Skip to main content
SpringerLink
Log in
Book cover

Logic, Language, and Security pp 167–183Cite as

Modelchecking Safety Properties in Randomized Security Protocols

  • Chapter
  • First Online:

  • 725 Accesses

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12300))

Abstract

Automated reasoning tools for security protocols model protocols as non-deterministic processes that communicate through a Dolev-Yao attacker. There are, however, a large class of protocols whose correctness relies on an explicit ability to model and reason about randomness. Although such protocols lie at the heart of many widely adopted systems for anonymous communication, they have so-far eluded automated verification techniques. We propose an algorithm for reasoning about safety properties for randomized protocols. The algorithm is implemented as an extension of Stochastic Protocol ANalyzer (Span), the mechanized tool that reasons about the indistinguishability properties of randomized protocols. Using Span, we conduct the first automated verification on several randomized security protocols and uncover previously unknown design weaknesses in several of the protocols we analyzed.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Notes

  1. 1.

    A similar attack was also discovered by hand in [6] where the analysis of FOO protocol is carried out in the computational model.

References

  1. Graphviz. https://www.graphviz.org/

  2. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: ACM SIGPLAN Notices, vol. 36, pp. 104–115. ACM (2001)

    Google Scholar 

  3. Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theor. Comput. Sci. 367(1), 2–32 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  4. Adida, B.: Helios: web-based open-audit voting. In: USENIX Security Symposium, vol. 17, pp. 335–348 (2008)

    Google Scholar 

  5. Armando, A., Compagna, L.: SAT-based model-checking for security protocols analysis. Int. J. Inf. Secur. 7(1), 3–32 (2008)

    Article  MATH  Google Scholar 

  6. Bana, G., Chadha, R., Eeralla, A.K.: Formal analysis of vote privacy using computationally complete symbolic attacker. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11099, pp. 350–372. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98989-1_18

    Chapter  Google Scholar 

  7. Bauer, M.S.: Analysis of randomized security protocols. Ph.D. thesis, University of Illinois at Urbana-Champaign (2018)

    Google Scholar 

  8. Bauer, M.S., Chadha, R., Prasad Sistla, A., Viswanathan, M.: Model checking indistinguishability of randomized security protocols. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 117–135. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96142-2_10

    Chapter  Google Scholar 

  9. Bauer, M.S., Chadha, R., Viswanathan, M.: Composing protocols with randomized actions. In: Piessens, F., Viganò, L. (eds.) POST 2016. LNCS, vol. 9635, pp. 189–210. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49635-0_10

    Chapter  Google Scholar 

  10. Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Trans. Inf. Theory 36(1), 40–46 (1990)

    Article  MathSciNet  Google Scholar 

  11. Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. J. Log. Algebr. Program. 75(1), 3–51 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  12. Braziunas, D.: POMDP Solution Methods. University of Toronto (2003)

    Google Scholar 

  13. Canetti, R., et al.: Task-structured probabilistic I/O automata. In: Discrete Event Systems (2006)

    Google Scholar 

  14. Cassandra, A.R.: A survey of POMDP applications. In: Working notes of AAAI 1998 fall Symposium on Planning with Partially Observable Markov Decision Processes, vol. 1724 (1998)

    Google Scholar 

  15. Chadha, R., Cheval, V., Ciobâcă, Ş., Kremer, S.: Automated verification of equivalence properties of cryptographic protocol. ACM Trans. Comput. Log. 17(4), 1–32 (2016)

    Article  MathSciNet  MATH  Google Scholar 

  16. Chadha, R., Sistla, A.P., Viswanathan, M.: Model checking concurrent programs with nondeterminism and randomization. In: Foundations of Software Technology and Theoretical Computer Science, pp. 364–375 (2010)

    Google Scholar 

  17. Chadha, R., Sistla, A.P., Viswanathan, M.: Verification of randomized security protocols. In: Logic in Computer Science, pp. 1–12. IEEE (2017)

    Google Scholar 

  18. Chatterjee, K., Chmelík, M., Tracol, M.: What is decidable about partially observable Markov decision processes with omega-regular objectives. J. Comput. Syst. Sci. 82(5), 878–911 (2016)

