Composing Protocols with Randomized Actions

  • Matthew S. BauerEmail author
  • Rohit Chadha
  • Mahesh Viswanathan
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9635)


Recently, several composition results have been established, showing that two cryptographic protocols proven secure against a Dolev-Yao attacker continue to afford the same security guarantees when composed together, provided the protocol messages are tagged with the information of which protocol they belong to. The key technical tool used to establish this guarantee is a separation result which shows that any attack on the composition can be mapped to an attack on one of the composed protocols running in isolation. We consider the composition of protocols which, in addition to using cryptographic primitives, also employ randomization within the protocol to achieve their goals. We show that if the protocols never reveal a secret with a probability greater than a given threshold, then neither does their composition, given that protocol messages are tagged with the information of which protocol they belong to.


Shared Secret Equational Theory Process Algebra Cryptographic Protocol Partially Observable Markov Decision Process 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115 (2001)Google Scholar
  2. 2.
    Andova, S., Cremers, C.J.F., Gjøsteen, K., Mauw, S., Mjølsnes, S.F., Radomirovic, S.: A framework for compositional verification of security protocols. Inform. Comput. 206(2–4), 425–459 (2008)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Arapinis, M., Cheval, V., Delaune, S.: Composing security protocols: from confidentiality to privacy.
  4. 4.
    Arapinis, M., Cheval, V., Delaune, S.: Verifying privacy-type properties in a modular way. In: 25th IEEE Computer Security Foundations Symposium (CSF 2012), pp. 95–109. IEEE Computer Society Press, Cambridge (2012)Google Scholar
  5. 5.
    Arapinis, M., Delaune, S., Kremer, S.: From one session to many: dynamic tags for security protocols. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS (LNAI), vol. 5330, pp. 128–142. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  6. 6.
    Bauer, M.S., Chadha, R., Viswanathan, M.: Composing Protocol with Randomized Actions. Technical report, University of Illinois at Urbana-Champaign, Department of Computer Science (2016)Google Scholar
  7. 7.
    Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Trans. Inf. Theory 36(1), 40–46 (1990)MathSciNetCrossRefGoogle Scholar
  8. 8.
    Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, P., Segala, R.: Task-structured probabilistic I/O automata. In: Workshop on Discrete Event Systems (2006)Google Scholar
  9. 9.
    Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Naor, M. (ed.) 42nd IEEE Symposium on Foundations of Computer Science (FOCS 2001), pp. 136–145. IEEE Computer Society Press (2001)Google Scholar
  10. 10.
    Canetti, R., Herzog, J.C.: Universally composable symbolic analysis of mutual authentication and key-exchange protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 380–403. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  11. 11.
    Carbone, M., Guttman, J.D.: Sessions and separability in security protocols. In: Basin, D., Mitchell, J.C. (eds.) POST 2013 (ETAPS 2013). LNCS, vol. 7796, pp. 267–286. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  12. 12.
    Chadha, R., Sistla, A.P., Viswanathan, M.: Model checking concurrent programs with nondeterminism and randomization. In: the International Conference on Foundations of Software Technology and Theoretical Computer Science, pp. 364–375 (2010)Google Scholar
  13. 13.
    Chatzikokolakis, K., Palamidessi, C.: Making random choices invisible to the scheduler. Information and Computation (2010) to appearGoogle Scholar
  14. 14.
    Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptology 1(1), 65–75 (1988)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Cheung, L.: Reconciling Nondeterministic and Probabilistic Choices. PhD thesis, Radboud University of Nijmegen (2006)Google Scholar
  16. 16.
    Chevalier, C., Delaune, S., Kremer, S.: Transforming password protocols to compose. In: 31st Conference on Foundations of Software Technology and Theoretical Computer Science, Leibniz International Proceedings in Informatics, pp. 204–216. Leibniz-Zentrum für Informatik (2011)Google Scholar
  17. 17.
    Cortier, V., Delaitre, J., Delaune, S.: Safely composing security protocols. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 352–363. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  18. 18.
    Cortier, V., Delaune, S.: Safely composing security protocols. Formal Methods in System Design 34(1), 1–36 (2009)CrossRefzbMATHGoogle Scholar
  19. 19.
    Ciobâcă, Ş., Cortier, V.: Protocol composition for arbitrary primitives. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF, Edinburgh, July 17–19, 2010, pp. 322–336 (2010)Google Scholar
  20. 20.
    Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: A derivation system and compositional logic for security protocols. J. Comput. Secur. 13(3), 423–482 (2005)CrossRefGoogle Scholar
  21. 21.
    de Alfaro, L.: The verification of probabilistic systems under memoryless partial information policies is hard. In: PROBMIV (1999)Google Scholar
  22. 22.
    Delaune, S., Kremer, S., Ryan, M.D.: Composition of password-based protocols. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), pp. 239–251. IEEE Computer Society Press, June 2008Google Scholar
  23. 23.
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Garcia, F.D., van Rossum, P., Sokolova, A.: Probabilistic Anonymity and Admissible Schedulers. CoRR, abs/0706.1019 (2007)
  25. 25.
    Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. Commun. ACM 42(2), 39–41 (1999)CrossRefGoogle Scholar
  26. 26.
    Goubault-Larrecq, J., Palamidessi, C., Troina, A.: A probabilistic applied pi–calculus. In: Shao, Z. (ed.) APLAS 2007. LNCS, vol. 4807, pp. 175–190. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  27. 27.
    Gunter, C.A., Khanna, S., Tan, K., Venkatesh, S.S.: Dos protection for reliably authenticated broadcast. In: NDSS (2004)Google Scholar
  28. 28.
    Guttman, J.D.: Authentication tests and disjoint encryption: a design method for security protocols. J. Comput. Secur. 12(3–4), 409–433 (2004)CrossRefGoogle Scholar
  29. 29.
    Guttman, J.D.: Cryptographic protocol composition via the authentication tests. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 303–317. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  30. 30.
    He, C., Sundararajan, M., Datta, A., Derek, A., Mitchell, J.C.: A modular correctness proof of ieee 802.11i and TLS. In: Atluri, V., Meadows, C., Juels, A. (eds.) the 12th ACM Conference on Computer and Communications Security, (CCS ), pp. 2–15. ACM (2005)Google Scholar
  31. 31.
    Mödersheim, S., Viganò, L.: Sufficient conditions for vertical composition of security protocols. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014, pp. 435–446. ACM, New York (2014)Google Scholar
  32. 32.
    Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998)CrossRefGoogle Scholar
  33. 33.
    Ryan, P.Y.A., Bismark, D., Heather, J., Schneider, S., Xia, Z.: Prêt à voter: a voter-verifiable voting system. IEEE Trans. Inform. Forensics Secur. 4(4), 662–673 (2009)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2016

Authors and Affiliations

  • Matthew S. Bauer
    • 1
    Email author
  • Rohit Chadha
    • 2
  • Mahesh Viswanathan
    • 1
  1. 1.University of Illinois at Urbana-ChampaignChampaignUSA
  2. 2.University of MissouriColumbiaUSA

Personalised recommendations