Abstract
Intruders can infer properties of a system by measuring the time it takes for the system to respond to some request of a given protocol, that is, by exploiting time side channels. These properties may help intruders distinguish whether a system is a honeypot or concrete system helping them avoid defense mechanisms, or track a user among others violating his privacy. Observational and trace equivalence are technical machineries used for verifying whether two systems are distinguishable. Automating the check for trace equivalence suffers the state-space explosion problem. Symbolic verification is used to mitigate this problem allowing for the verification of relatively large systems. This paper introduces a novel definition of timed trace equivalence based on symbolic time constraints. Protocol verification problems can then be reduced to problems solvable by off-the-shelf SMT solvers. We implemented such machinery in Maude and carry out a number of experiments demonstrating the feasibility of our approach.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
And more generally, observational equivalence.
- 2.
The accompanying implementation can be found at https://github.com/SRI-CSL/VCPublic/obseq.git.
- 3.
\(\mathcal {S}\) always includes guessables–names, text, fresh nonces, .... Guessables are left implicit in our examples.
- 4.
Strictly, \(\mathcal {DC}\) needs to satisfy some conditions in order for this membership relation to be well-defined. For example, the symbol dependency graph of \(\mathcal {DC}\) shall be acyclic. We assume that this relation is undefined whenever this is not the case.
- 5.
Initially this was implemented using CVC4 [4]. Since Alpha 114 there is also the option to use Yices2.
References
Abadi, M., Fournet, C.: Private authentication. Theor. Comput. Sci. 322(3), 427–476 (2004)
Agha, G., Mason, I.A., Smith, S.F., Talcott, C.L.: A foundation for actor computation. J. Funct. Program. 7, 1–72 (1997)
Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010, Edinburgh, United Kingdom, 17–19 July 2010, pp. 107–121 (2010)
Barrett, C., et al.: CVC4. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 171–177. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_14
Basin, D., Sebastian Mödersheim, L.V.: OFMC: a symbolic model checker for security protocols. Int. J. Inf. Secur. (2004). https://doi.org/10.1007/s10207-004-0055-7
Bella, G., Paulson, L.C.: Kerberos version IV: inductive analysis of the secrecy goals. In: Quisquater, J.-J., Deswarte, Y., Meadows, C., Gollmann, D. (eds.) ESORICS 1998. LNCS, vol. 1485, pp. 361–375. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0055875
Benton, N., Hofmann, M., Nigam, V.: Effect-dependent transformations for concurrent programs. In: Proceedings of the 18th International Symposium on Principles and Practice of Declarative Programming, 5–7 September 2016, Edinburgh, United Kingdom, pp. 188–201 (2016)
Brands, S., Chaum, D.: Distance-bounding protocols (extended abstract). In: EUROCRYPT, pp. 344–359 (1993)
Cervesato, I., Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: CSFW, pp. 55–69 (1999)
Cheval, V., Cortier, V.: Timing attacks in security protocols: symbolic framework and proof techniques. In: Focardi, R., Myers, A. (eds.) POST 2015. LNCS, vol. 9036, pp. 280–299. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46666-7_15
Chothia, T., Smirnov, V.: A traceability attack against e-passports. In: Sion, R. (ed.) FC 2010. LNCS, vol. 6052, pp. 20–34. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14577-3_5
Clavel, M., et al.: All About Maude - A High-Performance Logical Framework. LNCS, vol. 4350. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-71999-1
Corin, R., Etalle, S., Hartel, P.H., Mader, A.: Timed model checking of security protocols. In: Proceedings of the 2004 ACM Workshop on Formal Methods in Security Engineering, FMSE 2004, New York, NY, USA, pp. 23–32. ACM (2004)
Cortier, V., Delaune, S.: A method for proving observational equivalence. In: Proceedings of the 22nd IEEE Computer Security Foundations Symposium, CSF 2009, Port Jefferson, New York, USA, 8–10 July 2009, pp. 266–276 (2009)
Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)
Durán, F., Eker, S., Escobar, S., Martí-Oliet, N., Meseguer, J., Talcott, C.: Built-in variant generation and unification, and their applications in Maude 2.7. In: Olivetti, N., Tiwari, A. (eds.) IJCAR 2016. LNCS (LNAI), vol. 9706, pp. 183–192. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-40229-1_13
Biere, A., Bloem, R. (eds.): CAV 2014. LNCS, vol. 8559. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08867-9
Dutertre, B.: Solving exists/forall problems with yices. In: SMT (2015)
Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1
