Deciding knowledge in security protocols under some e-voting theories

In the last decade, formal methods have proved their interest when analyzing security protocols. Security protocols require in particular to reason about the attacker knowledge. Two standard notions are often considered in formal approaches: deducibility and indistinguishability relations. The first notion states whether an attacker can learn the value of a secret, while the latter states whether an attacker can notice some difference between protocol runs with different values of the secret. Several decision procedures have been developed so far for both notions but none of them can be applied in the context of e-voting protocols, which require dedicated cryptographic primitives. In this work, we show that both deduction and indistinguishability are decidable in polynomial time for two theories modeling the primitives of e-voting protocols

Deciding knowledge in security protocols under some e-voting theories

In the last decade, formal methods have proved their interest when analyzing security protocols. Security protocols require in particular to reason about the attacker knowledge. Two standard notions are often considered in formal approaches: deducibility and indistinguishability relations. The first notion states whether an attacker can learn the value of a secret, while the latter states whether an attacker can notice some difference between protocol runs with different values of the secret. Several decision procedures have been developed so far for both notions but none of them can be applied in the context of e-voting protocols, which require dedicated cryptographic primitives. In this work, we show that both deduction and indistinguishability are decidable in polynomial time for two theories modeling the primitives of e-voting protocols

Formal analysis of a private access control protocol to a cloud storage

International audienceCloud storage provides an attractive solution for many organizations and enterprises due to its features such as scalability, availability and reduced costs. However, storing data in the cloud is challenging if we want to ensure data security and user privacy. To address these security issues cryptographic protocols are usually used. Such protocols rely on cryptographic primitives which have to guarantee some security properties such that data and user privacy or authentication. Attribute-Based Signature (ABS) and Attribute-Based Encryption (ABE) are very adapted for storing data on an untrusted remote entity. In this work, we enhance the security of cloud storage systems through a formal analysis of a cloud storage protocol based on ABS and ABE schemes. We clarify several ambiguities in the design of this protocol and model the protocol and its security properties with ProVerif an automatic tool for the verification of cryptographic protocols. We discover an unknown attack against user privacy in the Ruj et al. protocol. We propose a correction, and automatically prove the security of the corrected protocol with ProVerif

Formal Analyze of a Private Access Control Protocol to a Cloud Storage

International audienceKeywords: Cloud storage, formal methods, attribute based signature, attribute based encryption, data and user privacy. Abstract: Storing data in the Cloud makes challenging data's security and users' privacy. To address these problems cryptographic protocols are usually designed. Cryptographic primitives have to guarantee some security properties such that data and user privacy or authentication. Attribute-Based Signature (ABS) and Attribute-Based Encryption (ABE) are very suitable for storing data on an untrusted remote entity. In this work, we formally analyze the Ruj et al. protocol of cloud storage based on ABS and ABE schemes. We clarify several ambiguities in the design of this protocol and model the protocol and its security properties with ProVerif an automatic tool for the verification of cryptographic protocols. We discover an unknown attack against user privacy. We propose a correction, and automatically prove the security of the corrected protocol with ProVerif