Modeling and Reasoning about an Attacker with Cryptanalytical Capabilities

Authors:
Bruno Montalto;Carlos Caleiro
Affiliations:
Department of Computer Science, Information Security Group, ETH Zürich, Switzerland and SQIG - Instituto de Telecomunicações, Department of Mathematics, IST, TU Lisbon, Portugal;SQIG - Instituto de Telecomunicações, Department of Mathematics, IST, TU Lisbon, Portugal
Venue:
Electronic Notes in Theoretical Computer Science (ENTCS)
Year:
2009

Citing 15
Cited 0

A new polynomial-time algorithm for linear programming

Combinatorica
A probabilistic poly-time framework for protocol analysis

CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Cryptography: Theory and Practice

Cryptography: Theory and Practice
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks

SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Relating Symbolic and Cryptographic Secrecy

IEEE Transactions on Dependable and Secure Computing
Computational soundness for standard assumptions of formal cryptography

Computational soundness for standard assumptions of formal cryptography
A Computationally Sound Mechanized Prover for Security Protocols

SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Cryptographically Sound Theorem Proving

CSFW '06 Proceedings of the 19th IEEE workshop on Computer Security Foundations
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)

Journal of Cryptology
A framework for analyzing probabilistic protocols and its application to the Partial Secrets Exchange

Theoretical Computer Science
Lagrange multipliers and maximum information leakage in different observational models

Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Cryptographically-Sound Protocol-Model Abstractions

CSF '08 Proceedings of the 2008 21st IEEE Computer Security Foundations Symposium
Estimating the maximum information leakage

International Journal of Information Security
A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol

IEEE Journal on Selected Areas in Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a probabilistic framework for the analysis of security protocols. The proposed framework allows one to model and reason about attackers that extend the usual Dolev-Yao adversary with explicit probabilistic statements representing properties of cryptographic primitives and the attacker's (partial) information about secret messages. The expressive power of these probabilistic statements is illustrated, namely by representing a standard security notion like indistinguishability under chosen plaintext attacks. We present an entropy-based approach to estimate the probability of a successful attack on a protocol given the prescribed knowledge of the attacker. We prove that, for an attacker whose knowledge increases with the security parameter, computing this quantity is NP-hard in the security parameter. However, we are still able to analyze a few meaningful and illustrative examples. Finally, we obtain a result which may be used to prove that a certain amount of probabilistic knowledge (about the properties of the cryptography being used) is not enough for allowing an attacker to correctly uncover a secret with non-negligible probability.