computing 12(3), 201–228 (2005)MathSciNetzbMATHGoogle Scholar
  3. 3.
    Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied Pi-calculus and automated verification of the direct anonymous attestation protocol. In: IEEE Symposium on Security and Privacy, pp. 202–215 (May 2008)Google Scholar
  4. 4.
    Baeten, J.C.M.: A brief history of process algebra. Theor. Comput. Sci. 335(2-3), 131–146 (2005)MathSciNetzbMATHCrossRefGoogle Scholar
  5. 5.
    Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS, pp. 62–73 (1993)Google Scholar
  6. 6.
    Billington, J., Han, B.: Modelling and analysing the functional behaviour of TCP’s connection management procedures. STTT 9(3-4), 269–304 (2007)CrossRefGoogle Scholar
  7. 7.
    Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: 14th IEEE CSFW, pp. 82–96. IEEE Computer Society (2001)Google Scholar
  8. 8.
    Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Static validation of security protocols. J. Comput. Secur. 13(3), 347–390 (2005)Google Scholar
  9. 9.
    Christensen, S., Mortensen, K.H.: Design/CPN ASK-CTL Manual - Version 0.9. University of Aarhus, Aarhus C, Denmark (1996)Google Scholar
  10. 10.
    Cremers, C.J.F.: The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  11. 11.
    Dolev, D., Yao, A.C.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)MathSciNetzbMATHCrossRefGoogle Scholar
  12. 12.
    Gilmore, S.: Programming in standard ML ’97: A tutorial introduction. Tech. rep., The University of Edinburgh (1997)Google Scholar
  13. 13.
    Jensen, K., Kristensen, L.M.: Coloured Petri Nets - Modelling and Validation of Concurrent Systems. Springer (2009)Google Scholar
  14. 14.
    Koblitz, N., Menezes, A.: Another look at ”provable security”. J. Cryptology 20(1), 3–37 (2007)MathSciNetzbMATHCrossRefGoogle Scholar
  15. 15.
    Milner, R.: Communicating and Mobile Systems: the Pi-Calculus. Cambridge University Press (June 1999)Google Scholar
  16. 16.
    Ngo, L., Boyd, C., Nieto, J.G.: Automating Computational Proofs for Public-Key-Based Key Exchange. In: Heng, S.-H., Kurosawa, K. (eds.) ProvSec 2010. LNCS, vol. 6402, pp. 53–69. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  17. 17.
    Pointcheval, D.: Contemporary cryptology - Provable security for public key schemes. Advanced Courses in Mathematics, pp. 133–189. Birkhäuser (2005)Google Scholar
  18. 18.
    Suriadi, S.: Strengthening and Formally Verifying Privacy in Identity Management Systems. Ph.D. thesis, Queensland University of Technology (September 2010)Google Scholar
  19. 19.
    Suriadi, S., Foo, E., Josang, A.: A user-centric federated single sign-on system. Journal of Network and Computer Applications 32(2), 388–401 (2009)CrossRefGoogle Scholar
  20. 20.
    Suriadi, S., Foo, E., Smith, J.: Private information escrow bound to multiple conditions. Tech. rep., Information Security Institute - Queensland University of Technology (2008),
  21. 21.
    Suriadi, S., Ouyang, C., Foo, E.: Privacy compliance verification in cryptographic protocols. Tech. Rep. 48484, Queensland University of Technology, Brisbane, Australia (2012),
  22. 22.
    Suriadi, S., Ouyang, C., Smith, J., Foo, E.: Modeling and Verification of Privacy Enhancing Protocols. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 127–146. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  23. 23.
    Tatebayashi, M., Matsuzaki, N., Newman Jr., D.B.: Key Distribution Protocol for Digital Mobile Communication Systems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 324–334. Springer, Heidelberg (1990)Google Scholar
  24. 24.
    WP 14.1: PRIME (Privacy and Identity Management for Europe) - Framework V3 (March 2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Suriadi Suriadi
    • 1
  • Chun Ouyang
    • 1
    • 2
  • Ernest Foo
    • 1
  1. 1.Science and Engineering FacultyQueensland University of TechnologyAustralia
  2. 2.Queensland Research LaboratoryNICTABrisbaneAustralia

Personalised recommendations