8 research outputs found
A framework for automatically checking anonymity with μ CRL
We present a powerful and flexible method for automatically checking anonymity in a possibilistic general-purpose process algebraic verification toolset. We propose new definitions of a choice anonymity degree and a player anonymity degree, to quantify the precision with which an intruder is able to single out the true originator of a given event or to associate the right event to a given protocol participant. We show how these measures of anonymity can be automatically calculated from a protocol specification in µCRL, by using a combination of dedicated tools and existing state-of-the-art µCRL tools. To illustrate the flexibility of our method we test the Dining Cryptographers problem and the FOO 92 voting protocol. Our definitions of anonymity provide an accurate picture of the different ways that anonymity can break down, due for instance to coallitions of inside intruders. Our calculations can be performed on a cluster of machines, allowing us to check protocols for large numbers of participants
Verification of GossipSub in ACL2s
GossipSub is a popular new peer-to-peer network protocol designed to
disseminate messages quickly and efficiently by allowing peers to forward the
full content of messages only to a dynamically selected subset of their
neighboring peers (mesh neighbors) while gossiping about messages they have
seen with the rest. Peers decide which of their neighbors to graft or prune
from their mesh locally and periodically using a score for each neighbor.
Scores are calculated using a score function that depends on mesh-specific
parameters, weights and counters relating to a peer's performance in the
network. Since a GossipSub network's performance ultimately depends on the
performance of its peers, an important question arises: Is the score
calculation mechanism effective in weeding out non-performing or even
intentionally misbehaving peers from meshes? We answered this question in the
negative in our companion paper by reasoning about GossipSub using our formal,
official and executable ACL2s model. Based on our findings, we synthesized and
simulated attacks against GossipSub which were confirmed by the developers of
GossipSub, FileCoin, and Eth2.0, and publicly disclosed in MITRE
CVE-2022-47547. In this paper, we present a detailed description of our model.
We discuss design decisions, security properties of GossipSub, reasoning about
the security properties in context of our model, attack generation and lessons
we learnt when writing it.Comment: In Proceedings ACL2-2023, arXiv:2311.0837
Automated Reasoning for Equivalences in the Applied Pi Calculus with Barriers
International audienceObservational equivalence allows us to study important security properties such as anonymity. Unfortunately, the difficulty of proving observational equivalence hinders analysis. Blanchet, Abadi & Fournet simplify its proof by introducing a sufficient condition for observational equivalence , called diff-equivalence, which is a reachability condition that can be proved automatically by ProVerif. However, diff-equivalence is a very strong condition, which often does not hold even if observational equivalence does. In particular, when proving equivalence between processes that contain several parallel components, e.g., P | Q and P | Q , diff-equivalence requires that P is equivalent to P and Q is equivalent to Q. To relax this constraint, Delaune, Ryan & Smyth introduced the idea of swapping data between parallel processes P and Q at synchronisation points, without proving its soundness. We extend their work by formalising the semantics of synchronisation, formalising the definition of swapping, and proving its soundness. We also relax some restrictions they had on the processes to which swapping can be applied. Moreover, we have implemented our results in ProVerif. Hence, we extend the class of equivalences that can be proved automatically. We showcase our results by analysing privacy in election schemes by Fujioka, Okamoto & Ohta and Lee et al., and in the vehicular ad-hoc network by Freudiger et al