    Article  MATH  Google Scholar 

  19. Chatzikokolakis, K., Palamidessi, C.: Making random choices invisible to the scheduler. Information and Computation (2010, to appear)

    Google Scholar 

  20. Chaum, D.: The dining cryptographers problem: unconditional sender and recipient untraceability. J. Cryptol. 1(1), 65–75 (1988)

    Article  MathSciNet  MATH  Google Scholar 

  21. Chaum, D., Ryan, P.Y.A., Schneider, S.: A practical voter-verifiable election scheme. In: di Vimercati, S.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 118–139. Springer, Heidelberg (2005). https://doi.org/10.1007/11555827_8

    Chapter  Google Scholar 

  22. Chaum, D.L.: Untraceable electronic mail, return addresses, and digital pseudonyms. Commun. ACM 24(2), 84–90 (1981)

    Article  Google Scholar 

  23. Cheung, L.: Reconciling nondeterministic and probabilistic choices. Ph.D. thesis, Radboud University of Nijmegen (2006)

    Google Scholar 

  24. Clavel, M., et al.: Maude: Specification and programming in rewriting logic. Theor. Comput. Sci. 285(2), 187–243 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  25. Cortier, V., Delaune, S.: A method for proving observational equivalence. In: Computer Security Foundations, pp. 266–276 (2009)

    Google Scholar 

  26. de Alfaro, L.: The verification of probabilistic systems under memoryless partial-information policies is hard. Technical report (1999)

    Google Scholar 

  27. Dehnert, C., Junges, S., Katoen, J.P., Volk, M.: A storm is coming: a modern probabilistic model checker. In: Majumdar, R., Kunčak, V. (eds.) Computer Aided Verification CAV 2017. LNCS, vol. 10427, pp. 592-600. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-63390-9_31

  28. Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17(4), 435–487 (2009)

    Article  MATH  Google Scholar 

  29. Dingledine, R., Mathewson, N., Syverson, P.: Tor: the second-generation onion router. Technical report, DTIC Document (2004)

    Google Scholar 

  30. Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007-2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03829-7_1

    Chapter  MATH  Google Scholar 

  31. Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)

    Article  MathSciNet  MATH  Google Scholar 

  32. Fujioka, A., Okamoto, T., Ohta, K.: A practical secret voting scheme for large scale elections. In: Seberry, J., Zheng, Y. (eds.) AUSCRYPT 1992. LNCS, vol. 718, pp. 244–251. Springer, Heidelberg (1993). https://doi.org/10.1007/3-540-57220-1_66

    Chapter  Google Scholar 

  33. Garcia, F.D., Van Rossum, P., Sokolova, A.: Probabilistic anonymity and admissible schedulers. arXiv preprint arXiv:0706.1019 (2007)

  34. Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Workshop on Information Hiding, pp. 137–150 (1996)

    Google Scholar 

  35. Golle, P., Juels, A.: Dining cryptographers revisited. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 456–473. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-24676-3_27

    Chapter  Google Scholar 

  36. Goubault-Larrecq, J., Palamidessi, C., Troina, A.: A probabilistic applied pi–calculus. In: Shao, Z. (ed.) APLAS 2007. LNCS, vol. 4807, pp. 175–190. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-76637-7_12

    Chapter  Google Scholar 

  37. Gunter, C.A., Khanna, S., Tan, K., Venkatesh, S.S.: DoS protection for reliably authenticated broadcast. In: Network and Distributed System Security (2004)

    Google Scholar 

  38. Kremer, S., Ryan, M.: Analysis of an electronic voting protocol in the applied pi calculus. In: Sagiv, M. (ed.) ESOP 2005. LNCS, vol. 3444, pp. 186–200. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-31987-0_14

    Chapter  Google Scholar 

  39. Kwiatkowska, M., Norman, G., Parker, D.: PRISM 4.0: verification of probabilistic real-time systems. In: Gopalakrishnan, G., Qadeer, S. (eds.) CAV 2011. LNCS, vol. 6806, pp. 585–591. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22110-1_47

    Chapter  Google Scholar 

  40. Norman, G., Parker, D., Zou, X.: Verification and control of partially observable probabilistic systems. Real-Time Syst. 53(3), 354–402 (2017). https://doi.org/10.1007/s11241-017-9269-4

