Modeling and Verification of Privacy Enhancing Protocols

Authors:
Suriadi Suriadi;Chun Ouyang;Jason Smith;Ernest Foo
Affiliations:
Queensland University of Technology, Australia;Queensland University of Technology, Australia;Queensland University of Technology, Australia;Queensland University of Technology, Australia
Venue:
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Year:
2009

Citing 15
Cited 0

A logic of authentication

ACM Transactions on Computer Systems (TOCS)
Coloured Petri nets (2nd ed.): basic concepts, analysis methods and practical use: volume 1

Coloured Petri nets (2nd ed.): basic concepts, analysis methods and practical use: volume 1
Communicating and mobile systems: the &pgr;-calculus

Communicating and mobile systems: the &pgr;-calculus
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
Key Distribution Protocol for Digital Mobile Communication Systems

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A brief history of process algebra

Theoretical Computer Science - Process algebra
Modeling and verification of cryptographic protocols using coloured petri nets and design/CPN

Nordic Journal of Computing
Static validation of security protocols

Journal of Computer Security
Another Look at "Provable Security"

Journal of Cryptology
Coloured Petri Nets and CPN Tools for modelling and validation of concurrent systems

International Journal on Software Tools for Technology Transfer (STTT)
Flicker: an execution infrastructure for tcb minimization

Proceedings of the 3rd ACM SIGOPS/EuroSys European Conference on Computer Systems 2008
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols

CAV '08 Proceedings of the 20th international conference on Computer Aided Verification
A User-Centric Protocol for Conditional Anonymity Revocation

TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
A user-centric federated single sign-on system

Journal of Network and Computer Applications

Quantified Score

Hi-index	0.00

Visualization

Abstract

Privacy enhancing protocols (PEPs) are a family of protocols that allow secure exchange and management of sensitive user information. They are important in preserving users' privacy in today's open environment. Proof of the correctness of PEPs is necessary before they can be deployed. However, the traditional provable security approach, though well established for verifying cryptographic primitives, is not applicable to PEPs. We apply the formal method of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various security properties of PIEMCP using state space analysis techniques. This investigation provides us with preliminary insights for modeling and verification of PEPs in general, demonstrating the benefit of applying the CPN-based formal approach to proving the correctness of PEPs.