DEEPSEC: Deciding Equivalence Properties in Security Protocols Theory and Practice

@article{Cheval2018DEEPSECDE,
  title={DEEPSEC: Deciding Equivalence Properties in Security Protocols Theory and Practice},
  author={Vincent Cheval and Steve Kremer and Itsaka Rakotonirina},
  journal={2018 IEEE Symposium on Security and Privacy (SP)},
  year={2018},
  pages={529-546}
}
Automated verification has become an essential part in the security evaluation of cryptographic protocols. [] Key Method Our procedure is the first to decide trace equivalence and labelled bisimilarity exactly for a large variety of cryptographic primitives—those that can be represented by a subterm convergent destructor rewrite system. We implemented the procedure in a new tool, DEEPSEC. We showed through extensive experiments that it is significantly more efficient than other similar tools, while at the…

Figures from this paper

POR for Security Protocol Equivalences
TLDR
This paper recast trace equivalence as a reachability problem, to which persistent and sleep set techniques can be applied, and shows how to effectively apply these results in the context of symbolic execution.
POR for Security Protocol Equivalences: Beyond Action-Determinism
TLDR
This paper recast trace equivalence as a reachability problem, to which persistent and sleep set techniques can be applied, and shows how to effectively apply these results in the context of symbolic execution.
A Decidable Class of Security Protocols for Both Reachability and Equivalence Properties
TLDR
A new decidable class of security protocols is identified, both for reachability and equivalence properties, and many protocols of the literature belong to this class, including for example some of the protocols embedded in the biometric passport.
The hitchhiker's guide to decidability and complexity of equivalence properties in security protocols (technical report)
TLDR
This work surveys decidability and complexity results for the automated verification of such equivalences in process calculi, casting existing results in a common framework which allows for a precise comparison.
The Hitchhiker's Guide to Decidability and Complexity of Equivalence Properties in Security Protocols
TLDR
A unified view is provided on decidability and complexity results for the automated verification of such equivalences in process calculi, casting existing results in a common framework which allows for a precise comparison.
Trace Equivalence and Epistemic Logic to Express Security Properties
TLDR
The purpose is to bridge the gap between an intuitive security notion and the formulation of a formalism, and it is proved that trace equivalence is a congruence and a security property expressed using trace equivalences is preserved by application of contexts.
On the semantics of communications when verifying equivalence properties
TLDR
This work introduces and study a new semantics, where internal communications are allowed but messages are always eavesdropped by the attacker, and identifies two subclasses of protocols for which the three semantics coincide.
Exploiting Symmetries When Proving Equivalence Properties for Security Protocols
TLDR
This paper develops optimisation techniques for verifying equivalences, exploiting symmetries between the two processes under study, and demonstrates that they provide a significant (several orders of magnitude) speed-up in practice, thus increasing the size of the protocols that can be analysed fully automatically.
Verifpal: Cryptographic Protocol Analysis for the Real World
TLDR
Through Verifpal, it is shown that advanced verification with formalized semantics and sound logic can exist without any expense towards the convenience of real-world practitioners.
Verifpal: Cryptographic Protocol Analysis for Students and Engineers
TLDR
Through Verifpal, it is shown that advanced verification with formalized semantics and sound logic can exist without any expense towards the convenience of real-world practitioners.
...
1
2
3
4
...

References

SHOWING 1-10 OF 44 REFERENCES
Partial Order Reduction for Security Protocols
TLDR
This paper provides reduced transition systems that optimally eliminate redundant traces, and which are adequate for model-checking trace equivalence properties of protocols by means of symbolic execution, and implements these reductions in the tool Apte.
Automated Verification of Equivalence Properties of Cryptographic Protocols
TLDR
A novel procedure to verify equivalence properties for bounded number of sessions able to verify trace equivalence for determinate cryptographic protocols and can handle a large set of cryptographic primitives, namely those which can be modeled by an optimally reducing convergent rewrite system.
Deciding equivalence-based properties using constraint solving
Trace equivalence decision: negative tests and non-determinism
TLDR
A calculus that is close to the applied pi calculus and that allows one to capture most existing protocols that rely on classical cryptographic primitives is given, and a symbolic semantics for this calculus relying on constraint systems to represent infinite sets of possible traces is proposed.
From Security Protocols to Pushdown Automata
TLDR
The translation from protocols to pushdown automata is implemented, yielding the first tool that decides equivalence of (some class of) protocols, for an unbounded number of sessions, and it is shown that checking for equivalences of protocols is actually equivalent to checking for interchangeability of generalized, real-time deterministic push down automata.
Automated verification of selected equivalences for security protocols
TLDR
This work focuses on proving equivalences P/spl ap/Q in which P and Q are two processes that differ only in the choice of some terms, and shows how to treat them as predicates on the behaviors of a process that represents P andQ at the same time.
SPEC: An Equivalence Checker for Security Protocols
TLDR
This paper gives an overview of SPEC and discusses techniques to reduce the size of bisimulations, utilising up-to techniques developed for the spi-calculus, implemented in the Bedwyr logic programming language.
Automated Reasoning for Equivalences in the Applied Pi Calculus with Barriers
  • B. Blanchet, B. Smyth
  • Computer Science
    2016 IEEE 29th Computer Security Foundations Symposium (CSF)
  • 2016
TLDR
The class of equivalences that can be proved automatically by ProVerif are extended, including privacy in election schemes by Fujioka, Okamoto & Ohta and Lee et al., and in the vehicular ad-hoc network by Freudiger et al.
A Method for Verifying Privacy-Type Properties: The Unbounded Case
TLDR
The problem of verifying anonymity and unlinkability in the symbolic model, where protocols are represented as processes in a variant of the applied pi calculus notably used in the ProVerif tool, is considered, and two conditions on protocols are designed which are sufficient to ensure anonymity andunlinkability.
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols
TLDR
The most effective approach so far has been automated falsification or verification of such protocols with state-of-the-art tools such as ProVerif or the Avispa tools, which have shown to be effective at finding attacks on protocols or establishing correctness of protocols.
...
1
2
3
4
5
...