Abstract
Formal methods are an important tool for designing secure cryptographic protocols. However, the existing work on formal methods does not cover privacy-preserving protocols as much as other types of protocols. Furthermore, privacy-related properties, such as unlinkability, are not always easy or even possible to prove statically, but need to be checked dynamically during the protocol’s execution. In this paper, we demonstrate how, starting from an informal description of a privacy-preserving protocol in natural language, one may use a modified and extended version of the Typed MSR language to create a formal specification of this protocol, typed in a linkability-oriented type system, and then use this specification to reach an implementation of this protocol in Jif, in such a way that privacy vulnerabilities can be detected with a mixture of static and runtime checks.
Similar content being viewed by others
References
Acquisti, A.: Receipt-free homomorphic elections and write-in ballots. Technical Report 2004/105, International Association for Cryptologic Research, May 2004
Aspinall, D., Compagnoni, A.: Subtyping dependent types. In: Clarke, E. (ed.) Proceedings of the 11th Annual Symposium on Logic in Computer Science, pp. 86–97. IEEE Computer Society Press, New York (1996)
Balopoulos, T., Gritzalis, S., Katsikas, S.K.: An extension of Typed MSR for specifying esoteric protocols and their Dolev–Yao intruder. In: Chadwick, D., Preneel, B. (ed.) Proceedings of the CMS’2004 IFIP TC6/TC11 8th International Conference on Communications and Multimedia Security, vol. 175, pp. 209–221. Springer, Heidelberg (2004)
Balopoulos, T., Gritzalis, S., Katsikas, S.K.: Specifying electronic voting protocols in Typed MSR. In: De Capitani di Vimercati, S., Dingledine, R. (eds.) Proceedings of the 2005 ACM Computer and Communications Security Conference –Workshop on Privacy in the Electronic Society, pp. 35–39. ACM Press, New York (2005)
Balopoulos T., Gritzalis S., Katsikas S.K.: Specifying privacy-preserving protocols in Typed MSR. Comput. Stand. Interf. 27(5), 501–512 (2005)
Boudot, F.: Efficient proofs that a committed number lies in an interval. In EUROCRYPT, pp. 431–444 (2000)
Brandeis, L., Warren, S.: The right to privacy. In: Harvard Law Review, vol. 4 (1890)
Burrows M., Abadi M., Needham R.: A logic of authentication. ACM Trans. Comput. Syst. 8(1), 18–36 (1990)
Cervesato, I.: Typed multiset rewriting specifications of security protocols. In: Seda, A. (ed.) First Irish Conference on the Mathematical Foundations of Computer Science and Information Technology—MFCSIT’00, pp. 1–43, Cork, Ireland, 19–21 July 2000. ENTCS vol. 40 Elsevier, Amsterdorm
Cervesato, I.: Typed MSR: syntax and examples. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) First International Workshop on Mathematical Methods, Models and Architectures for Computer Networks Security—MMM’01, pp. 159–177, St. Petersburg, Russia, 21–23 May 2001, LNCS 2052, Springer, Heidelberg
Chaum, D.: Untraceable electronic mail, return addresses, and digital pseudonyms. Comm. ACM, 4(2), (1981)
Chaum D.: Security without identification: transaction systems to make big brother obsolete. Comm. Assoc. Comput. Mach. 28(10), 1030–1044 (1985)
Diaz, C., Seys, S., Claessens, J., Preneel, B.: Towards measuring anonymity. In: Dingledine, R., Syverson, P. (eds.) Proceedings of Privacy Enhancing Technologies Workshop (PET 2002), volume LNCS 2482. Springer, Heidelberg (2002)
Dolev D., Yao A.C.: On the security of public key protocols. IEEE Trans. Inf. Theor. 2(29), 198–208 (1983)
