957 research outputs found
A formal methodology for integral security design and verification of network protocols
We propose a methodology for verifying security properties of network
protocols at design level. It can be separated in two main parts: context and
requirements analysis and informal verification; and formal representation and
procedural verification. It is an iterative process where the early steps are
simpler than the last ones. Therefore, the effort required for detecting flaws
is proportional to the complexity of the associated attack. Thus, we avoid
wasting valuable resources for simple flaws that can be detected early in the
verification process. In order to illustrate the advantages provided by our
methodology, we also analyze three real protocols
On formal verification of arithmetic-based cryptographic primitives
Cryptographic primitives are fundamental for information security: they are
used as basic components for cryptographic protocols or public-key
cryptosystems. In many cases, their security proofs consist in showing that
they are reducible to computationally hard problems. Those reductions can be
subtle and tedious, and thus not easily checkable. On top of the proof
assistant Coq, we had implemented in previous work a toolbox for writing and
checking game-based security proofs of cryptographic primitives. In this paper
we describe its extension with number-theoretic capabilities so that it is now
possible to write and check arithmetic-based cryptographic primitives in our
toolbox. We illustrate our work by machine checking the game-based proofs of
unpredictability of the pseudo-random bit generator of Blum, Blum and Shub, and
semantic security of the public-key cryptographic scheme of Goldwasser and
Micali.Comment: 13 page
Formal Analysis of CRT-RSA Vigilant's Countermeasure Against the BellCoRe Attack: A Pledge for Formal Methods in the Field of Implementation Security
In our paper at PROOFS 2013, we formally studied a few known countermeasures
to protect CRT-RSA against the BellCoRe fault injection attack. However, we
left Vigilant's countermeasure and its alleged repaired version by Coron et al.
as future work, because the arithmetical framework of our tool was not
sufficiently powerful. In this paper we bridge this gap and then use the same
methodology to formally study both versions of the countermeasure. We obtain
surprising results, which we believe demonstrate the importance of formal
analysis in the field of implementation security. Indeed, the original version
of Vigilant's countermeasure is actually broken, but not as much as Coron et
al. thought it was. As a consequence, the repaired version they proposed can be
simplified. It can actually be simplified even further as two of the nine
modular verifications happen to be unnecessary. Fortunately, we could formally
prove the simplified repaired version to be resistant to the BellCoRe attack,
which was considered a "challenging issue" by the authors of the countermeasure
themselves.Comment: arXiv admin note: substantial text overlap with arXiv:1401.817
Computer-aided proofs for multiparty computation with active security
Secure multi-party computation (MPC) is a general cryptographic technique
that allows distrusting parties to compute a function of their individual
inputs, while only revealing the output of the function. It has found
applications in areas such as auctioning, email filtering, and secure
teleconference. Given its importance, it is crucial that the protocols are
specified and implemented correctly. In the programming language community it
has become good practice to use computer proof assistants to verify correctness
proofs. In the field of cryptography, EasyCrypt is the state of the art proof
assistant. It provides an embedded language for probabilistic programming,
together with a specialized logic, embedded into an ambient general purpose
higher-order logic. It allows us to conveniently express cryptographic
properties. EasyCrypt has been used successfully on many applications,
including public-key encryption, signatures, garbled circuits and differential
privacy. Here we show for the first time that it can also be used to prove
security of MPC against a malicious adversary. We formalize additive and
replicated secret sharing schemes and apply them to Maurer's MPC protocol for
secure addition and multiplication. Our method extends to general polynomial
functions. We follow the insights from EasyCrypt that security proofs can be
often be reduced to proofs about program equivalence, a topic that is well
understood in the verification of programming languages. In particular, we show
that in the passive case the non-interference-based definition is equivalent to
a standard game-based security definition. For the active case we provide a new
NI definition, which we call input independence
Type Inference for a Cryptographic Protocol Prover Tool
Krüptograafia uurimisrühm Tartus arendab mängupõhiste krüptograafiliste protokollide tõestajat nimega ProveIt. Idee ProveIt’i taga on lihtsustada tõestamise protsessi. Tegemist ei ole automaatse tõestajaga, vaid abivahendiga krüptograafidele. ProveIt võimaldab teadlastel teha muudatusi koodina üleskirjutatud tõenäosuslikele mängudele ja teeb koodi ümberkirjutamise automaatselt. See aitab garanteerida korrektsuse, hoida kokku aega ja samas jätta tõestuse arusaadavaks.
