Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols

Blanchet, Bruno

doi:10.1109/csf.2017.7

Cited by 36 publications

(27 citation statements)

References 40 publications

(38 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The only protocol that we fail to address is the avionic protocol [11] as it requires to prove an injective property. We plan to explore how to (soundly) improve the treatment of disequalities for injective queries in ProVerif, as we did for non injective queries.…”

Section: Conclusion and Discussionmentioning

confidence: 99%

“…Several protocols include counters (e.g. Yubikey [34], avionic protocols [11]) and their security rely on the fact that a counter cannot take twice the same value. In voting protocols, the voting server typically maintains a table that contains the list of voters that have voted so far, which can be crucial when revotes are forbidden [21].…”

Section: Introductionmentioning

confidence: 99%

“…To our knowledge, we provide the first automatic proof in ProVerif of protocols with a true representation of counters. In previous approaches, counters were abstracted by fresh nonces or by arbitrary values controlled by the attacker (avionic protocol [11]).…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Little More Conversation, a Little Less Action, a Lot More Satisfaction: Global States in ProVerif

Cheval

Cortier

Turuani

2018

2018 IEEE 31st Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

ProVerif is a popular tool for the fully automatic analysis of security protocols, offering very good support to detect flaws or prove security. One exception is the case of protocols with global states such as counters, tables, or more generally, memory cells. ProVerif fails to analyse such protocols, due to its internal abstraction. Our key idea is to devise a generic transformation of the security properties queried to ProVerif. We prove the soundness of our transformation and implement it into a front-end GSVerif. Our experiments show that our front-end (combined with ProVerif) outperforms the few existing tools, both in terms of efficiency and protocol coverage. We successfully apply our tool to a dozen of protocols of the literature, yielding the first fully automatic proof of a security API and a payment protocol of the literature.

show abstract

Section: Conclusion and Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Little More Conversation, a Little Less Action, a Lot More Satisfaction: Global States in ProVerif

Cheval

Cortier

Turuani

2018

2018 IEEE 31st Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

show abstract

“…ProVerif is a state-of-the art automatic prover for security protocols. It has already been used to analyse hundreds of protocols of the literature, including TLS [24], voting protocols [25], and avionic protocols [26]. We chose an automatic tool to conduct our security analysis in order to analyse multiple corruption scenarios.…”

Section: Introductionmentioning

confidence: 99%

BeleniosVS: Secrecy and Verifiability Against a Corrupted Voting Device

Cortier¹,

Filipiak²,

Lallemand³

2019

2019 IEEE 32nd Computer Security Foundations Symposium (CSF)

View full text Add to dashboard Cite

Electronic voting systems aim at two conflicting properties, namely privacy and verifiability, while trying to minimise the trust assumptions on the various voting components. Most existing voting systems either assume trust in the voting device or in the voting server. We propose a novel remote voting scheme BeleniosVS that achieves both privacy and verifiability against a dishonest voting server as well as a dishonest voting device. In particular, a voter does not leak her vote to her voting device and she can check that her ballot on the bulletin board does correspond to her intended vote. More specifically, we assume two elections authorities: the voting server and a registrar that acts only during the setup. Then BeleniosVS guarantees both privacy and verifiability against a dishonest voting device, provided that not both election authorities are corrupted. Additionally, our scheme guarantees receipt-freeness against an external adversary. We provide a formal proof of privacy, receipt-freeness, and verifiability using the tool ProVerif, covering a hundred cases of threat scenarios. Proving verifiability required to develop a set of sufficient conditions, that can be handled by ProVerif. This contribution is of independent interest. Going-to-tally(id, cred, b) ∧ valid(b) Voter(id, cred , l) ∧ open(b) ∈ V. Individual verifiability. When a voter id successfully verifies that her vote v is counted, then there is a valid ballot b, registered for id, that contains v. Verified(id, v) Going-to-tally(id, cred, b) ∧ valid(b) ∧ v = open(b).

show abstract

“…Since its beginning in 80s, a lot of progress has been done in this area, and it is now a common good practice to formally analyse protocols using symbolic techniques in order to spot flaws possibly before their deployment, as it was recently done e.g. in TLS 1.3 [7,17], or for an avionic protocol [9].…”

Section: Introductionmentioning

confidence: 99%

Symbolic Verification of Distance Bounding Protocols

Debant

Delaune

2019

Lecture Notes in Computer Science

View full text Add to dashboard Cite

With the proliferation of contactless applications, obtaining reliable information about distance is becoming an important security goal, and specific protocols have been designed for that purpose. These protocols typically measure the round trip time of messages and use this information to infer a distance. Formal methods have proved their usefulness when analysing standard security protocols such as confidentiality or authentication protocols. However, due to their abstract communication model, existing results and tools do not apply to distance bounding protocols. In this paper, we consider a symbolic model suitable to analyse distance bounding protocols, and we propose a new procedure for analysing (a bounded number of sessions of) protocols in this model. The procedure has been integrated in the Akiss tool and tested on various distance bounding and payment protocols (e.g. MasterCard, NXP).

show abstract

Symbolic and Computational Mechanized Verification of the ARINC823 Avionic Protocols

Cited by 36 publications

References 40 publications

A Little More Conversation, a Little Less Action, a Lot More Satisfaction: Global States in ProVerif

A Little More Conversation, a Little Less Action, a Lot More Satisfaction: Global States in ProVerif

BeleniosVS: Secrecy and Verifiability Against a Corrupted Voting Device

Symbolic Verification of Distance Bounding Protocols

Contact Info

Product

Resources

About