262 research outputs found
Automated Reasoning for Equivalences in the Applied Pi Calculus with Barriers
International audienceObservational equivalence allows us to study important security properties such as anonymity. Unfortunately, the difficulty of proving observational equivalence hinders analysis. Blanchet, Abadi & Fournet simplify its proof by introducing a sufficient condition for observational equivalence , called diff-equivalence, which is a reachability condition that can be proved automatically by ProVerif. However, diff-equivalence is a very strong condition, which often does not hold even if observational equivalence does. In particular, when proving equivalence between processes that contain several parallel components, e.g., P | Q and P | Q , diff-equivalence requires that P is equivalent to P and Q is equivalent to Q. To relax this constraint, Delaune, Ryan & Smyth introduced the idea of swapping data between parallel processes P and Q at synchronisation points, without proving its soundness. We extend their work by formalising the semantics of synchronisation, formalising the definition of swapping, and proving its soundness. We also relax some restrictions they had on the processes to which swapping can be applied. Moreover, we have implemented our results in ProVerif. Hence, we extend the class of equivalences that can be proved automatically. We showcase our results by analysing privacy in election schemes by Fujioka, Okamoto & Ohta and Lee et al., and in the vehicular ad-hoc network by Freudiger et al
Engineering Resilient Collective Adaptive Systems by Self-Stabilisation
Collective adaptive systems are an emerging class of networked computational
systems, particularly suited in application domains such as smart cities,
complex sensor networks, and the Internet of Things. These systems tend to
feature large scale, heterogeneity of communication model (including
opportunistic peer-to-peer wireless interaction), and require inherent
self-adaptiveness properties to address unforeseen changes in operating
conditions. In this context, it is extremely difficult (if not seemingly
intractable) to engineer reusable pieces of distributed behaviour so as to make
them provably correct and smoothly composable.
Building on the field calculus, a computational model (and associated
toolchain) capturing the notion of aggregate network-level computation, we
address this problem with an engineering methodology coupling formal theory and
computer simulation. On the one hand, functional properties are addressed by
identifying the largest-to-date field calculus fragment generating
self-stabilising behaviour, guaranteed to eventually attain a correct and
stable final state despite any transient perturbation in state or topology, and
including highly reusable building blocks for information spreading,
aggregation, and time evolution. On the other hand, dynamical properties are
addressed by simulation, empirically evaluating the different performances that
can be obtained by switching between implementations of building blocks with
provably equivalent functional properties. Overall, our methodology sheds light
on how to identify core building blocks of collective behaviour, and how to
select implementations that improve system performance while leaving overall
system function and resiliency properties unchanged.Comment: To appear on ACM Transactions on Modeling and Computer Simulatio
Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR
International audienceExclusive-or (XOR) operations are common in cryptographic protocols, in particular in RFID protocols and electronic payment protocols. Although there are numerous applications , due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR.The TAMARIN prover is a state-of-the-art verification tool for cryptographic protocols in the symbolic model. In this paper, we improve the underlying theory and the tool to deal with an equational theory modeling XOR operations. The XOR theory can be freely combined with all equational theories previously supported, including user-defined equational theories. This makes TAMARIN the first tool to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs
Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif
International audienceProVerif is an automatic symbolic protocol verifier. It supports a wide range of cryptographic primitives, defined by rewrite rules or by equations. It can prove various security properties: secrecy, authentication, and process equivalences, for an unbounded message space and an unbounded number of sessions. It takes as input a description of the protocol to verify in a dialect of the applied pi calculus, an extension of the pi calculus with cryptography. It automatically translates this protocol description into Horn clauses and determines whether the desired security properties hold by resolution on these clauses. This survey presents an overview of the research on ProVerif
DeepSec: Deciding Equivalence Properties for Security Protocols -- Improved theory and practice
Automated verification has become an essential part in the security
evaluation of cryptographic protocols. In this context privacy-type properties
are often modelled by indistinguishability statements, expressed as behavioural
equivalences in a process calculus. In this paper we contribute both to the
theory and practice of this verification problem. We establish new complexity
results for static equivalence, trace equivalence and labelled bisimilarity and
provide a decision procedure for these equivalences in the case of a bounded
number of protocol sessions. Our procedure is the first to decide trace
equivalence and labelled bisimilarity exactly for a large variety of
cryptographic primitives -- those that can be represented by a subterm
convergent destructor rewrite system. We also implemented the procedure in a
new tool, DeepSec. We showed through extensive experiments that it is
significantly more efficient than other similar tools, while at the same time
raises the scope of the protocols that can be analysed.Comment: 104 page
Verification of Stateful Cryptographic Protocols with Exclusive OR
International audienceIn cryptographic protocols, in particular RFID protocols, exclusive-or (XOR) operations are common. Due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR. In this paper, we improve the TAMARIN prover and its underlying theory to deal with an equational theory modeling XOR operations. The XOR theory can be combined with all equational theories previously supported, including user-defined equational theories. This makes TAMARIN the first verification tool for cryptographic protocols in the symbolic model to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs
DEEPSEC: Deciding Equivalence Properties in Security Protocols Theory and Practice
We study the automated verification of behavioural equivalences in the applied pi calculus, an essential problem in formal, symbolic analysis of cryptographic protocols. We establish new complexity results for static equivalence, trace equivalence and labelled bisimilarity and propose a new decision procedure for these equivalences. Our procedure is the first tool to decide trace equivalence and labelled bisimilarity exactly for a family of equational theories, namely those that can be represented by a subterm convergent destructor rewrite system. Finally, we implement the procedure in a new tool, called Deepsec and demonstrate the applicability of the tool on several case studies
- …