ABSTRACT
This paper presents the first type system for statically analyzing security protocols that are based on zero-knowledge proofs. We show how certain properties offered by zero-knowledge proofs can be characterized in terms of authorization policies and statically enforced by a type system. The analysis is modular and compositional, and provides security proofs for an unbounded number of protocol executions. We develop a new type-checker that conducts the analysis in a fully automated manner. We exemplify the applicability of our technique to real-world protocols by verifying the authenticity and secrecy properties of the Direct Anonymous Attestation (DAA) protocol. The analysis of DAA takes less than three seconds.
- M. Abadi. Secrecy by typing in security protocols. Journal of the ACM, 46(5):749--786, 1999. Google ScholarDigital Library
- M. Abadi. Logic in access control. In Proc. 18th IEEE Symposium on Logic in Computer Science (LICS), pages 228--233. IEEE Computer Society Press, 2003. Google ScholarDigital Library
- M. Abadi and B. Blanchet. Secrecy types for asymmetric communication. In Proc. 4th International Conference on Foundations of Software Science and Computation Structures (FOSSACS), volume 2030 of Lecture Notes in Computer Science, pages 25--41. Springer-Verlag, 2001. Google ScholarDigital Library
- M. Abadi and B. Blanchet. Analyzing security protocols with secrecy types and logic programs. Journal of the ACM, 52(1):102--146, 2005. Google ScholarDigital Library
- M. Abadi, B. Blanchet, and C. Fournet. Automated verification of selected equivalences for security protocols. In Proc. 20th Annual IEEE Symposium on Logic in Computer Science (LICS), pages 331--340. IEEE Computer Society Press, 2005. Google ScholarDigital Library
- A. Acquisti. Receipt-free homomorphic elections and write-in ballots. Cryptology ePrint Archive, Report 2004/105, 2004. http://eprint.iacr.org/.Google Scholar
- L. Bachmair and H. Ganzinger. Rewrite-based equational theorem proving with selection and simplification. Journal of Logic and Computation, 4(3):217--247, 1994.Google ScholarCross Ref
- M. Backes, A. Cortesi, R. Focardi, and M. Maffei. A calculus of challenges and responses. In Proc. 5th ACM Workshop on Formal Methods in Security Engineering (FMSE), pages 101--116. ACM Press, 2007. Google ScholarDigital Library
- M. Backes, C. Hritcu, and M. Maffei. Automated verification of remote electronic voting protocols in the applied pi-calculus. In Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pages 195--209. IEEE Computer Society Press, 2008. Google ScholarDigital Library
- M. Backes, C. Hritcu, and M. Maffei. Type-checking zero-knowledge. Long version available at http://www.infsec.cs.uni-sb.de/~hritcu/publications/zk-types-full.pdf, 2008. Google ScholarDigital Library
- M. Backes, C. Hritcu, and M. Maffei. Type-checking zero-knowledge. Implementation available at http://www.infsec.cs.uni-sb.de/projects/zk-typechecker, 2008. Google ScholarDigital Library
- M. Backes, M. Maffei, and D. Unruh. Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In Proc. 29th IEEE Symposium on Security and Privacy, pages 202--215. IEEE Computer Society Press, 2008. Google ScholarDigital Library
- M. Backes and D. Unruh. Computational soundness of symbolic zero-knowledge proofs against active attackers. In Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pages 255--269. IEEE Computer Society Press, 2008. Google ScholarDigital Library
- J. Bengtson, K. Bhargavan, C. Fournet, A.D. Gordon, and S. Maffeis. Refinement types for secure implementations. In Proc. 21th IEEE Symposium on Computer Security Foundations (CSF), pages 17--32. IEEE Computer Society Press, 2008. Google ScholarDigital Library
- B. Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In Proc. 14th IEEE Computer Security Foundations Workshop (CSFW), pages 82--96. IEEE Computer Society Press, 2001. Google ScholarDigital Library
- D. Bleichenbacher. Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS. In Advances in Cryptology: CRYPTO '98, volume 1462 of Lecture Notes in Computer Science, pages 1--12. Springer-Verlag, 1998. Google ScholarDigital Library
- E. Brickell, J. Camenisch, and L. Chen. Direct anonymous attestation. In Proc. 11th ACM Conference on Computer and Communications Security, pages 132--145. ACM Press, 2004. Google ScholarDigital Library
- M. Bugliesi, R. Focardi, and M. Maffei. Dynamic types for authentication. Journal of Computer Security, 15(6):563--617, 2007. Google ScholarDigital Library
- F. Butler, I. Cervesato, A.D. Jaggard, A. Scedrov, and C. Walstad. Formal analysis of Kerberos 5. Theoretical Computer Science, 367(1):57--87, 2006. Google ScholarDigital Library
- D. Chaum. Blind signatures for untraceable payments. In Advances in Cryptology: CRYPTO'82, pages 199--203, 1983.Google ScholarCross Ref
- M.R. Clarkson, S. Chong, and A.C. Myers. Civitas: A secure voting system. In Proc. 29th IEEE Symposium on Security and Privacy, pages 354--368. IEEE Computer Society Press, 2008. Google ScholarDigital Library
