A Hybrid Analysis for Security Protocols with State

Ramsdell, John D.; Dougherty, Daniel J.; Guttman, Joshua D.; Rowe, Paul D.

doi:10.1007/978-3-319-10181-1_17

Cited by 14 publications

(11 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attestation Protocols. Finally, works such as [2,6,4,13] study the properties of attestation protocols, typically protocols that use a TPM to report on integrity evidence provided by measurement agents. They tend to focus on the cryptographic protections required to secure the evidence as it is sent over a network.…”

Section: Related Workmentioning

confidence: 99%

Bundling Evidence for Layered Attestation

Rowe

2016

Trust and Trustworthy Computing

Self Cite

View full text Add to dashboard Cite

Systems designed with measurement and attestation in mind are often layered, with the lower layers measuring the layers above them. Attestations of such systems, which we call layered attestations, must bundle together the results of a diverse set of application-specific measurements of various parts of the system. Some methods of layered attestation are more trustworthy than others, so it is important for system designers to understand the trust consequences of different system configurations. This paper presents a formal framework for reasoning about layered attestations, and provides generic reusable principles for achieving trustworthy results.

show abstract

Section: Related Workmentioning

confidence: 99%

Bundling Evidence for Layered Attestation

Rowe

2016

Trust and Trustworthy Computing

Self Cite

View full text Add to dashboard Cite

show abstract

“…Using our new version of the TAMARIN prover we have been able to also check vote privacy (modeled as an equivalence property) and furthermore eligibility (modeled as a trace property). -We also verified the Okamoto e-voting protocol [26] which relies on trapdoor commitments to achieve receipt-freeness. Voter anonymity of this protocol was previously analyzed using the AKISS tool, but we provide the first automated proof of receipt-freeness for this protocol, which was previously only shown manually [16] 1 .…”

Section: Introductionmentioning

confidence: 90%

“…The need for additional normal-form conditions will become apparent with the following example using the equational theory for trapdoor commitments, needed for instance in Okamoto's voting protocol [26]. Trapdoor commitments are commitments that can be opened to return a different value than the one initially committed, using a special trapdoor.…”

Section: Further Restrictions -Normal Form Conditionsmentioning

confidence: 99%

“…The Okamoto protocol [26] is similar to the FOO protocol, but it uses trapdoor commitments and it involves a timeliness member (i.e., a trusted third party) to achieve Receipt-Freeness. Receipt-Freeness means that a voter cannot construct a receipt proving to somebody else that he voted for a certain candidate, in order to prevent votebuying.…”

Section: The Okamoto Protocolmentioning

confidence: 99%

“…The most usual primitives are encryption and signatures, either symmetric or asymmetric, and cryptographic hash functions. Some security goals may however require more advanced primitives: digital cash may rely on blind signatures to ensure anonymity [21], e-voting protocols may use trapdoor commitments [26] or plaintext equivalence tests [23] to achieve receiptfreeness, and verifiability may rely on zero-knowledge proofs [23,1].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Beyond Subterm-Convergent Equational Theories in Automated Verification of Stateful Protocols

Dreier

Duménil

Kremer

et al. 2017

Lecture Notes in Computer Science

View full text Add to dashboard Cite

The TAMARIN prover is a state-of-the-art protocol verification tool. It supports verification of both trace and equivalence properties, a rich protocol specification language that includes support for global, mutable state and allows the user to specify cryptographic primitives as an arbitrary subterm convergent equational theory, in addition to several built-in theories, which include, among others, Diffie-Hellman exponentiation. In this paper, we improve the underlying theory and the tool to allow for more general user-specified equational theories: our extension supports arbitrary convergent equational theories that have the finite variant property, making TAMARIN the first tool to support at the same time this large set of user-defined equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties. We demonstrate the effectiveness of this generalization by analyzing several protocols that rely on blind signatures, trapdoor commitment schemes, and ciphertext prefixes that were previously out of scope.

show abstract