Vertical protocol composition

Proceedings - IEEE Computer Security Foundations Symposium

Volumn , Issue , 2011, Pages 235-250

  Groß, Thomas ^a   Mödersheim, Sebastian ^b  

^a IBM RESEARCH ZURICH   (Switzerland)

^b TECHNICAL UNIVERSITY OF DENMARK   (Denmark)

Author keywords

Compositional Reasoning; Secure Channels

Indexed keywords

VIRTUAL PRIVATE NETWORKS;

APPLICATION PROTOCOLS; CHANNEL PROTOCOLS; COMPOSABILITY; COMPOSITIONAL REASONING; END-POINTS; KEY-EXCHANGE; PROTOCOL COMPOSITION; SECURE BROWSERS; SECURE CHANNELS; SYMBOLIC MODELING;

SEEBECK EFFECT;

EID: 80052687004     PISSN: 19401434     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CSF.2011.23     Document Type: Conference Paper

References (38)

1. G. Lowe, "Breaking and fixing the needham-schroeder publickey protocol using fdr," in TACAS, ser. Lecture Notes in Computer Science, T. Margaria and B. Steffen, Eds., vol. 1055. Springer, 1996, pp. 147-166.
2. A. Armando, D. A. Basin, Y. Boichut, Y. Chevalier, L. Compagna, J. Cuéllar, P. H. Drielsma, P.-C. Héam, O. Kouchnarenko, J. Mantovani, S. Mödersheim, D. Von Oheimb, M. Rusinowitch, J. Santiago, M. Turuani, L. Viganò, and L. Vigneron, "The avispa tool for the automated validation of internet security protocols and applications," in CAV, ser. Lecture Notes in Computer Science, K. Etessami and S. K. Rajamani, Eds., vol. 3576. Springer, 2005, pp. 281-285.
3. L. C. Paulson, "Inductive analysis of the internet protocol TLS," ACM Transactions on Information and System Security, vol. 2, no. 3, pp. 332-351, 1999.
4. N. A. Durgin, P. D. Lincoln, J. C. Mitchell, and A. Scedrov, "Undecidability of bounded security protocols," in Proc. of the Workshop on Formal Methods and Security Protocols (FMSP'99), Jul. 1999.
5. M. Rusinowitch and M. Turuani, "Protocol insecurity with a finite number of sessions, composed keys is np-complete,"Theor. Comput. Sci., vol. 1-3, no. 299, pp. 451-475, 2003.
6. B. Blanchet, "An Efficient Cryptographic Protocol Verifier Based on Prolog Rules," in 14th IEEE Computer Security Foundations Workshop (CSFW-14). Cape Breton, Nova Scotia, Canada: IEEE Computer Society, Jun. 2001, pp. 82-96.
7. S. Escobar, C. Meadows, and J. Meseguer, "Maude-npa: Cryptographic protocol analysis modulo equational properties,"in FOSAD, ser. Lecture Notes in Computer Science, A. Aldini, G. Barthe, and R. Gorrieri, Eds., vol. 5705. Springer, 2007, pp. 1-50.
8. A. Datta, A. Derek, J. C. Mitchell, and D. Pavlovic, "Secure protocol composition," in FMSE, M. Backes and D. A. Basin, Eds. ACM, 2003, pp. 11-23.
9. V. Cortier and S. Delaune, "Safely composing security protocols,"Formal Methods in System Design, vol. 34, no. 1, pp. 1-36, 2009.
10. S. Ciobâca and V. Cortier, "Protocol composition for arbitrary primitives," in CSF. IEEE Computer Society, 2010, pp. 322-336.
11. J. D. Guttman and F. J. Thayer, "Protocol independence through disjoint encryption," in CSFW, 2000, pp. 24-34.
12. T. Dierks and C. Allen, "RFC 2246: The TLS protocol,"Jan. 1999, status: Standards Track. [Online]. Available: ftp://ftp.rfc-editor.org/in- notes/rfc2246.txt
13. S. Mödersheim and L. Viganò, "Secure pseudonymous channels,"in ESORICS, ser. Lecture Notes in Computer Science, M. Backes and P. Ning, Eds., vol. 5789. Springer, 2009, pp. 337-354.
14. E. Rescorla, M. Ray, S. Dispensa, and N. Oskov, "Transport layer security (TLS) renegotiation indication extension,"http://tools.ietf.org/ html/rfc5746, Feb. 2010, http://tools.ietf.org/html/rfc5746.
15. M. Ray and S. Dispensa, "Renegotiating TLS,"http://www. phonefactor.com/sslgapdocs/Renegotiating TLS.pdf, Nov. 2009, http://www.phonefactor.com/sslgapdocs/Renegotiating-TLS.pdf.
16. T. Groß and S. Mödersheim, "Vertical protocol composition (extended version)," IBM Research, IBM Research Report RZ3803, Apr. 2011, http://domino.research.ibm.com/library/cyberdig.nsf/index.html.
