A Semi-Decidable Procedure for Secrecy in Cryptographic Protocols (original) (raw)

NEW FUNCTIONS FOR SECRECY ON REAL PROTOCOLS

In this paper, we present new functions for secrecy in cryptographic protocols:the witnessfunctions. A witness-function is a protocol-dependent function that is able to prove the correctness of a protocol through its growth. It bases its calculation on the static part of a message only in a role-based specification by using derivation techniques. We show here how to build them. Then, we run an analysis on two real protocols. First, we run an analysis on NSL protocol and we prove that it is correct with respect to the property of secrecy. Then, we run an analysis on a variation of Needham-Schroeder protocol in which we show that a witnessfunction could even help to discover flaws.

Introduction to the Witness-Functions for Secrecy in Cryptographic Protocols

International Journal of Modeling and Optimization, 2015

In this paper, we examine the property of secrecy in cryptographic protocols from the angle of the growth of the protocol. Intuitively, an increasing protocol preserves the secret. For that, we need functions to estimate the security of messages. Here, we give relaxed conditions on the functions and on the protocol and we prove that an increasing protocol is correct when analyzed with functions that meet these conditions. Then, we shortly introduce the witness-functions to analyze protocols for secrecy.

Ensuring Confidentiality in Cryptographic Protocols with the Witness-Functions

International Journal of Computer and Communication Engineering, 2015

In this paper, we present a new framework to verify cryptographic protocols statically for the property of confidentiality using the Witness-Functions. A Witness-Function is a reliable metric able to prove confidentiality of a cryptographic protocol by metricating security in it. Here, we present the theory of Witness-Functions and we run an analysis on the flawed version of the Woo-Lam protocol using one of these metrics.

Secrecy-Oriented First-Order Logical Analysis of Cryptographic Protocols

2010

We present a computationally sound first-order system for security-analysis of protocols that places secrecy of nonces and keys in its center. Even trace properties such as agreement and authentication are proven via proving a non-trace property, namely, secrecy first with an inductive method. This results a very powerful system, the working of which we illustrate on the agreement and authentication proofs for the Needham-Schroeder-Lowe publickey and the amended Needham-Schroeder shared-key protocols in case of unlimited sessions. Unlike other available formal verification techniques, computational soundness of our approach does not require any idealizations about parsing of bitstrings or unnecessary tagging. In particular, we have control over detecting and eliminating the possibility of type-flaw attacks.

On the Security of Cryptographic Protocols Using the Little Theorem of Witness Functions

2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE), 2019

In this paper, we show how practical the little theorem of witness functions is in detecting security flaws in some category of cryptographic protocols. We convey a formal analysis of the Needham-Schroeder symmetric-key protocol in the theory of witness functions. We show how it helps to teach about a security vulnerability in a given step of this protocol where the value of security of a particular sensitive ticket in a sent message unexpectedly plummets compared with its value when received. This vulnerability may be exploited by an intruder to mount a replay attack as described by Denning and Sacco.

A Theorem for Secrecy in Tagged Protocols Using the Theory of Witness-Functions

2018 IEEE Canadian Conference on Electrical & Computer Engineering (CCECE), 2018

In this paper, we enunciate the theorem of secrecy in tagged protocols using the theory of witness-functions and we run a formal analysis on a new tagged version of the Needham-Schroeder public-key protocol using this theorem. We discuss the significance of tagging in securing cryptographic protocols as well.

How to Guarantee Secrecy for Cryptographic Protocols

Eprint Arxiv Cs 0703140, 2007

In this paper we propose a general definition of secrecy for cryptographic protocols in the Dolev-Yao model. We give a sufficient condition ensuring secrecy for protocols where rules have encryption depth at most two, that is satisfied by almost all practical protocols. The only allowed primitives in the class of protocols we consider are pairing and encryption with atomic keys. Moreover, we describe an algorithm of practical interest which transforms a cryptographic protocol into a secure one from the point of view of secrecy, without changing its original goal with respect to secrecy of nonces and keys, provided the protocol satisfies some conditions. These conditions are not very restrictive and are satisfied for most practical protocols.

Secrecy by witness-functions on increasing protocols

Proceedings of the 2014 6th International Conference on Electronics, Computers and Artificial Intelligence (ECAI), 2014

In this paper, we present a new formal method to analyze cryptographic protocols statically for the property of secrecy. It consists in inspecting the level of security of every component in the protocol and making sure that it does not diminish during its life cycle. If yes, it concludes that the protocol keeps its secret inputs. We analyze in this paper an amended version of the Woo-Lam protocol using this new method.

Pattern-based abstraction for verifying secrecy in protocols

International Journal on Software Tools for Technology Transfer, 2006

We present a method based on abstract interpretation for verifying secrecy properties of cryptographic protocols. Our method allows to verify secrecy properties in a general model allowing an unbounded number of sessions, an unbounded number of principals and an unbounded size of messages. As abstract domain we use sets of so-called super terms. Super terms are obtained by allowing an interpreted constructor, which we denote by Sup , where the meaning of a term Sup ¢ ¤ £ ¦ ¥ is the set of terms that contain £ as sub-term. For these terms, we solve a generalized form of the unification problem and introduce a widening operator. We implemented a prototype and were able to verify well-known protocols such as for instance Needham-Schroeder-Lowe (0.03 sec), Yahalom (12.67 sec), Otway-Rees (0.01 sec) and Kao-Chow (0.78 sec).