556 research outputs found
Denial-of-Service Resistance in Key Establishment
Denial of Service (DoS) attacks are an increasing problem for network connected systems. Key establishment protocols are applications that are particularly vulnerable to DoS attack as they are typically required to perform computationally expensive cryptographic operations in order to authenticate the protocol initiator and to generate the cryptographic keying material that will subsequently be used to secure the communications between initiator and responder. The goal of DoS resistance in key establishment protocols is to ensure that attackers cannot prevent a legitimate initiator and responder deriving cryptographic keys without expending resources beyond a responder-determined threshold. In this work we review the strategies and techniques used to improve resistance to DoS attacks. Three key establishment protocols implementing DoS resistance techniques are critically reviewed and the impact of misapplication of the techniques on DoS resistance is discussed. Recommendations on effectively applying resistance techniques to key establishment protocols are made
On formal verification of arithmetic-based cryptographic primitives
Cryptographic primitives are fundamental for information security: they are
used as basic components for cryptographic protocols or public-key
cryptosystems. In many cases, their security proofs consist in showing that
they are reducible to computationally hard problems. Those reductions can be
subtle and tedious, and thus not easily checkable. On top of the proof
assistant Coq, we had implemented in previous work a toolbox for writing and
checking game-based security proofs of cryptographic primitives. In this paper
we describe its extension with number-theoretic capabilities so that it is now
possible to write and check arithmetic-based cryptographic primitives in our
toolbox. We illustrate our work by machine checking the game-based proofs of
unpredictability of the pseudo-random bit generator of Blum, Blum and Shub, and
semantic security of the public-key cryptographic scheme of Goldwasser and
Micali.Comment: 13 page
Towards mechanized correctness proofs for cryptographic algorithms: Axiomatization of a probabilistic Hoare style logic
In [Corin, den Hartog in ICALP 2006] we build a formal verification technique for game based correctness proofs of cryptograhic algorithms based on a probabilistic Hoare style logic [den Hartog, de Vink in IJFCS 13(3), 2002]. An important step towards enabling mechanized verification within this technique is an axiomatization of implication between predicates which is purely semantically defined in [den Hartog, de Vink in IJFCS 13(3), 2002]. In this paper we provide an axiomatization and illustrate its place in the formal verification technique of [Corin, den Hartog in ICALP 2006]
Computer-aided verification in mechanism design
In mechanism design, the gold standard solution concepts are dominant
strategy incentive compatibility and Bayesian incentive compatibility. These
solution concepts relieve the (possibly unsophisticated) bidders from the need
to engage in complicated strategizing. While incentive properties are simple to
state, their proofs are specific to the mechanism and can be quite complex.
This raises two concerns. From a practical perspective, checking a complex
proof can be a tedious process, often requiring experts knowledgeable in
mechanism design. Furthermore, from a modeling perspective, if unsophisticated
agents are unconvinced of incentive properties, they may strategize in
unpredictable ways.
To address both concerns, we explore techniques from computer-aided
verification to construct formal proofs of incentive properties. Because formal
proofs can be automatically checked, agents do not need to manually check the
properties, or even understand the proof. To demonstrate, we present the
verification of a sophisticated mechanism: the generic reduction from Bayesian
incentive compatible mechanism design to algorithm design given by Hartline,
Kleinberg, and Malekian. This mechanism presents new challenges for formal
verification, including essential use of randomness from both the execution of
the mechanism and from the prior type distributions. As an immediate
consequence, our work also formalizes Bayesian incentive compatibility for the
entire family of mechanisms derived via this reduction. Finally, as an
intermediate step in our formalization, we provide the first formal
verification of incentive compatibility for the celebrated
Vickrey-Clarke-Groves mechanism
A Formalization of Polytime Functions
We present a deep embedding of Bellantoni and Cook's syntactic
characterization of polytime functions. We prove formally that it is correct
and complete with respect to the original characterization by Cobham that
required a bound to be proved manually. Compared to the paper proof by
Bellantoni and Cook, we have been careful in making our proof fully contructive
so that we obtain more precise bounding polynomials and more efficient
translations between the two characterizations. Another difference is that we
consider functions on bitstrings instead of functions on positive integers.
This latter change is motivated by the application of our formalization in the
context of formal security proofs in cryptography. Based on our core
formalization, we have started developing a library of polytime functions that
can be reused to build more complex ones.Comment: 13 page
A Reduced Semantics for Deciding Trace Equivalence
Many privacy-type properties of security protocols can be modelled using
trace equivalence properties in suitable process algebras. It has been shown
that such properties can be decided for interesting classes of finite processes
(i.e., without replication) by means of symbolic execution and constraint
solving. However, this does not suffice to obtain practical tools. Current
prototypes suffer from a classical combinatorial explosion problem caused by
the exploration of many interleavings in the behaviour of processes.
M\"odersheim et al. have tackled this problem for reachability properties using
partial order reduction techniques. We revisit their work, generalize it and
adapt it for equivalence checking. We obtain an optimisation in the form of a
reduced symbolic semantics that eliminates redundant interleavings on the fly.
The obtained partial order reduction technique has been integrated in a tool
called APTE. We conducted complete benchmarks showing dramatic improvements.Comment: Accepted for publication in LMC
A fast and verified software stack for secure function evaluation
We present a high-assurance software stack for secure function evaluation (SFE). Our stack consists of three components: i. a verified compiler (CircGen) that translates C programs into Boolean circuits; ii. a verified implementation of Yao’s SFE protocol based on garbled circuits and oblivious transfer; and iii. transparent application integration and communications via FRESCO, an open-source framework for secure multiparty computation (MPC). CircGen is a general purpose tool that builds on CompCert, a verified optimizing compiler for C. It can be used in arbitrary Boolean circuit-based cryptography deployments. The security of our SFE protocol implementation is formally verified using EasyCrypt, a tool-assisted framework for building high-confidence cryptographic proofs, and it leverages a new formalization of garbled circuits based on the framework of Bellare, Hoang, and Rogaway (CCS 2012). We conduct a practical evaluation of our approach, and conclude that it is competitive with state-of-the-art (unverified) approaches. Our work provides concrete evidence of the feasibility of building efficient, verified, implementations of higher-level cryptographic systems. All our development is publicly available.POCI-01-0145-FEDER-006961, FCT-PD/BD/113967/2015info:eu-repo/semantics/publishedVersio
Formally based semi-automatic implementation of an open security protocol
International audienceThis paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model is then formally proved to fulfill the desired secrecy and authentication properties by using the ProVerif prover. Finally, a sound Java implementation is semi-automatically derived from the verified model using an enhanced version of the Spi2Java framework. The resulting implementation correctly interoperates with third party servers, and its execution time is comparable with that of other manually developed Java SSH-TLP client implementations. This case study demonstrates that the adopted model-driven approach is viable even for a real security protocol, despite the complexity of the models needed in order to achieve an interoperable implementation
- …