17. AVISPA, "The Intermediate Format," Automated Validation of Internet Security Protocols and Applications (AVISPA), Deliverable D2.3, 2003, http://www.avispa-project.org/delivs/2.3/d2-3.pdf.
18. F. Baader and T. Nipkow, Term Rewriting and All That. Cambridge University Press, 1998.
19. M. Bellare and P. Rogaway, "Entity authentication and key distribution," in 93, D. R. Stinson, Ed., vol. 773, 1994, pp. 232-249.
20. -, "Provably secure session key distribution - the three party case," in Proceedings of the 27th Annual Symposium on Theory of Computing (STOC). ACM Press, May 1995, pp. 57-66.
21. G. Lowe, "A hierarchy of authentication specifications."IEEE Computer Society Press, 1997, pp. 31-43.
22. J. Heather, G. Lowe, and S. Schneider, "How to prevent type flaw attacks on security protocols," Journal of Computer Security, vol. 11, no. 2, pp. 217-244, 2003.
23. V. Shoup, "On formal models for secure key exchange," IBM Research, Research Report RZ 3120 (#93166), Apr. 1999, version 4, November 1999, available from http://www.shoup.net/papers/.
24. B. Pfitzmann and M. Waidner, "A model for asynchronous reactive systems and its application to secure message transmission,"Oakland, CA, May 2001, pp. 184-200.
25. R. Canetti, "Universally composable security: A new paradigm for cryptographic protocols," IACR Cryptology ePrint Archive, ePrint Report 2000/067, 2000, http://eprint.iacr.org/.
26. R. Canetti and H. Krawczyk, "Universally composable notions of key exchange and secure channels," Report 2002/059, May 2002.
27. S. Gajek, M. Manulis, O. Pereira, A.-R. Sadeghi, and J. Schwenk, "Universally composable security analysis of TLS-secure sessions with handshake and record layer protocols,"IACR Cryptology ePrint Archive, ePrint Report 2008/251, 2008, http://eprint.iacr.org/.
28. A. Datta, A. Derek, J. C. Mitchell, and A. Roy, "Protocol composition logic (pcl)," Electr. Notes Theor. Comput. Sci., vol. 172, pp. 311-358, 2007.
29. J. D. Guttman, "Cryptographic protocol composition via the authentication tests," in FOSSACS, ser. Lecture Notes in Computer Science, L. de Alfaro, Ed., vol. 5504. Springer, 2009, pp. 303-317.
30. S. Escobar, C. Meadows, J. Meseguer, and S. Santiago, "Sequential protocol composition in maude-npa," in ESORICS, ser. Lecture Notes in Computer Science, D. Gritzalis, B. Preneel, and M. Theoharidou, Eds., vol. 6345. Springer, 2010, pp. 303-318.
31. H. Gao, F. Nielson, and H. R. Nielson, "Protocol stacks for services," in Proc. of the Workshop on Foundations of Computer Security (FCS), Jul. 2009.
32. J. D. Guttman, "Security goals and protocol transformations,"in Theory of Security and Applications (TOSCA'11), 2011, to appear.
33. M. Abadi and P. Rogaway, "Reconciling two views of cryptography (the computational soundness of formal encryption),"J. Cryptology, vol. 20, no. 3, p. 395, 2007.
34. V. Cortier and S. Delaune, "A method for proving observational equivalence," in CSF. IEEE Computer Society, 2009, pp. 266-276.
35. V. Cortier and B. Warinschi, "Computationally sound, automated proofs for security protocols," in ESOP, ser. Lecture Notes in Computer Science, S. Sagiv, Ed., vol. 3444. Springer, 2005, pp. 157-171.
36. M. Backes, B. Pfitzmann, and M. Waidner, "A universally composable cryptographic library," IACR, Cryptology ePrint Archive Report 2003/015, Jan. 2003. [Online]. Available: http://eprint.iacr.org/2003/015
37. -, "The reactive simulatability (RSIM) framework for asynchronous systems," IACR, Cryptology ePrint Archive Report 2004/082, 2004, http://eprint.iacr.org/. [Online]. Available: http://eprint.iacr.org/2004/082
38. C. Sprenger, M. Backes, D. A. Basin, B. Pfitzmann, and M. Waidner, "Cryptographically sound theorem proving," in CSFW. IEEE Computer Society, 2006, pp. 153-166.