Evans, N., Schneider, S.: Analysing time dependent security properties in CSP using PVS. In: Cuppens, F., Deswarte, Y., Gollmann, D., Waidner, M. (eds.) ESORICS 2000. LNCS, vol. 1895, pp. 222–237. Springer, Heidelberg (2000). https://doi.org/10.1007/10722599_14
Gazeau, I., Kremer, S.: Automated analysis of equivalence properties for security protocols using else branches. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10493, pp. 1–20. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66399-9_1
González-Burgueño, A., Aparicio-Sánchez, D., Escobar, S., Meadows, C.A., Meseguer, J.: Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA. In: 22nd International Conference on Logic for Programming, Artificial Intelligence and Reasoning, pp. 400–417 (2018)
González-Burgueño, A., Santiago, S., Escobar, S., Meadows, C.A., Meseguer, J.: Analysis of the PKCS#11 API using the Maude-NPA tool. In: Proceedings of the Security Standardisation Research - Second International Conference, SSR 2015, Tokyo, Japan, 15–16 December 2015, pp. 86–106 (2015)
Gorrieri, R., Locatelli, E., Martinelli, F.: A simple language for real-time cryptographic protocol analysis. In: Degano, P. (ed.) ESOP 2003. LNCS, vol. 2618, pp. 114–128. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36575-3_9
Gunter, C.A.: Semantics of Programming Languages - Structures and Techniques. Foundations of Computing. MIT Press, Cambridge (1993)
Ho, G., Boneh, D., Ballard, L., Provos, N.: Tick tock: building browser red pills from timing side channels. In: Bratus, S., Lindner, F.F.X. (eds.) 8th USENIX Workshop on Offensive Technologies, WOOT 2014 (2014)
Jakubowska, G., Penczek, W.: Modelling and checking timed authentication of security protocols. Fundam. Inf. 79(3–4), 363–378 (2007)
Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L.: Towards timed models for cyber-physical security protocols (2014). Available in Nigam’s homepage
Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A., Talcott, C.L., Perovic, R.: A rewriting framework for activities subject to regulations. In: 23rd International Conference on Rewriting Techniques and Applications (RTA 2012), Nagoya, Japan, 28 May–2 June 2012, pp. 305–322 (2012)
Mason, I.A., Talcott, C.L.: IOP: The interoperability platform & IMaude: an interactive extension of Maude. In: Fifth International Workshop on Rewriting Logic and Its Applications (WRLA 2004). Electronic Notes in Theoretical Computer Science. Elsevier (2004)
Meadows, C.: The NRL protocol analyzer: an overview. J. Logic Program. 26(2), 113–131 (1996)
Meadows, C.A.: Analysis of the internet key exchange protocol using the NRL protocol analyzer. In: 1999 IEEE Symposium on Security and Privacy, pp. 216–231 (1999)
Meadows, C.A.: A cost-based framework for analysis of denial of service networks. J. Comput. Secur. 9(1/2), 143–164 (2001)
Meadows, C.A., Poovendran, R., Pavlovic, D., Chang, L., Syverson, P.F.: Distance bounding protocols: authentication logic analysis and collusion attacks. In: Secure Localization and Time Synchronization for Wireless Sensor and Ad Hoc Networks, pp. 279–298 (2007)
Milner, R.: Communicating and Mobile Systems - The Pi-Calculus. Cambridge University Press, Cambridge (1999)
Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978). https://doi.org/10.1145/359657.359659
Nigam, V., Talcott, C., Urquiza, A.A.: Symbolic timed observational equivalence (2018). https://arxiv.org/abs/1801.04066
Nigam, V., Talcott, C., Aires Urquiza, A.: Towards the automated verification of cyber-physical security protocols: bounding the number of timed intruders. In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 450–470. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_23
Rocha, C.: Symbolic reachability analysis for rewrite theories. Ph.D. thesis, University of Illinois at Urbana-Champagne (2012)
Santiago, S., Escobar, S., Meadows, C., Meseguer, J.: A formal definition of protocol indistinguishability and its verification using Maude-NPA. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 162–177. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-11851-2_11
Acknowledgments
We thank the anonymous reviewer for careful reading and helpful suggestions for improvement. Nigam was partially supported by NRL grant N0017317-1-G002 and by CNPq grant 303909/2018-8. Talcott was partly supported by ONR grant N00014-15-1-2202 and NRL grant N0017317-1-G002.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Nigam, V., Talcott, C., Urquiza, A.A. (2019). Symbolic Timed Trace Equivalence. In: Guttman, J., Landwehr, C., Meseguer, J., Pavlovic, D. (eds) Foundations of Security, Protocols, and Equational Reasoning. Lecture Notes in Computer Science(), vol 11565. Springer, Cham. https://doi.org/10.1007/978-3-030-19052-1_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-19052-1_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-19051-4
Online ISBN: 978-3-030-19052-1
eBook Packages: Computer ScienceComputer Science (R0)