Üks võimalus kirjutada üles krüptograafilisi protokolle on kirjeldada neid programmeerimiskeelele sarnase pseudokoodiga, mida nimetatakse mänguks. Mängu muutmisel samm-sammult saame mõnikord jõuda teise mänguni, mille turvalisuse hinnangut me teame. Nende mängude jada ongi üks võimalik viis, kuidas saab anda protokolli turvalisuse tõestuse - seda nimetatakse mängupõhiseks tõestamiseks. Mängupõhine tõestamine on populaarne viis analüüsimaks protokollide turvalisust, sest see on võrdlemisi intuitiivne. Tavaliselt kasutatakse paberit ja pliiatsit, et kirjutada üles mänge, kuid kuna krüptograafiliste protokollide tõestamine ei ole just kõige lihtsam asi, mida teha, siis inimesed sageli lõpetavad suure kuhja paberitega igal pool, sealhulgas mitmete tupikute ja vigadega. Meie eesmärgiks on seda muuta ja anda krüptograafile võimalus mängu ümber kirjutamise asemel keskenduda järgmise sammu väljamõtlemisele.
Kuigi krüptograafial on oluline roll selle bakalaureusetöö juures, siis põhi fookus lasub siiski tüübiteoorial. Nimelt on selle töö eesmärgiks luua tüübikontroll ProveIt’i jaoks. Mängupõhiseid tõestusi saab edukalt kirjutada ilma tüüpidest mi- dagi teadmata, aga tüüpide kasutamine ProveIt’is võimaldab tagada kindlamalt korrektsuse ja kasutajat paremini aidata. Tüübikontrolli abil saame näiteks veenduda, et krüptograaf ei ürita omavahel liita numbreid ja pesukarusid. Selle fakti ja vea asukoha teadmine võib kokku hoida palju kasutaja aega.
Lihtne lahendus tüübikontrolli jaoks oleks nõuda kasutajalt kõigi muutujate tüüpide defineerimist, kuid see nõuaks temalt lisatööd, mis on aga vastuolus ProveIt’i eesmärgiga. Järelikult tuleb lisaks tüübikontrollile realiseerida ka tüübituletus ehk programm, mis üritab ise kõigi muutujate tüüpe määrata. Selleks, et teha tüübituletust defineerisime me kõigepealt tüübisüsteemi ProveIt’i keele jaoks. Andsime tüübireeglid aritmeetiliste avaldiste, juhuslikult hulgast valimise ja omistamise jaoks. Funktsioonide ja loogiliste avaldiste tüüpimine ei ole käesoleva bakalaureusetöö skoobis, kuid need on vajalikud osad ProveIt’ile täieliku tüüpija lisamiseks. Lisaks tüübisüsteemi ja tüübireeglite kirjeldamisele kuulus käesoleva bakalaureuse töö juurde aritmeetiliste avaldiste tüüpimise realiseerimine ja ProveIt’ile lisamine. Selle jaoks on töös antud kuus algoritmi. Arendusvahenditena valisime Qt raamistiku ja programmeerimiskeele C++. Otsustasime keele C++ kasuks, sest ProveIt on selles keeles kirjutatud, ning see võimaldab ühildamise lihtsamaks muuta.This thesis introduces types into the ProveIt language, making it possible to perform type inference and type checking. The ProveIt language is a is a probabilistic program language used in ProveIt, a tool that helps cryptographers prove cryptographic protocols in a game-based way in the computational model. The work begins by explaining the necessary background knowledge: the computational model, game-based proving, the ProveIt prover tool and the ProveIt language. How they work and why they are relevant is also described.
