ABSTRACT
In this article we test an Erlang implementation of the Noise Protocol Framework, using a novel form of white-box testing. We extend interoperability testing of an Erlang enoise implementation against an implementation of Noise in C. Testing typically performs a noise protocol handshake between the two implementations. If successful, then both implementations are somehow compatible. But this does, for example, not detect whether we reuse keys that have to be newly generated. Therefore we extend such operability testing: During the handshake the Erlang noise implementation is traced. The resulting protocol trace is refactored, obtaining as the end result a symbolic description (a functional term) of how key protocol values are constructed using cryptographic operations and keys. Therafter, this symbolic term is compared, using term rewriting, with a symbolic term representing the ideal symbolic execution of the tested noise protocol handshake (i.e., the "semantics" of the handshake). The semantic symbolic term is obtained by executing a symbolic implementation of the noise protocol that we have developed.
- Jesper Louis Andersen. 2015. Enacl – Erlang bindings for NaCl/libsodium. https://github.com/jlouis/enaclGoogle Scholar
- Thomas Arts and Lars-Åke Fredlund. 2002. Trace analysis of Erlang programs. SIGPLAN Notices 37, 12 (2002), 18–24. Google ScholarDigital Library
- Duncan Paul Attard and Adrian Francalanza. 2016. A Monitoring Tool for a Branching-Time Logic. In Runtime Verification - 16th International Conference, RV 2016, Madrid, Spain, September 23-30, 2016, Proceedings (Lecture Notes in Computer Science) , Yliès Falcone and César Sánchez (Eds.), Vol. 10012. Springer, 473–481.Google Scholar
- Duncan Paul Attard and Adrian Francalanza. 2017. Trace Partitioning and Local Monitoring for Asynchronous Components. In Software Engineering and Formal Methods - 15th International Conference, SEFM 2017, Trento, Italy, September 4-8, 2017, Proceedings (Lecture Notes in Computer Science) , Alessandro Cimatti and Marjan Sirjani (Eds.), Vol. 10469. Springer, 219–235.Google Scholar
- Bruno Blanchet. 2016. Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif. Foundations and Trends in Privacy and Security 1, 1-2 (2016), 1–135. Google ScholarDigital Library
- Ian Cassar and Adrian Francalanza. 2016. On Implementing a MonitorOriented Programming Framework for Actor Systems. In Integrated Formal Methods - 12th International Conference, IFM 2016, Reykjavik, Iceland, June 1-5, 2016, Proceedings (Lecture Notes in Computer Science) , Erika Ábrahám and Marieke Huisman (Eds.), Vol. 9681. Springer, 176– 192. Google ScholarDigital Library
- James Cheney, Amal Ahmed, and Aacar Umut A. 2011. Provenance as dependency analysis. Mathematical Structures in Computer Science 21, 6 (2011), 1301–1337. Google ScholarDigital Library
- Pierpaolo Degano and Corrado Priami. 1992. Proved Trees. In Automata, Languages and Programming, 19th International Colloquium, ICALP92, Vienna, Austria, July 13-17, 1992, Proceedings (Lecture Notes in Computer Science) , Werner Kuich (Ed.), Vol. 623. Springer, 629–640. Google ScholarDigital Library
- Dorothy E. Denning. 1976. A Lattice Model of Secure Information Flow. Commun. ACM 19, 5 (1976), 236–243. Google ScholarDigital Library
- Whitfield Diffie and Martin E. Hellman. 1976. New directions in cryptography. IEEE Trans. Information Theory 22, 6 (1976), 644–654. Google ScholarDigital Library
- Jason A. Donenfeld. 2018. WireGuard – fast, modern, secure VPN tunnel. https://www.wireguard.com/Google Scholar
- Frank Denis et. al. 2013. Sodium – a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. https://libsodium.gitbook.io/doc/Google Scholar
- Yanislav Malahov et. al. 2018. The æternity blockchain. https: //aeternity.comGoogle Scholar
- Adrian Francalanza and Aldrin Seychell. 2015. Synthesising correct concurrent runtime monitors. Formal Methods in System Design 46, 3 (2015), 226–261. Google ScholarDigital Library
- Guillaume Girol. 2019. Formalizing and Verifying the Security Protocols from the Noise Framework . Master’s thesis. ETH Zürich, Switzerland.Google Scholar
- Alejandro Hevia and Gregory Neven (Eds.). 2012. Progress in Cryptology - LATINCRYPT 2012 - 2nd International Conference on Cryptology and Information Security in Latin America, Santiago, Chile, October 7-10, 2012. Proceedings . Lecture Notes in Computer Science, Vol. 7533. Springer.Google Scholar
- Nadim Kobeissi and Karthikeyan Bhargavan. 2018. Noise Explorer: Fully Automated Modeling and Verification for Arbitrary Noise Protocols. IACR Cryptology ePrint Archive 2018 (2018), 766. https: //eprint.iacr.org/2018/766Google Scholar
- Simon Meier, Benedikt Schmidt, Cas Cremers, and David A. Basin. 2013. The TAMARIN Prover for the Symbolic Analysis of Security Protocols. In Computer Aided Verification - 25th International Conference, CAV 2013, Saint Petersburg, Russia, July 13-19, 2013. Proceedings (Lecture Notes in Computer Science) , Natasha Sharygina and Helmut Veith (Eds.), Vol. 8044. Springer, 696–701.Google Scholar
- Trevor Perrin. 2016. The Noise Protocol Framework. http:// noiseprotocol.org/noise.htmlGoogle Scholar
- Gordon D. Plotkin. 1981. A Structural Approach to Operational Semantics. Aarhus University report DAIMI FN-19 (1981).Google Scholar
- Andrei Sabelfeld and Andrew C. Myers. 2006. Language-based Information-flow Security. IEEE J.Sel. A. Commun. 21, 1 (Sept. 2006), 5–19. Google ScholarDigital Library
- Andris Suter-Dörig. 2018. Formalizing and Verifying the Security Protocols from the Noise Framework.Google Scholar
- Hans Svensson. 2005. Verification of Erlang Programs using Testing and Tracing.Google Scholar
- Hans Svensson. 2018. Enoise – An Erlang implementation of the Noise protocol. https://github.com/aeternity/enoiseGoogle Scholar
- Rhys Weatherley. 2016. Noise-C, a plain C implementation of the Noise protocol. https://github.com/rweather/noise-cGoogle Scholar
- Wikipedia. 2012. The HKDF key derivation function. https://en. wikipedia.org/wiki/HKDFGoogle Scholar
Index Terms
- Gaining trust by tracing security protocols
Recommendations
On the security of fair non-repudiation protocols
Special issue on SC 2003We analyzed two non-repudiation protocols and found some new attacks on the fairness and termination property of these protocols. Our attacks are enabled by several inherent design weaknesses, which also apply to other non-repudiation protocols. To ...
An intensive survey of fair non-repudiation protocols
With the phenomenal growth of the Internet and open networks in general, security services, such as non-repudiation, become crucial to many applications. Non-repudiation services must ensure that when Alice sends some information to Bob over a network, ...
An intruder model for verifying liveness in security protocols
FMSE '06: Proceedings of the fourth ACM workshop on Formal methods in securityWe present a process algebraic intruder model for verifying a class of liveness properties of security protocols. For this class, the proposed intruder model is proved to be equivalent to a Dolev-Yao intruder that does not delay indefinitely the ...
Comments