Fabrega, F.J, Herzog, J.C., Guttman, J.D.: Strand spaces: Why is a security protocol correct? In: Proceedings of the IEEE Symposium on Security and Privacy, May 1998
Feige, U., Fiat, A., Shamir, A.: Zero knowledge proofs of identity. In: Proceedings of the 19th ACM Symposium on Theory of Computing, pp. 210–217, May 1987
Goldschlag, D.M., Reed, M.G., Syverson, P.F.: Hiding routing information. In: Anderson, R. (ed.) Proceedings of the 1st International Workshop on Information Hiding, vol. 1174 of Lecture Notes in Computer Science, pp. 137–150. Springer, Heidelberg (1996)
Gritzalis, S., Spinellis, D., Georgiadis, P.: Security protocols over open networks and distributed systems: formal methods for their analysis, design, and verification. In: Computer Communications, vol. 22, pp. 697–709. Elsevier, Amsterdom (1999)
Hoare C.A.R.: Communicating sequential processes. j-CACM 21(8), 666–677 (1978)
Holt, J.E., Seamons, K.E.: Selective disclosure credential sets. http://citeseer.nj.nec.com/541329.html, (2002)
Marrero, W., Clarke, E.M., Jha, S.: Model checking for security protocols. In: Proceedings of the 1997 DIMACS Workshop on Design and Formal Verification of Security Protocols, (1997)
Milner, R.: A calculus of communicating systems. In: Lecture Notes in Computer Science, vol. 92, (1980)
Milner R.: Communicating and mobile systems: the π-calculus. Cambridge University Press, Cambridge (1999)
Myers, A.C.: Practical mostly-static information flow control. In: Proceedings of the 26th ACM Symposium on Principles of Programming Languages (POPL), pp. 228–241, January 1999
Myers, A.C., Liskov, B.: A decentralized model for information flow control. In: Proceedings of the 16th ACM Symposium on Operating Systems Principles (SOSP), pp. 129–142, October 1997
Myers, A.C., Liskov, B.: Complete, safe information flow with decentralized labels. In: Proceedings of the 1998 IEEE Symposium on Security and Privacy, pp. 186–197, May 1998
Paillier, P.: Public-key cryptosystems based on discrete logarithms residues. In: Advances in Cryptology - Eurocrypt ’99, pp. 223–238. Springer, LNCS 1592, (1999)
Pfitzmann, A., Köhntopp, M.: Anonymity, unlinkability, undetectability, unobservability, pseudonymity, and identity management—a consolidated proposal for terminology. Draft, version 0.29. http://dud.inf.tu-dresden.de/Anon_Terminology.shtml, July 2007
Schneider, S., Sidiropoulos, A.: CSP and anonymity. In: ESORICS, pp. 198–218, (1996)
Serjantov, A., Danezis, G.: Towards an information theoretic metric for anonymity. In: Dingledine, R., Syverson, P. (eds.) Proceedings of Privacy Enhancing Technologies Workshop (PET 2002), vol. LNCS 2482. Springer, Heidelberg (2002)
Serjantov, A., Dingledine, R., Syverson, P.: From a trickle to a flood: active attacks on several mix types. In: Petitcolas F. (ed.) Proceedings of Information Hiding Workshop (IH 2002), vol. LNCS 2578. Springer, Heidelberg, October 2002
Syverson, P., Cervesato, I.: The logic of authentication protocols. In Foundations of Security Analysis and Design, vol. 2171 of Tutorial Lectures. Springer, Heidelbeg (2001)
Syverson, P., Meadows, C., Cervesato, I.: Dolev-Yao is no better than Machiavelli. In: Degano, P. (ed.) First Workshop on Issues in the Theory of Security—WITS’00, pp. 87–92, July 2000
United Nations. Universal Declaration of Human Rights, 1948
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Balopoulos, T., Gritzalis, S. & Katsikas, S.K. Specifying and implementing privacy-preserving cryptographic protocols. Int. J. Inf. Secur. 7, 395–420 (2008). https://doi.org/10.1007/s10207-008-0057-y
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-008-0057-y