SPOOC: On communication models when verifying equivalence properties

On communication models when verifying equivalence properties

Kushal Babel, Vincent Cheval, and Steve Kremer. On communication models when verifying equivalence properties. In Proceedings of the 6th International Conference on Principles of Security and Trust (POST'17), pp. 141–163, Lecture Notes in Computer Science 10204, Springer, Uppsala, Sweden, April 2017.
doi:10.1007/978-3-662-54455-6

Download

[PDF] [PDF (long version)] [HTML]

Abstract

The Tamarin prover is a state-of-the-art protocol verification tool. It supports verification of both trace and equivalence properties, a rich protocol specification language that includes support for global, mutable state and allows the user to specify cryptographic primitives as an arbitrary subterm convergent equational theory, in addition to several built-in theories, which include, among others, Diffie-Hellman exponentiation.
In this paper, we improve the underlying theory and the tool to allow for more general user-specified equational theories: our extension supports arbitrary convergent equational theories that have the finite variant property, making Tamarin the first tool to support at the same time this large set of user-defined equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties. We demonstrate the effectiveness of this generalization by analyzing several protocols that rely on blind signatures, trapdoor commitment schemes, and ciphertext prefixes that were previously out of scope.

BibTeX

@inproceedings{DDKS-post17,
  abstract =	 {The Tamarin prover is a state-of-the-art protocol
                  verification tool. It supports verification of both
                  trace and equivalence properties, a rich protocol
                  specification language that includes support for
                  global, mutable state and allows the user to specify
                  cryptographic primitives as an arbitrary subterm
                  convergent equational theory, in addition to several
                  built-in theories, which include, among others,
                  Diffie-Hellman exponentiation.\par In this paper, we
                  improve the underlying theory and the tool to allow
                  for more general user-specified equational theories:
                  our extension supports arbitrary convergent
                  equational theories that have the finite variant
                  property, making Tamarin the first tool to support
                  at the same time this large set of user-defined
                  equational theories, protocols with global mutable
                  state, an unbounded number of sessions, and complex
                  security properties. We demonstrate the
                  effectiveness of this generalization by analyzing
                  several protocols that rely on blind signatures,
                  trapdoor commitment schemes, and ciphertext prefixes
                  that were previously out of scope.},
  address =	 {Uppsala, Sweden},
  author =	 {Babel, Kushal and Cheval, Vincent and Kremer, Steve},
  booktitle =	 {{P}roceedings of the 6th International Conference on
                  Principles of Security and Trust (POST'17)},
  pages =	 {117--140},
  month =	 apr,
  series =	 {Lecture Notes in Computer Science},
  volume =	 10204,
  publisher =	 {Springer},
  doi =		 {10.1007/978-3-662-54455-6},
  pages =	 {141--163},
  title =	 {On communication models when verifying equivalence
                  properties},
  year =	 2017,
  acronym =	 {{POST}'17},
  nmonth =	 4,
  url =		 {https://hal.inria.fr/hal-01450898/},
}