Verifying Privacy-Type Properties in a Modular Way

Arapinis, Myrto and Cheval, Vincent and Delaune, Stéphanie (2012) Verifying Privacy-Type Properties in a Modular Way. In: Cortier, Véronique and Zdancewic, Steve, eds. 2012 IEEE 25th Computer Security Foundations Symposium. IEEE pp. 95-109. ISBN 978-1-4673-1918-8. E-ISBN 978-0-7695-4718-3. (doi:https://doi.org/10.1109/CSF.2012.16) (Full text available)

PDF - Publisher pdf
Download (288kB) Preview
[img]
Preview
PDF (The long version of the paper) - Supplemental Material
Download (541kB) Preview
[img]
Preview
Official URL
http://dx.doi.org/10.1109/CSF.2012.16

Abstract

Formal methods have proved their usefulness for analysing the security of protocols. In this setting, privacy-type security properties (e.g. vote-privacy, anonymity, unlink ability) that play an important role in many modern applications are formalised using a notion of equivalence. In this paper, we study the notion of trace equivalence and we show how to establish such an equivalence relation in a modular way. It is well-known that composition works well when the processes do not share secrets. However, there is no result allowing us to compose processes that rely on some shared secrets such as long term keys. We show that composition works even when the processes share secrets provided that they satisfy some reasonable conditions. Our composition result allows us to prove various equivalence-based properties in a modular way, and works in a quite general setting. In particular, we consider arbitrary cryptographic primitives and processes that use non-trivial else branches. As an example, we consider the ICAO e-passport standard, and we show how the privacy guarantees of the whole application can be derived from the privacy guarantees of its sub-protocols.

Item Type: Conference or workshop item (Paper)
Uncontrolled keywords: Cryptographic protocols, Formal verification, Symbolic model, Composition, Equivalence properties, Reachability properties
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 75 Electronic computers. Computer science
Q Science > QA Mathematics (inc Computing science) > QA 9 Formal systems, logics
Divisions: Faculties > Sciences > School of Computing > Security Group
Depositing User: Vincent Cheval
Date Deposited: 23 Jan 2015 11:25 UTC
Last Modified: 23 Jan 2015 11:25 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/46728 (The current URI for this page, for reference purposes)
  • Depositors only (login required):

Downloads

Downloads per month over past year