- R. Corin, P. Denielou, C. Fournet, K. Bhargavan, and J. Leifer. Secure implementations for typed session abstractions. In Proc. 20th IEEE Symposium on Computer Security Foundations (CSF), pages 170--186. IEEE Computer Society Press, 2007. Google ScholarDigital Library
- S. Delaune, S. Kremer, and M. Ryan. Coercion-resistance and receipt-freeness in electronic voting. In Proc. 19th IEEE Computer Security Foundations Workshop (CSFW), pages 28--42. IEEE Computer Society Press, 2006. Google ScholarDigital Library
- S. Delaune, M. Ryan, and B. Smyth. Automatic verification of privacy properties in the applied pi calculus. To appear in 2nd Joint iTrust and PST Conferences on Privacy, Trust Management and Security (IFIPTM'08), 2008.Google Scholar
- B. Dragovic, E. Kotsovinos, S. Hand, and P.R. Pietzuch. Xenotrust: Event-based distributed trust management. In Proc. 14th International Workshop on Database and Expert Systems Applications (DEXA'03), pages 410--414. IEEE Computer Society Press, 2003. Google ScholarDigital Library
- D. Fisher. Millions of .Net Passport accounts put at risk. eWeek, May 2003. (Flaw detected by Muhammad Faisal Rauf Danka).Google Scholar
- C. Fournet, A.D. Gordon, and S. Maffeis. A type discipline for authorization policies. In Proc. 14th European Symposium on Programming (ESOP), Lecture Notes in Computer Science, pages 141--156. Springer-Verlag, 2005.Google ScholarDigital Library
- C. Fournet, A.D. Gordon, and S. Maffeis. A type discipline for authorization in distributed systems. In Proc. 20th IEEE Symposium on Computer Security Foundations (CSF), pages 31--45. IEEE Computer Society Press, 2007. Google ScholarDigital Library
- O. Goldreich. Foundations of Cryptography: Basic Tools. Cambridge University Press, 2001. Google ScholarCross Ref
- A.D. Gordon and A. Jeffrey. Authenticity by typing for security protocols. Journal of Computer Security, 4(11):451--521, 2003. Google ScholarDigital Library
- A.D. Gordon and A. Jeffrey. Types and effects for asymmetric cryptographic protocols. Journal of Computer Security, 12(3):435--484, 2004. Google ScholarDigital Library
- A.D. Gordon and A. Jeffrey. Secrecy despite compromise: Types, cryptography, and the pi-calculus. In Proc. 16th International Conference on Concurrency Theory (CONCUR), volume 3653, pages 186--201. Springer-Verlag, 2005. Google ScholarDigital Library
- C. Haack and A. Jeffrey. Timed spi-calculus with types for secrecy and authenticity. In Proc. 16th International Conference on Concurrency Theory (CONCUR), volume 3653, pages 202--216. Springer-Verlag, 2005. Google ScholarDigital Library
- C. Haack and A. Jeffrey. Pattern-matching spi-calculus. Information and Computation, 204(8):1195--1263, 2006. Google ScholarDigital Library
- A. Juels, D. Catalano, and M. Jakobsson. Coercion-resistant electronic elections. In Proc. 4nd ACM Workshop on Privacy in the Electronic Society (WPES), pages 61--70. ACM Press, 2005. Google ScholarDigital Library
- S.D. Kamvar, M. Schlosser, and H. Garcia-Molina. The eigentrust algorithm for reputation management in p2p networks. In In Proc. 12th International World Wide Web Conference (WWW), pages 640--651. ACM Press, 2003. Google ScholarDigital Library
- L. Lu, J. Han, L. Hu, J. Huai, Y. Liu, and L.M. Ni. Pseudo trust: Zero-knowledge based authentication in anonymous peer-to-peer protocols. In Proc. 2007 IEEE International Parallel and Distributed Processing Symposium, page 94. IEEE Computer Society Press, 2007.Google Scholar
- D. Wagner and B. Schneier. Analysis of the SSL 3.0 protocol. In Proc. 2nd USENIX Workshop on Electronic Commerce, pages 29--40, 1996. Google ScholarDigital Library
- C. Weidenbach, R. Schmidt, T. Hillenbrand, R. Rusev, and D. Topic. System description: SPASS version 3.0. In Automated Deduction -- CADE-21 : 21st International Conference on Automated Deduction, volume 4603 of Lecture Notes in Artificial Intelligence, pages 514--520. Springer, 2007. Google ScholarDigital Library
Index Terms
- Type-checking zero-knowledge
Recommendations
Achieving Security Despite Compromise Using Zero-knowledge
CSF '09: Proceedings of the 2009 22nd IEEE Computer Security Foundations SymposiumOne of the important challenges when designing and analyzing cryptographic protocols is the enforcement of security properties in the presence of compromised participants. This paper presents a general technique for strengthening cryptographic protocols ...
Minimum resource zero knowledge proofs
SFCS '89: Proceedings of the 30th Annual Symposium on Foundations of Computer ScienceSeveral resources relating to zero-knowledge protocols are considered. They are the number of envelopes used in the protocol, the number of oblivious transfer protocols executed during the protocol, and the total amount of communication required by the ...
Zero-Knowledge Contingent Payments Revisited: Attacks and Payments for Services
CCS '17: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications SecurityZero Knowledge Contingent Payment (ZKCP) protocols allow fair exchange of sold goods and payments over the Bitcoin network. In this paper we point out two main shortcomings of current proposals for ZKCP, and propose ways to address them.
First we show ...
Comments