Abstract
Security protocols are used in many of our daily-life applications, and our privacy largely depends on their design. Formal verification techniques have proved their usefulness to analyse these protocols, but they become so complex that modular techniques have to be developed. We propose several results to safely compose security protocols. We consider arbitrary primitives modeled using an equational theory, and a rich process algebra close to the applied pi calculus.
Relying on these composition results, we derive some security properties on a protocol from the security analysis performed on each of its sub-protocols individually. We consider parallel composition and the case of key-exchange protocols. Our results apply to deal with confidentiality but also privacy-type properties (e.g. anonymity) expressed using a notion of equivalence. We illustrate the usefulness of our composition results on protocols from the 3G phone application and electronic passport.
The research leading to these results has received funding from the project ProSecure (ERC grant agreement n° 258865), and the ANR project VIP no 11 JS02 006 01.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
PKI for machine readable travel documents offering ICC read-only access. Technical report, International Civil Aviation Organization (2004)
3GPP. Technical specification group services and system aspects; 3G security; security architecture (release 9). Technical report, 3rd Generation Partnership Project (2010)
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proc. 28th Symposium on Principles of Programming Languages, POPL 2001 (2001)
Arapinis, M., Cheval, V., Delaune, S.: Verifying privacy-type properties in a modular way. In: Proc. 25th IEEE Computer Security Foundations Symposium, CSF 2012 (2012)
Arapinis, M., Mancini, L.I., Ritter, E., Ryan, M., Golde, N., Redon, K., Borgaonkar, R.: New privacy issues in mobile telephony: fix and verification. In: ACM Conference on Computer and Communications Security (2012)
Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Tobarra, M.L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proc. 6th ACM Workshop on Formal Methods in Security Engineering, FMSE 2008 (2008)
Armando, A., et al.: The AVANTSSAR Platform for the Automated Validation of Trust and Security of Service-Oriented Architectures. In: Flanagan, C., König, B. (eds.) TACAS 2012. LNCS, vol. 7214, pp. 267–282. Springer, Heidelberg (2012)
Barak, B., Canetti, R., Nielsen, J., Pass, R.: Universally composable protocols with relaxed set-up assumptions. In: Proc. 45th Symposium on Foundations of Computer Science, FOCS 2004 (2004)
Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming (2008)
Böhl, F., Unruh, D.: Symbolic universal composability. In: Proc. 26th Computer Security Foundations Symposium, CSF 2013 (2013)
Bruso, M., Chatzikokolakis, K., den Hartog, J.: Formal verification of privacy for RFID systems. In: Proc. 23rd Computer Security Foundations Symposium, CSF 2010 (2010)
Ciobâcă, Ş., Cortier, V.: Protocol composition for arbitrary primitives. In: Proc. of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010 (2010)
Cortier, V., Delaune, S.: Safely composing security protocols. Formal Methods in System Design 34(1), 1–36 (2009)
Groß, T., Mödersheim, S.: Vertical protocol composition. In: Proc. 24th Computer Security Foundations Symposium, CSF 2011 (2011)
Guttman, J.D., Thayer, F.J.: Protocol independence through disjoint encryption. In: Proc. 13th Computer Security Foundations Workshop, CSFW 2000 (2000)
Küsters, R., Tuengerthal, M.: Composition Theorems Without Pre-Established Session Identifiers. In: Proc. 18th Conference on Computer and Communications Security, CCS 2011 (2011)
Mödersheim, S., Viganò, L.: Secure pseudonymous channels. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 337–354. Springer, Heidelberg (2009)
Tiu, A., Dawson, J.E.: Automating open bisimulation checking for the spi calculus. In: Proc. 23rd Computer Security Foundations Symposium, CSF 2010 (2010)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Arapinis, M., Cheval, V., Delaune, S. (2015). Composing Security Protocols: From Confidentiality to Privacy. In: Focardi, R., Myers, A. (eds) Principles of Security and Trust. POST 2015. Lecture Notes in Computer Science(), vol 9036. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-46666-7_17
Download citation
DOI: https://doi.org/10.1007/978-3-662-46666-7_17
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-46665-0
Online ISBN: 978-3-662-46666-7
eBook Packages: Computer ScienceComputer Science (R0)