Abstract
Formal verification of cryptographic protocols has a long history with a great number of successful verification tools created. Recent progress in formal verification theory has brought more powerful tools capable of handling computational assumption, which leads to more reliable verification results for information systems.
In this paper, we introduce an effective scheme and studies on applying computational formal verification toward a practical cryptographic protocol. As a target protocol, we reconsider a security model for RFID authentication with a man-in-the-middle adversary and communication fault. We define three model and security proofs via a game-based approach that, in a computational sense, makes our security models compatible with formal security analysis tools. Then we show the combination of using a computational formal verification tool and handwritten verification to overcome the computational tool’s limitations. We show that the target RFID authentication protocol is robust against the above-mentioned attacks, and then provide game-based (handwritten) proofs and their verification via CryptoVerif.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
RFID security & privacy lounge, http://www.avoine.net/rfid/
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: POPL, pp. 104–115 (2001)
Abadi, M., Rogaway, P.: Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption). In: Watanabe, O., Hagiya, M., Ito, T., van Leeuwen, J., Mosses, P.D. (eds.) TCS 2000. LNCS, vol. 1872, pp. 3–22. Springer, Heidelberg (2000)
Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: CSF, pp. 107–121 (2010)
Blanchet, B.: CryptoVerif computationally sound, automatic cryptographic protocol verifier user manual, http://www.cryptoverif.ens.fr/
Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Computer Security Foundations Workshop (CSFW-14), Cape Breton, Nova Scotia, Canada, pp. 82–96. IEEE Computer Society (2001)
Blanchet, B.: A computationally sound mechanized prover for security protocols. In: IEEE Symposium on Security and Privacy, Oakland, California, pp. 140–154 (May 2006)
Blanchet, B., Pointcheval, D.: Automated Security Proofs with Sequences of Games. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 537–554. Springer, Heidelberg (2006)
Brusò, M., Chatzikokolakis, K., den Hartog, J.: Formal verification of privacy for RFID systems. In: CSF, pp. 75–88 (2010)
Dolev, D., Yao, A.C.-C.: On the Security of Public Key Protocols. In: FOCS 1981, pp. 350–357 (1981)
Hancke, G., Kuhn, M.: An RFID Distance Bounding Protocol. In: Conference on Security and Privacy for Emerging Areas in Communication Networks – SecureComm 2005, Athens, Greece, pp. 67–73. IEEE Computer Society (2005)
Juels, A.: RFID security and privacy: A research survey (September 2005) (manuscript)
Juels, A., Weis, S.: Defining strong privacy for RFID. Cryptology ePrint Archive, Report 2006/137 (2006)
Juels, A., Weis, S.: Defining Strong Privacy for RFID. In: International Conference on Pervasive Computing and Communications – PerCom 2007, New York City, New York, USA, pp. 342–347. IEEE Computer Society Press (2007)
Matsuo, S., Miyazaki, K., Otsuka, A., Basin, D.: How to Evaluate the Security of Real-Life Cryptographic Protocols? - The Cases of ISO/IEC 29128 and CRYPTREC. In: Sion, R., Curtmola, R., Dietrich, S., Kiayias, A., Miret, J.M., Sako, K., Sebé, F. (eds.) RLCPS, WECSR, and WLC 2010. LNCS, vol. 6054, pp. 182–194. Springer, Heidelberg (2010), http://www.springerlink.com/content/05t7653287066880/
Ohkubo, M., Matsuo, S., Hanatani, Y., Sakiyama, K., Ohta, K.: Robust RFID authentication protocol with formal proof and its feasibility. Cryptology ePrint Archive, Report 2010/345 (2010)
Ohkubo, M., Suzuki, K., Kinoshita, S.: Cryptographic approach to “privacy-friendly” tags. In: RFID Privacy Workshop. MIT, MA (2003)
Radu-Ioan, P., Vaudenay, S.: Mutual Authentication in RFID: Security and Privacy. In: Proceedings of the 3rd ACM Symposium on Information, Computer and Communications Security – ASIACCS 2008, Tokyo, Japan, pp. 292–299. ACM Press (2008)
Vaudenay, S.: On Privacy Models for RFID. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 68–87. Springer, Heidelberg (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
HanataniI, Y., Ohkubo, M., Matsuo, S., Sakiyama, K., Ohta, K. (2012). A Study on Computational Formal Verification for Practical Cryptographic Protocol: The Case of Synchronous RFID Authentication. In: Danezis, G., Dietrich, S., Sako, K. (eds) Financial Cryptography and Data Security. FC 2011. Lecture Notes in Computer Science, vol 7126. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29889-9_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-29889-9_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29888-2
Online ISBN: 978-3-642-29889-9
eBook Packages: Computer ScienceComputer Science (R0)