An attack on a recursive authentication protocol. A cautionary tale
Information Processing Letters
A calculus for cryptographic protocols
Information and Computation
Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)
TCS '00 Proceedings of the International Conference IFIP on Theoretical Computer Science, Exploring New Frontiers of Theoretical Informatics
A composable cryptographic library with nested operations
Proceedings of the 10th ACM conference on Computer and communications security
Symmetric Encryption in a Simulatable Dolev-Yao Style Cryptographic Library
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
On the security of public key protocols
SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
Computational soundness of observational equivalence
Proceedings of the 15th ACM conference on Computer and communications security
A Computationally Sound Mechanized Prover for Security Protocols
IEEE Transactions on Dependable and Secure Computing
Computational Semantics for First-Order Logical Analysis of Cryptographic Protocols
Formal to Practical Security
Computational soundness for key exchange protocols with symmetric encryption
Proceedings of the 16th ACM conference on Computer and communications security
Computational soundness without protocol restrictions
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
Symbolic and computational models are the two families of models for rigorously analysing security protocols. Symbolic models are abstract but offer a high level of automation while computational models are more precise but security proof can be tedious. Since the seminal work of Abadi and Rogaway, a new direction of research aims at reconciling the two views and many soundness results establish that symbolic models are actually sound w.r.t. computational models. This is however not true for the prominent case of encryption. Indeed, all existing soundness results assume that the adversary only uses honestly generated keys. While this assumption is acceptable in the case of asymmetric encryption, it is clearly unrealistic for symmetric encryption. In this paper, we provide with several examples of attacks that do not show-up in the classical Dolev-Yao model, and that do not break the IND-CPA nor INT-CTXT properties of the encryption scheme. Our main contribution is to show the first soundness result for symmetric encryption and arbitrary adversaries. We consider arbitrary indistinguishability properties and an unbounded number of sessions. This result relies on an extension of the symbolic model, while keeping standard security assumptions: IND-CPA and IND-CTXT for the encryption scheme.