    Article  MATH  Google Scholar 

  41. Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998)

    Article  Google Scholar 

  42. Ryan, P.Y.A., Bismark, D., Heather, J., Schneider, S., Xia, Z.: Prêt à voter: a voter-verifiable voting system. IEEE Trans. Inf. Forensics Secur. 4(4), 662–673 (2009)

    Article  Google Scholar 

  43. Bauer, M.S., Chadha, R., Viswanathan, M.: Modular verification of protocol equivalence in the presence of randomness. In: Foley, S.N., Gollmann, D., Snekkenes, E. (eds.) ESORICS 2017. LNCS, vol. 10492, pp. 187–205. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66402-6_12

    Chapter  Google Scholar 

  44. Santin, A.O., Costa, R.G., Maziero, C.A.: A three-ballot-based secure electronic voting system. Secur. Priv. 6(3), 14–21 (2008)

    Article  Google Scholar 

  45. Schmidt, B., Meier, S., Cremers, C., Basin, D.: Automated analysis of Diffie-Hellman protocols and advanced security properties. In: Computer Security Foundations, pp. 78–94 (2012)

    Google Scholar 

  46. Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: active attacks on several mix types. In: Petitcolas, F.A.P. (ed.) IH 2002. LNCS, vol. 2578, pp. 36–52. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36415-3_3

    Chapter  Google Scholar 

  47. Serjantov, A., Newman, R.E.: On the anonymity of timed pool mixes. In: Gritzalis, D., De Capitani di Vimercati, S., Samarati, P., Katsikas, S. (eds.) SEC 2003. ITIFIP, vol. 122, pp. 427–434. Springer, Boston, MA (2003). https://doi.org/10.1007/978-0-387-35691-4_41

    Chapter  Google Scholar 

  48. Serjantov, A., Sewell, P.: Passive attack analysis for connection-based anonymity systems. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 116–131. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39650-5_7

    Chapter  Google Scholar 

  49. Shmatikov, V.: Probabilistic analysis of anonymity. In: Computer Security Foundations, pp. 119–128. IEEE (2002)

    Google Scholar 

Download references

Acknowledgements

Andre Scedrov’s foundational work on formal analysis of security protocols has been an unmistakable inspiration for us, and we thank him for his mentorship. Rohit Chadha thanks Andre Scedrov for introducing him to the exciting and challenging field of security protocol analysis, and his invaluable counsel.

Rohit Chadha was partially supported by grants NSF 1553548 CNS and NSF CCF 1900924. Mahesh Viswanathan was partially supported by NSF CCF 1901069.

Author information

Authors and Affiliations

  1. Galois Inc., Portland, USA

    Matthew S. Bauer

  2. University of Missouri, Columbia, USA

    Rohit Chadha

  3. University of Illinois, Urbana-Champaign, USA

    Mahesh Viswanathan

Authors
  1. Matthew S. Bauer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Rohit Chadha
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Mahesh Viswanathan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rohit Chadha .

Editor information

Editors and Affiliations

  1. fortiss GmbH, Munich, Germany

    Vivek Nigam

  2. University of Rijeka, Rijeka, Croatia

    Tajana Ban Kirigin

  3. SRI International, Menlo Park, CA, USA

    Carolyn Talcott

  4. Worcester Polytechnic Institute, Worcester, MA, USA

    Joshua Guttman

  5. Steklov Mathematical Institute of the Russian Academy of Sciences, Moscow, Russia

    Stepan Kuznetsov

  6. University of Pennsylvania, Philadelphia, PA, USA

    Boon Thau Loo

  7. Keio University, Tokyo, Japan

    Mitsuhiro Okada

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Bauer, M.S., Chadha, R., Viswanathan, M. (2020). Modelchecking Safety Properties in Randomized Security Protocols. In: Nigam, V., et al. Logic, Language, and Security. Lecture Notes in Computer Science(), vol 12300. Springer, Cham. https://doi.org/10.1007/978-3-030-62077-6_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62077-6_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62076-9

  • Online ISBN: 978-3-030-62077-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation