A cryptographically sound Dolev-Yao style security proof of an electronic payment system

Proceedings of the Computer Security Foundations Workshop

Volumn , Issue , 2005, Pages 78-93

  Backes, Michael ^a   Dürmuth, Markus ^b  

^a IBM RESEARCH ZURICH   (Switzerland)

^b Arbeitsgruppe Systemsicherheit   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; MATHEMATICAL MODELS; NETWORK PROTOCOLS; POLYNOMIALS; THEOREM PROVING;

DOLEV-YAO MODEL; ELECTRONIC PAYMENT SYSTEM;

SECURITY OF DATA;

EID: 28144458018     PISSN: 10636900     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (58)

1. M. Abadi and A. D. Gordon. A calculus for cryptographic protocols: The spi calculus. Information and Computation, 148(1): 1-70, 1999.
2. M. Abadi and J. Jürjens. Formal eavesdropping and its computational interpretation. In Proc. 4th International Symposium on Theoretical Aspects of Computer Software (TACS), pages 82-94, 2001.
3. M. Abadi and P. Rogaway. Reconciling two views of cryptography: The computational soundness of formal encryption. In Proc. 1st IFIP International Conference on Theoretical Computer Science, volume 1872 of LNCS, pages 3-22. Springer, 2000.
4. N. Asokan, P. Janson, M. Steiner, and M. Waidner. State of the art in electronic payment systems. Advances in Computers, 43:425-449, 2000.
5. M. Backes. A cryptographically sound Dolev-Yao style security proof of the Otway-Rees protocol. In Proc. 9th European Symposium on Research in Computer Security (ESORICS), volume 3193 of LNCS, pages 89-108. Springer, 2004.
6. M. Backes and C. Jacobi. Cryptographically sound and machine-assisted verification of security protocols. In Proc. 20th Annual Symposium on Theoretical Aspects of Computer Science (STACS), volume 2607 of LNCS, pages 675-686. Springer, 2003.
7. M. Backes and B. Pfitzmann. A Cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol. In Proc. 23rd Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), pages 1-12, 2003.
8. M. Backes, B. Pfitzmann, and M. Waidner. A composable cryptographic library with nested operations (extended abstract). In Proc. 10th ACM Conference on Computer and Communications Security, pages 220-230, 2003. Full version in IACR Cryptology ePrint Archive 2003/015, Jan. 2003, http://eprint.iacr.org/.
9. M. Backes, B. Pfitzmann, and M. Waidner. Secure asynchronous reactive systems. IACR Cryptology ePrint Archive 2004/082, Mar. 2004.
10. D. Beaver. Secure multiparty protocols and zero knowledge proof systems tolerating a faulty minority. Journal of Cryptology, 4(2):75-122, 1991.
11. G. Bella, F. Massacci, L. C. Paulson, and P. Tramontano. Formal verification of cardholder registration in SET. In Proc. 6th European Symposium on Research in Computer Security (ESORICS), volume 1895 of LNCS, pages 159-174. Springer, 2000.
12. G. Bella, L. C. Paulson, and F. Massacci. The verification of an industrial payment protocol: the SET purchase phase. In Proc. 9th ACM Conference on Computer and Communications Security, pages 12-20, 2002.
13. M. Bellare, J. A. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, E. V. Herreweghen, and M. Waidner. Design, implementation and deployment of the iKP secure electronic payment system. IEEE Journal on Selected Areas in Communications, 18(4):611-627, 2000.
14. M. Bellare, J. A. Garay, R. Hauser, A. Herzberg, H. Krawczyk, M. Steiner, G. Tsudik, and M. Waidner. iKP - A family of secure electronic payment protocols. In Proceedings of the First Usenix Workshop on Electronic Commerce, 1995.
15. M. Bellare and P. Rogaway. Entity authentication and key distribution. In Advances in Cryptology: CRYPTO '93, volume 773 of LNCS, pages 232-249. Springer, 1994.
16. D. Bolignano. Towards the formal verification of electronic commerce protocols. In Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pages 133-146, 1997.
17. S. Brackin. Automatic formal analyses of two large commercial protocols. In Proc. DIMACS Workshop on Design and Formal Verification of Security Protocols, 1997.
18. M. Burrows, M. Abadi, and R. Needham. A logic for authentication. Technical Report 39, SRC DIGITAL, 1990.
19. R. Canetti. Security and composition of multiparty cryptographic protocols. Journal of Cryptology, 3(1): 143-202, 2000.
20. R. Canetti. Universally composable security: A new paradigm for cryptographic protocols. In Proc. 42nd IEEE Symposium on Foundations of Computer Science (FOCS), pages 136-145, 2001. Extended version in Cryptology ePrint Archive, Report 2000/67, http://eprint.iacr.org/.
21. R. Canetti, O. Goldreich, and S. Halevi. The random oracle methodology, revisited. In Proc. 30th Annual ACM Symposium on Theory of Computing (STOC), pages 209-218, 1998.
22. R. Canetti and J. Herzog. Universally composable symbolic analysis of cryptographic protocols (the case of encryption-based mutual authentication and key exchange). Cryptology ePrint Archive, Report 2004/334, 2004. http://eprint. iacr.org/.
23. D. Chaum. Blind signatures for untraceable payments. In Advances in Cryptology: CRYPTO'82, pages 199-203, 1983.
24. D. Chaum. Security without identification: Transaction systems to make Big Brother obsolete. Communications of the ACM, 28:1030-1044, 1985.
25. D. Chaum. Online cash checks. In Advances in Cryptology: EUROCRYPT'89, volume 434 of LNCS, pages 288-293, 1989.
26. D. Chaum, B. den Boer, E. van Heyst, S. F. Mjolsnes, and A. Steenbeek. Efficient offline electronic checks (extended abstract). In Advances in Cryptology: EUROCRYPT'89, volume 434 of LNCS, pages 294-301, 1989.
27. D. Chaum, A. Fiat, and M. Naor. Untraceable electronic cash. In Advances in Cryptology: CRYPTO'88, volume 403 of LNCS, pages 319-327, 1988.
28. R. Cramer and I. Damgård. New generation of secure and practical RSA-based signatures, In Advances in Cryptology: CRYPTO '96, volume 1109 of LNCS, pages 173-185. Springer, 1996.
29. D. Dolev and A. C. Yao. On the security of public key protocols. IEEE Transactions on Information Theory, 29(2): 198-208, 1983.
30. C. Dwork and M. Naor. An efficient existentially unforgeable signature scheme and its applications. Journal of Cryptology, 11 (3):187-208, 1998.
31. O. Goldreich, S. Micali, and A. Wigderson. How to play any mental game - or - a completeness theorem for protocols with honest majority. In Proc. 19th Annual ACM Symposium on Theory of Computing (STOC), pages 218-229, 1987.
32. S. Goldwasser and L. Levin. Fair computation of general functions in presence of immoral majority. In Advances in Cryptology: CRYPTO '90, volume 537 of LNCS, pages 77-93. Springer, 1990.
33. S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270-299, 1984.
34. S. Goldwasser, S. Micali, and R. L. Rivest. A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal on Computing, 17(2):281-308, 1988.
35. J. Herzog. Computational soundness of formal adversaries. Master Thesis, 2002.
36. J. Herzog, M. Liskov, and S. Micali. Plaintext awareness via key registration. In Advances in Cryptology: CRYPTO 2003, volume 2729 of LNCS, pages 548-564. Springer, 2003.
37. R. Impagliazzo and B. M. Kapron. Logics for reasoning about cryptographic constructions. In Proc. 44th IEEE Symposium on Foundations of Computer Science (FOCS), pages 372-381, 2003.
38. R. Kailar. Reasoning about accountability in protocols for electronic commerce. In Proc. 16th IEEE Symposium on Security & Privacy, pages 236-250, 1995.
39. R. Kemmerer. Analyzing encryption protocols using formal verification techniques. IEEE Journal on Selected Areas in Communications, 7(4):448-457, 1989.
40. V. Kessler and H. Neumann. A sound logic for analysing electronic commerce protocols. In Proc. 5th European Symposium on Research in Computer Security (ESORICS), volume 1485 of LNCS, pages 345-360. Springer, 1998.
41. P. Laud. Semantics and program analysis of computationally secure information flow. In Proc. 10th European Symposium on Programming (ESOP), pages 77-91, 2001.
42. P. Lincoln, J. Mitchell, M. Mitchell, and A. Scedrov. A probabilistic poly-time framework for protocol analysis. In Proc. 5th ACM Conference on Computer and Communications Security, pages 112-121, 1998.
43. G. Lowe. Casper: A compiler for the analysis of security protocols. In Proc. 10th IEEE Computer Security Foundations Workshop (CSFW), pages 18-30, 1997.
44. C. Meadows. Using narrowing in the analysis of key management protocols. In Proc. 10th IEEE Symposium on Security & Privacy, pages 138-147, 1989.
45. C. Meadows and P. Syverson. A formal specification of requirements for payment transactions in the SET protocol. In Proc. 2nd Financial Cryptography Conference (FC), volume 1465 of LNCS, pages 122-140. Springer, 1998.
46. S. Micali and P. Rogaway. Secure computation. In Advances in Cryptology: CRYPTO '91, volume 576 of LNCS, pages 392-404. Springer, 1991.
47. D. Micciancio and B. Warinschi. Soundness of formal encryption in the presence of active adversaries. In Proc. 1st Theory of Cryptography Conference (TCC), volume 2951 of LNCS, pages 133-151. Springer, 2004.
48. J. K. Millen. The interrogator: A tool for cryptographic protocol security. In Proc. 5th IEEE Symposium on Security & Privacy, pages 134-141, 1984.
49. J. Mitchell, M. Mitchell, and A. Scedrov. A linguistic characterization of bounded oracle computation and probabilistic polynomial time. In Proc. 39th IEEE Symposium on Foundations of Computer Science (FOCS), pages 725-733, 1998.
50. J. Mitchell, M. Mitchell, A. Scedrov, and V. Teague. A probabilistic polynominal-time process calculus for analysis of cryptographic protocols (preliminary report). Electronic Notes in Theoretical Computer Science, 47:1-31, 2001.
51. T. Okamoto and K. Ohta. Universal electronic cash. In Advances in Cryptology: CRYPTO '91, volume 576 of LNCS, pages 324-337. Springer, 1992.
52. L. Paulson. The inductive approach to verifying cryptographic protocols. Journal of Cryptology, 6(1):85-128, 1998.
53. B. Pfitzmann, M. Schunter, and M. Waidner. How to break another "provably secure" payment system. In Advances in Cryptology: EUROCRYPT '95, volume 921 of LNCS, pages 121-132. Springer, 1995.
54. B. Pfitzmann and M. Waidner. How to break and repair a "provably secure" untraceable payment system. In Advances in Cryptology: CRYPTO '91, volume 576 of LNCS, pages 338-350. Springer, 1992.
55. B. Pfitzmann and M. Waidner. Composition and integrity preservation of secure reactive systems. In Proc. 7th ACM Conference on Computer and Communications Security, pages 245-254, 2000.
56. B. Pfitzmann and M. Waidner. A model for asynchronous reactive systems and its application to secure message transmission. In Proc. 22nd IEEE Symposium on Security & Privacy, pages 184-200, 2001. Extended version of the model (with Michael Backes) IACR Cryptology ePrint Archive 2004/082.
57. D. X. Song, S. Berezin, and A. Perrig. Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security, 9(1/2):47-74, 2001.
58. A. C. Yao. Protocols for secure computations. In Proc. 23rd IEEE Symposium on Foundations of Computer Science (FOCS), pages 160-164, 1982.