Abstract
Recently, several composition results have been established, showing that two cryptographic protocols proven secure against a Dolev-Yao attacker continue to afford the same security guarantees when composed together, provided the protocol messages are tagged with the information of which protocol they belong to. The key technical tool used to establish this guarantee is a separation result which shows that any attack on the composition can be mapped to an attack on one of the composed protocols running in isolation. We consider the composition of protocols which, in addition to using cryptographic primitives, also employ randomization within the protocol to achieve their goals. We show that if the protocols never reveal a secret with a probability greater than a given threshold, then neither does their composition, given that protocol messages are tagged with the information of which protocol they belong to.
M.S. Bauer and M. Viswanathan—Partially supported by grant NSF CNS 1314485.
R. Chadha—Partially supported by grant NSF CNS 1314338.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
n sessions of P will be denoted by \(!_n P.\)
References
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115 (2001)
Andova, S., Cremers, C.J.F., Gjøsteen, K., Mauw, S., Mjølsnes, S.F., Radomirovic, S.: A framework for compositional verification of security protocols. Inform. Comput. 206(2–4), 425–459 (2008)
Arapinis, M., Cheval, V., Delaune, S.: Composing security protocols: from confidentiality to privacy. http://arxiv.org/pdf/1407.5444v3.pdf
Arapinis, M., Cheval, V., Delaune, S.: Verifying privacy-type properties in a modular way. In: 25th IEEE Computer Security Foundations Symposium (CSF 2012), pp. 95–109. IEEE Computer Society Press, Cambridge (2012)
Arapinis, M., Delaune, S., Kremer, S.: From one session to many: dynamic tags for security protocols. In: Cervesato, I., Veith, H., Voronkov, A. (eds.) LPAR 2008. LNCS (LNAI), vol. 5330, pp. 128–142. Springer, Heidelberg (2008)
Bauer, M.S., Chadha, R., Viswanathan, M.: Composing Protocol with Randomized Actions. Technical report, University of Illinois at Urbana-Champaign, Department of Computer Science (2016)
Ben-Or, M., Goldreich, O., Micali, S., Rivest, R.L.: A fair protocol for signing contracts. IEEE Trans. Inf. Theory 36(1), 40–46 (1990)
Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, P., Segala, R.: Task-structured probabilistic I/O automata. In: Workshop on Discrete Event Systems (2006)
Canetti, R.: Universally composable security: a new paradigm for cryptographic protocols. In: Naor, M. (ed.) 42nd IEEE Symposium on Foundations of Computer Science (FOCS 2001), pp. 136–145. IEEE Computer Society Press (2001)
Canetti, R., Herzog, J.C.: Universally composable symbolic analysis of mutual authentication and key-exchange protocols. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 380–403. Springer, Heidelberg (2006)
Carbone, M., Guttman, J.D.: Sessions and separability in security protocols. In: Basin, D., Mitchell, J.C. (eds.) POST 2013 (ETAPS 2013). LNCS, vol. 7796, pp. 267–286. Springer, Heidelberg (2013)
Chadha, R., Sistla, A.P., Viswanathan, M.: Model checking concurrent programs with nondeterminism and randomization. In: the International Conference on Foundations of Software Technology and Theoretical Computer Science, pp. 364–375 (2010)
Chatzikokolakis, K., Palamidessi, C.: Making random choices invisible to the scheduler. Information and Computation (2010) to appear
Chaum, D.: The dining cryptographers problem: Unconditional sender and recipient untraceability. J. Cryptology 1(1), 65–75 (1988)
Cheung, L.: Reconciling Nondeterministic and Probabilistic Choices. PhD thesis, Radboud University of Nijmegen (2006)
Chevalier, C., Delaune, S., Kremer, S.: Transforming password protocols to compose. In: 31st Conference on Foundations of Software Technology and Theoretical Computer Science, Leibniz International Proceedings in Informatics, pp. 204–216. Leibniz-Zentrum für Informatik (2011)
Cortier, V., Delaitre, J., Delaune, S.: Safely composing security protocols. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 352–363. Springer, Heidelberg (2007)
Cortier, V., Delaune, S.: Safely composing security protocols. Formal Methods in System Design 34(1), 1–36 (2009)
Ciobâcă, Ş., Cortier, V.: Protocol composition for arbitrary primitives. In: Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF, Edinburgh, July 17–19, 2010, pp. 322–336 (2010)
Datta, A., Derek, A., Mitchell, J.C., Pavlovic, D.: A derivation system and compositional logic for security protocols. J. Comput. Secur. 13(3), 423–482 (2005)
de Alfaro, L.: The verification of probabilistic systems under memoryless partial information policies is hard. In: PROBMIV (1999)
Delaune, S., Kremer, S., Ryan, M.D.: Composition of password-based protocols. In: Proceedings of the 21st IEEE Computer Security Foundations Symposium (CSF 2008), pp. 239–251. IEEE Computer Society Press, June 2008
Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. Commun. ACM 28(6), 637–647 (1985)
Garcia, F.D., van Rossum, P., Sokolova, A.: Probabilistic Anonymity and Admissible Schedulers. CoRR, abs/0706.1019 (2007)
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Onion routing. Commun. ACM 42(2), 39–41 (1999)
Goubault-Larrecq, J., Palamidessi, C., Troina, A.: A probabilistic applied pi–calculus. In: Shao, Z. (ed.) APLAS 2007. LNCS, vol. 4807, pp. 175–190. Springer, Heidelberg (2007)
Gunter, C.A., Khanna, S., Tan, K., Venkatesh, S.S.: Dos protection for reliably authenticated broadcast. In: NDSS (2004)
Guttman, J.D.: Authentication tests and disjoint encryption: a design method for security protocols. J. Comput. Secur. 12(3–4), 409–433 (2004)
Guttman, J.D.: Cryptographic protocol composition via the authentication tests. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 303–317. Springer, Heidelberg (2009)
He, C., Sundararajan, M., Datta, A., Derek, A., Mitchell, J.C.: A modular correctness proof of ieee 802.11i and TLS. In: Atluri, V., Meadows, C., Juels, A. (eds.) the 12th ACM Conference on Computer and Communications Security, (CCS ), pp. 2–15. ACM (2005)
Mödersheim, S., Viganò, L.: Sufficient conditions for vertical composition of security protocols. In: Proceedings of the 9th ACM Symposium on Information, Computer and Communications Security, ASIA CCS 2014, pp. 435–446. ACM, New York (2014)
Reiter, M.K., Rubin, A.D.: Crowds: anonymity for web transactions. ACM Trans. Inf. Syst. Secur. 1(1), 66–92 (1998)
Ryan, P.Y.A., Bismark, D., Heather, J., Schneider, S., Xia, Z.: Prêt à voter: a voter-verifiable voting system. IEEE Trans. Inform. Forensics Secur. 4(4), 662–673 (2009)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bauer, M.S., Chadha, R., Viswanathan, M. (2016). Composing Protocols with Randomized Actions. In: Piessens, F., Viganò, L. (eds) Principles of Security and Trust. POST 2016. Lecture Notes in Computer Science(), vol 9635. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-49635-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-662-49635-0_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-49634-3
Online ISBN: 978-3-662-49635-0
eBook Packages: Computer ScienceComputer Science (R0)
