Automatically checking commitment protocols in ProVerif without false attacks

Tom Chothia; Ben Smyth; Christopher Staite

doi:10.1007/978-3-662-46666-7_8

Automatically checking commitment protocols in ProVerif without false attacks

Tom Chothia, Ben Smyth, Christopher Staite

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

8 Citations (Scopus)

123 Downloads (Pure)

Abstract

ProVerif over-approximates the attacker’s power to enable verification of processes under replication. Unfortunately, this results in ProVerif finding false attacks. This problem is particularly common in protocols whereby a participant commits to a particular value and later reveals their value. We introduce a method to reduce false attacks when analysing secrecy. First, we show how inserting phases into non- replicated processes enables a more accurate translation to Horn clauses which avoids some false attacks. Secondly, we generalise our methodology to processes under replication. Finally, we demonstrate the applicability of our technique by analysing BlueTooth Simple Pairing. Moreover, we propose a simplification of this protocol that achieves the same security goal.

Original language	English
Title of host publication	Principles of Security and Trust
Subtitle of host publication	4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings
Editors	Riccardo Focardi, Andrew Myers
Publisher	Springer
Pages	137-155
Volume	9036
ISBN (Electronic)	9783662466667
ISBN (Print)	9783662466650
DOIs	https://doi.org/10.1007/978-3-662-46666-7_8
Publication status	Published - 11 Apr 2015
Event	4th International Conference on Principles of Security and Trust (POST) - London, United Kingdom Duration: 11 Apr 2015 → 17 Apr 2015

Publication series

Name	Lecture Notes in Computer Science
Volume	9036
ISSN (Print)	0302-9743

Conference

Conference	4th International Conference on Principles of Security and Trust (POST)
Country/Territory	United Kingdom
City	London
Period	11/04/15 → 17/04/15

Access to Document

10.1007/978-3-662-46666-7_8

Automatically_Checking_Commitment_Protocols_in_ProVerif_without_False_AttacksAccepted author manuscript, 373 KBLicence: None: All rights reserved

Cite this

Chothia, T., Smyth, B., & Staite, C. (2015). Automatically checking commitment protocols in ProVerif without false attacks. In R. Focardi, & A. Myers (Eds.), Principles of Security and Trust : 4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings (Vol. 9036 , pp. 137-155). (Lecture Notes in Computer Science; Vol. 9036). Springer. https://doi.org/10.1007/978-3-662-46666-7_8

Chothia, Tom ; Smyth, Ben ; Staite, Christopher. / Automatically checking commitment protocols in ProVerif without false attacks. Principles of Security and Trust : 4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings. editor / Riccardo Focardi ; Andrew Myers . Vol. 9036 Springer, 2015. pp. 137-155 (Lecture Notes in Computer Science).

@inproceedings{0b6683a236604ae688fdb1eb6277a8b7,

title = "Automatically checking commitment protocols in ProVerif without false attacks",

abstract = "ProVerif over-approximates the attacker{\textquoteright}s power to enable verification of processes under replication. Unfortunately, this results in ProVerif finding false attacks. This problem is particularly common in protocols whereby a participant commits to a particular value and later reveals their value. We introduce a method to reduce false attacks when analysing secrecy. First, we show how inserting phases into non- replicated processes enables a more accurate translation to Horn clauses which avoids some false attacks. Secondly, we generalise our methodology to processes under replication. Finally, we demonstrate the applicability of our technique by analysing BlueTooth Simple Pairing. Moreover, we propose a simplification of this protocol that achieves the same security goal.",

author = "Tom Chothia and Ben Smyth and Christopher Staite",

year = "2015",

month = apr,

day = "11",

doi = "10.1007/978-3-662-46666-7_8",

language = "English",

isbn = "9783662466650 ",

volume = "9036 ",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "137--155",

editor = "{ Focardi}, Riccardo and {Myers }, {Andrew }",

booktitle = "Principles of Security and Trust",

note = "4th International Conference on Principles of Security and Trust (POST) ; Conference date: 11-04-2015 Through 17-04-2015",

}

Chothia, T, Smyth, B & Staite, C 2015, Automatically checking commitment protocols in ProVerif without false attacks. in R Focardi & A Myers (eds), Principles of Security and Trust : 4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings. vol. 9036 , Lecture Notes in Computer Science, vol. 9036, Springer, pp. 137-155, 4th International Conference on Principles of Security and Trust (POST), London, United Kingdom, 11/04/15. https://doi.org/10.1007/978-3-662-46666-7_8

Automatically checking commitment protocols in ProVerif without false attacks. / Chothia, Tom; Smyth, Ben; Staite, Christopher.

Principles of Security and Trust : 4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings. ed. / Riccardo Focardi; Andrew Myers . Vol. 9036 Springer, 2015. p. 137-155 (Lecture Notes in Computer Science; Vol. 9036).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Automatically checking commitment protocols in ProVerif without false attacks

AU - Chothia, Tom

AU - Smyth, Ben

AU - Staite, Christopher

PY - 2015/4/11

Y1 - 2015/4/11

N2 - ProVerif over-approximates the attacker’s power to enable verification of processes under replication. Unfortunately, this results in ProVerif finding false attacks. This problem is particularly common in protocols whereby a participant commits to a particular value and later reveals their value. We introduce a method to reduce false attacks when analysing secrecy. First, we show how inserting phases into non- replicated processes enables a more accurate translation to Horn clauses which avoids some false attacks. Secondly, we generalise our methodology to processes under replication. Finally, we demonstrate the applicability of our technique by analysing BlueTooth Simple Pairing. Moreover, we propose a simplification of this protocol that achieves the same security goal.

AB - ProVerif over-approximates the attacker’s power to enable verification of processes under replication. Unfortunately, this results in ProVerif finding false attacks. This problem is particularly common in protocols whereby a participant commits to a particular value and later reveals their value. We introduce a method to reduce false attacks when analysing secrecy. First, we show how inserting phases into non- replicated processes enables a more accurate translation to Horn clauses which avoids some false attacks. Secondly, we generalise our methodology to processes under replication. Finally, we demonstrate the applicability of our technique by analysing BlueTooth Simple Pairing. Moreover, we propose a simplification of this protocol that achieves the same security goal.

UR - http://www.cs.bham.ac.uk/~tpc/projects/falseattacks/

U2 - 10.1007/978-3-662-46666-7_8

DO - 10.1007/978-3-662-46666-7_8

M3 - Conference contribution

SN - 9783662466650

VL - 9036

T3 - Lecture Notes in Computer Science

SP - 137

EP - 155

BT - Principles of Security and Trust

A2 - Focardi, Riccardo

A2 - Myers , Andrew

PB - Springer

T2 - 4th International Conference on Principles of Security and Trust (POST)

Y2 - 11 April 2015 through 17 April 2015

ER -

Chothia T, Smyth B, Staite C. Automatically checking commitment protocols in ProVerif without false attacks. In Focardi R, Myers A, editors, Principles of Security and Trust : 4th International Conference, POST 2015, Held as Part of the European Joint Conferences on Theory and Practice of Software, ETAPS 2015, London, UK, April 11-18, 2015, Proceedings. Vol. 9036 . Springer. 2015. p. 137-155. (Lecture Notes in Computer Science). doi: 10.1007/978-3-662-46666-7_8

Automatically checking commitment protocols in ProVerif without false attacks

Abstract

Publication series

Conference

Access to Document

Fingerprint

Cite this