Abstract
It is usually very difficult in Computer Science to make an information “disappear” after a certain time, once it has been published or mirrored by servers world wide. This, however, is the goal of the IBM ephemerizer’s protocol by Radia Perlman. We present in this paper the general structure of the CL-Atse protocol analysis tool from the AVISPA’s tool-suite, and symbolic analysis of the ephemerizer’s protocol and its extensions using CL-Atse. This protocol allows transmitting a data which retrieval is guarantied to be impossible after a certain time. We show that this protocol is secure for this property plus the secrecy of the data, but is trivially non secure for its integrity. We model a standard integrity check as a first extension to this protocol, which is natural and close to common usage, and we present a second extension for integrity that is much less obvious and deeply integrated in the structure of the ephemerizer’s protocol. Then, we show that while the first extension guaranty the basic integrity property under certain conditions, the second one is much stronger and allows faster computations.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Amadio, R., Lugiez, D., Vanackère, V.: On the symbolic reduction of processes with cryptographic functions. Theor. Comput. Sci. 290(1), 695–740 (2003)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Team. The Avispa Tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Armando, A., Compagna, L.: An Optimized Intruder Model for SAT-based Model-Checking of Security Protocols. In: Proceedings of the Workshop on Automated Reasoning for Security Protocol Analysis (ARSPA 2004). ENTCS, vol. 125(1), pp. 91–108 (2005)
Arora, C.: The Ephemerizer’s specification files in HLPSL, http://www.loria.fr/~turuani/Ephemerizer_models.zip
Baader, F., Schulz, K.U.: Unification in the Union of Disjoint Equational Theories: Combining Decision Procedures. Journal of Symbolic Computing 21(2), 211–243 (1996)
Basin, D., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. International Journal of Information Security 4(3), 181–208 (2005)
Boichut, Y., Héam, P.-C., Kouchnarenko, O.: Automatic Verification of Security Protocols Using Approximations. INRIA Research Report RR-5727 (October 2005), http://www.inria.fr/rrrt/rr-5727.html
Blanchet, B.: An Ecient Cryptographic Protocol Verier Based on Prolog Rules. In: Proceedings of 14th IEEE Computer Security Foundations Workshop (CSFW). IEEE Computer Society, Los Alamitos (2001)
Boreale, M.: Symbolic trace analysis of cryptographic protocols. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 667–681. Springer, Heidelberg (2001)
Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with xor. In: Proceedings of LICS 2003 (2003)
Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 124–135. Springer, Heidelberg (2003)
Chevalier, Y., Vigneron, L.: A Tool for Lazy Verification of Security Protocols. In: Proceedings of the Automated Software Engineering Conference (ASE 2001), IEEE CSP, Los Alamitos (2001)
Clark, J., Jacob, J.: A Survey of Authentication Protocol Literature: Version 1.0, November 17 (1997), www.cs.york.ac.uk/~jac/papers/drareview.ps.gz
Corin, R., Etalle, S.: An improved constraint-based system for the verification of security protocols. In: Hermenegildo, M.V., Puebla, G. (eds.) SAS 2002. LNCS, vol. 2477, pp. 326–341. Springer, Heidelberg (2002)
Cremers, C.J.F.: Unbounded verification, falsification, and characterization of security protocols by pattern refinement. In: Proceedings of the 15th ACM conference on Computer and Communications Security. ACM, New York (2008)
Cremers, C., Lafourcade, P.: Comparing State Spaces in Automatic Protocol Verification. In: Proceedings of the Seventh International Workshop on Automated Verification of Critical Systems (AVoCS 2007), Elsevier Science Direct, Amsterdam (2007)
Dolev, D., Yao, A.C.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 29(2), 198–208 (1983)
Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: Proceedings of DISCEX 2000, pp. 237–250. IEEE Computer Society Press, Los Alamitos (2000)
Millen, J., Shmatikov, V.: Symbolic protocol analysis with products and Diffie-Hellman exponentiation. In: Proceedings of the 16th IEEE Computer Security Foundations Workshop (CSFW 2003), pp. 47–61 (2003)
Perlman, R.: The Ephemerizer: Making Data Disappear. Technical report, Sun Labs (2005), http://www.research.sun.com/techrep/2005/smll-tr02005-140.pdf
Rusinowitch, M., Turuani, M.: Protocol Insecurity with Finite Number of Sessions is NP-complete. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), pp. 174–190 (2001)
Turuani, M.: The CL-Atse Protocol Analyser. In: Pfenning, F. (ed.) RTA 2006. LNCS, vol. 4098, pp. 277–286. Springer, Heidelberg (2006)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Arora, C., Turuani, M. (2009). Validating Integrity for the Ephemerizer’s Protocol with CL-Atse. In: Cortier, V., Kirchner, C., Okada, M., Sakurada, H. (eds) Formal to Practical Security. Lecture Notes in Computer Science, vol 5458. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02002-5_2
Download citation
DOI: https://doi.org/10.1007/978-3-642-02002-5_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-02001-8
Online ISBN: 978-3-642-02002-5
eBook Packages: Computer ScienceComputer Science (R0)