Dynamic types for authentication

Authors:
Michele Bugliesi;Riccardo Focardi;Matteo Maffei
Affiliations:
-;-;Dipartimento di Informatica, Università Ca' Foscari di Venezia, Via Torino 155, I-30172 Mestre (Ve), Italy. E-mail: {michele,focardi,maffei}@dsi.unive.it
Venue:
Journal of Computer Security - Formal Methods in Security Engineering Workshop (FMSE 04)
Year:
2007

Citing 25
Cited 8

A lesson on authentication protocol design

ACM SIGOPS Operating Systems Review
Prudent Engineering Practice for Cryptographic Protocols

IEEE Transactions on Software Engineering
A calculus for cryptographic protocols

Information and Computation
Secrecy by typing in security protocols

Journal of the ACM (JACM)
Strand spaces: proving security protocols correct

Journal of Computer Security
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Authentication tests and the structure of bundles

Theoretical Computer Science
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Secrecy types for asymmetric communication

Theoretical Computer Science - Foundations of software science and computation structures
Proof Techniques for Cryptographic Processes

LICS '99 Proceedings of the 14th Annual IEEE Symposium on Logic in Computer Science
A Hierarchy of Authentication Specifications

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Protocol Independence through Disjoint Encryption

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols

CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
A Semantic Model for Authentication Protocols

SP '93 Proceedings of the 1993 IEEE Symposium on Security and Privacy
Authenticity by typing for security protocols

Journal of Computer Security - Special issue on CSFW14
A compositional logic for proving security properties of protocols

Journal of Computer Security - Special issue on CSFW14
Authenticity by tagging and typing

Proceedings of the 2004 ACM workshop on Formal methods in security engineering
Secure protocol composition

Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Inferring authentication tags

WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Formal specification and analysis of the group domain of interpretation protocol using NPATRL and the NRL protocol analyzer

Journal of Computer Security - Special issue on ACM conference on computer and communications security, 2001
Analysis of Typed Analyses of Authentication Protocols

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Secrecy despite compromise: types, cryptography, and the pi-calculus

CONCUR 2005 - Concurrency Theory
Types and effects for asymmetric cryptographic protocols

Journal of Computer Security - Special issue on CSFW15
Verification of cryptographic Protocols: tagging enforces termination

FOSSACS'03/ETAPS'03 Proceedings of the 6th International conference on Foundations of Software Science and Computation Structures and joint European conference on Theory and practice of software
Private authentication

PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies

A calculus of challenges and responses

Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Type-checking zero-knowledge

Proceedings of the 15th ACM conference on Computer and communications security
Automatic verification of correspondences for security protocols

Journal of Computer Security
Ubiquitous verification of ubiquitous systems

SEUS'10 Proceedings of the 8th IFIP WG 10.2 international conference on Software technologies for embedded and ubiquitous systems
Type-based automated verification of authenticity in asymmetric cryptographic protocols

ATVA'11 Proceedings of the 9th international conference on Automated technology for verification and analysis
Logical foundations of secure resource management in protocol implementations

POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Noninterference in a predicative polymorphic calculus for access control

Computer Languages, Systems and Structures
Union, intersection and refinement types and reasoning about type disjointness for secure protocol implementations

Journal of Computer Security - Foundational Aspects of Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a type and effect system for authentication protocols built upon a tagging scheme that formalizes the intended semantics of ciphertexts. The main result is that the validation of each component in isolation is provably sound and fully compositional: if all the protocol participants are independently validated, then the protocol as a whole guarantees authentication in the presence of Dolev-Yao intruders possibly sharing long term keys with honest principals. Protocols are thus validated in the presence of both malicious outsiders and compromised insiders. The highly compositional nature of the analysis makes it suitable for multi-protocol systems, where different protocols might be executed concurrently.