Introducing types into ProveIt allows further guarantee the correctness and providing better help to the user. Knowing that the user is tying to find the square root of a banana and where, might save a lot of his or her time. Although it would be easier to demand the user to state all the types for all the variables and only perform type checking, we decide not to do so and instead infer the types. This is done because our goal is to make the proving process as convenient for the user as possible.
To do type inference, the work starts with defining the formal type system for the ProveIt language. Type rules for all the arithmetic operations available in ProveIt are provided and also type rules for the uniform choice statement and the assignment statement. Adding rules for typing functions and logical expressions is not in the scope of this thesis and is considered future work.
In addition to the type system description, type checking and type inference were implemented. To do that, the thesis first deals with the scopes of the variables in ProveIt, as it has both local and global variables. Secondly, the relations between types are covered, including the need and means to find lowest common ancestors in directed acyclic graphs. This is necessary to be able to find the minimal common supertype if an arithmetic operation was performed between variables of different types. Next, the concepts of a minimum and a maximum type are introduced to make type inference easier and also be able to output better error messages. Finally six algorithms are given to complete the type inference and type checking
Formal Verification of ElGamal Encryption using a Probabilistic Lambda-Calculus
Game-based proofs are a common technique used to verify cryptographic constructions. Such proofs consist of a sequence of games where each transition from one game to the next can be individually verified. However, as more and more increasingly complex proofs are being published, even such transitions are often non-trivial. Moreover, games are frequently described informally or just in some ad-hoc pseudocode and may be understood differently than originally intended by the authors, or underlying assumptions may not be made explicit.
For this reason, Backes et al. developed a new formal language at the chair of Information Security and Cryptography
at the Universit ̈at des Saarlandes. This language supports most cryptographic primitives typically used in such games and is intended to provide a formal standard to model them. Furthermore it has been implemented on top of the proof assistant Isabelle/HOL, such that it is possible to use Isabelle’s logic to formally verify game transitions.
The goal of this thesis is to provide a first application of this language to a real-world cryptographic construction by using it to formally verify the security of the well-known ElGamal encryption scheme. For this, we use the language to model the scheme as well as the desired security properties and the necessary assumptions. Next, we find appropriate game transformations in the language and formally prove their validity. Finally we show how to use these transformations to achieve a fully formalized game-based proof of the security of ElGamal
High-level Cryptographic Abstractions
The interfaces exposed by commonly used cryptographic libraries are clumsy,
complicated, and assume an understanding of cryptographic algorithms. The
challenge is to design high-level abstractions that require minimum knowledge
and effort to use while also allowing maximum control when needed.
This paper proposes such high-level abstractions consisting of simple
cryptographic primitives and full declarative configuration. These abstractions
can be implemented on top of any cryptographic library in any language. We have
implemented these abstractions in Python, and used them to write a wide variety
of well-known security protocols, including Signal, Kerberos, and TLS.
We show that programs using our abstractions are much smaller and easier to
write than using low-level libraries, where size of security protocols
implemented is reduced by about a third on average. We show our implementation
incurs a small overhead, less than 5 microseconds for shared key operations and
less than 341 microseconds (< 1%) for public key operations. We also show our
abstractions are safe against main types of cryptographic misuse reported in
the literature
A Formalization of Polytime Functions
We present a deep embedding of Bellantoni and Cook's syntactic
characterization of polytime functions. We prove formally that it is correct
and complete with respect to the original characterization by Cobham that
required a bound to be proved manually. Compared to the paper proof by
Bellantoni and Cook, we have been careful in making our proof fully contructive
so that we obtain more precise bounding polynomials and more efficient
translations between the two characterizations. Another difference is that we
consider functions on bitstrings instead of functions on positive integers.
This latter change is motivated by the application of our formalization in the
context of formal security proofs in cryptography. Based on our core
formalization, we have started developing a library of polytime functions that
can be reused to build more complex ones.Comment: 13 page
- …