Abstract
To provide privacy protection, cryptographic primitives are frequently applied to communication protocols in an open environment (e.g. the Internet). We call these protocols privacy enhancing protocols (PEPs) which constitute a class of cryptographic protocols. Proof of the security properties, in terms of the privacy compliance, of PEPs is desirable before they can be deployed. However, the traditional provable security approach, though well-established for proving the security of cryptographic primitives, is not applicable to PEPs. We apply the formal language of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various privacy properties of PIEMCP using state space analysis techniques. This investigation provides insights into the modelling and analysis of PEPs in general, and demonstrates the benefit of applying a CPN-based formal approach to the privacy compliance verification of PEPs.
Keywords
- Trusted Platform Module
- Cryptographic Protocol
- Attack Scenario
- Cryptographic Primitive
- Computational Tree Logic
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
This is a preview of subscription content, access via your institution.
Buying options
Preview
Unable to display preview. Download preview PDF.
References
van der Aalst, W.: Pi calculus versus Petri nets: Let us eat humble pie rather than further inflate the Pi hype. BPTrends, 1–11 (May 2005)
Al-Azzoni, I., Down, D.G., Khedri, R.: Modeling and verification of cryptographic protocols using Coloured Petri nets and Design/CPN. Nordic Journal of Computing 12(3), 201–228 (2005)
Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied Pi-calculus and automated verification of the direct anonymous attestation protocol. In: IEEE Symposium on Security and Privacy, pp. 202–215 (May 2008)
Baeten, J.C.M.: A brief history of process algebra. Theor. Comput. Sci. 335(2-3), 131–146 (2005)
Bellare, M., Rogaway, P.: Random oracles are practical: A paradigm for designing efficient protocols. In: ACM CCS, pp. 62–73 (1993)
Billington, J., Han, B.: Modelling and analysing the functional behaviour of TCP’s connection management procedures. STTT 9(3-4), 269–304 (2007)
Blanchet, B.: An efficient cryptographic protocol verifier based on Prolog rules. In: 14th IEEE CSFW, pp. 82–96. IEEE Computer Society (2001)
Bodei, C., Buchholtz, M., Degano, P., Nielson, F., Nielson, H.R.: Static validation of security protocols. J. Comput. Secur. 13(3), 347–390 (2005)
Christensen, S., Mortensen, K.H.: Design/CPN ASK-CTL Manual - Version 0.9. University of Aarhus, Aarhus C, Denmark (1996)
Cremers, C.J.F.: The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols. In: Gupta, A., Malik, S. (eds.) CAV 2008. LNCS, vol. 5123, pp. 414–418. Springer, Heidelberg (2008)
Dolev, D., Yao, A.C.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)
Gilmore, S.: Programming in standard ML ’97: A tutorial introduction. Tech. rep., The University of Edinburgh (1997)
Jensen, K., Kristensen, L.M.: Coloured Petri Nets - Modelling and Validation of Concurrent Systems. Springer (2009)
Koblitz, N., Menezes, A.: Another look at ”provable security”. J. Cryptology 20(1), 3–37 (2007)
Milner, R.: Communicating and Mobile Systems: the Pi-Calculus. Cambridge University Press (June 1999)
Ngo, L., Boyd, C., Nieto, J.G.: Automating Computational Proofs for Public-Key-Based Key Exchange. In: Heng, S.-H., Kurosawa, K. (eds.) ProvSec 2010. LNCS, vol. 6402, pp. 53–69. Springer, Heidelberg (2010)
Pointcheval, D.: Contemporary cryptology - Provable security for public key schemes. Advanced Courses in Mathematics, pp. 133–189. Birkhäuser (2005)
Suriadi, S.: Strengthening and Formally Verifying Privacy in Identity Management Systems. Ph.D. thesis, Queensland University of Technology (September 2010)
Suriadi, S., Foo, E., Josang, A.: A user-centric federated single sign-on system. Journal of Network and Computer Applications 32(2), 388–401 (2009)
Suriadi, S., Foo, E., Smith, J.: Private information escrow bound to multiple conditions. Tech. rep., Information Security Institute - Queensland University of Technology (2008), http://eprints.qut.edu.au/17763/1/c17763.pdf
Suriadi, S., Ouyang, C., Foo, E.: Privacy compliance verification in cryptographic protocols. Tech. Rep. 48484, Queensland University of Technology, Brisbane, Australia (2012), http://eprints.qut.edu.au/48484/
Suriadi, S., Ouyang, C., Smith, J., Foo, E.: Modeling and Verification of Privacy Enhancing Protocols. In: Breitman, K., Cavalcanti, A. (eds.) ICFEM 2009. LNCS, vol. 5885, pp. 127–146. Springer, Heidelberg (2009)
Tatebayashi, M., Matsuzaki, N., Newman Jr., D.B.: Key Distribution Protocol for Digital Mobile Communication Systems. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 324–334. Springer, Heidelberg (1990)
WP 14.1: PRIME (Privacy and Identity Management for Europe) - Framework V3 (March 2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Suriadi, S., Ouyang, C., Foo, E. (2012). Privacy Compliance Verification in Cryptographic Protocols. In: Jensen, K., van der Aalst, W.M., Ajmone Marsan, M., Franceschinis, G., Kleijn, J., Kristensen, L.M. (eds) Transactions on Petri Nets and Other Models of Concurrency VI. Lecture Notes in Computer Science, vol 7400. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35179-2_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-35179-2_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-35178-5
Online ISBN: 978-3-642-35179-2
eBook Packages: Computer ScienceComputer Science (R0)