The reactive simulatability (RSIM) framework for asynchronous systems

Information and Computation

Volumn 205, Issue 12, 2007, Pages 1685-1720

  Backes, Michael ^a   Pfitzmann, Birgit ^b   Waidner, Michael ^b  

^a SAARLAND UNIVERSITY   (Germany)

^b IBM RESEARCH ZURICH   (Switzerland)

Author keywords

Composability; Cryptography; Distributed polynomial time; Formal methods; Probabilistic IO automata; Reactive systems; Security; Simulatability

Indexed keywords

FORMAL METHODS; MACHINERY; NETWORK SECURITY; POLYNOMIAL APPROXIMATION; SCHEDULING; TURING MACHINES;

COMPOSABILITY; DISTRIBUTED POLYNOMIAL TIME; PROBABILISTIC IO AUTOMATA; REACTIVE SYSTEM; SECURITY; SIMULATABILITY;

CRYPTOGRAPHY;

EID: 84855205195     PISSN: 08905401     EISSN: 10902651     Source Type: Journal    
DOI: 10.1016/j.ic.2007.05.002     Document Type: Article

References (109)

1. M. Abadi, A. D. Gordon, A calculus for cryptographic protocols: the spi calculus, Information and Computation 148 (1) (1999) 1-70. (Pubitemid 129608821)
2. M. Abadi, P. Rogaway, Reconciling two views of cryptography: the computational soundness of formal encryption, in: Proceedings of the first IFIP International Conference on Theoretical Computer Science, vol. 1872 of Lecture Notes in Computer Science, Springer, 2000, pp. 3-22.
3. M. Abadi, M. R. Tuttle, A semantics for a logic of authentication, in: Proceedings of the 10th ACM Symposium on Principles of Distributed Computing (PODC), 1991, pp. 201-216.
4. M. Backes, Cryptographically Sound Analysis of Security Protocols. Ph. D. Thesis, Universität des Saarlandes, 2002. Available from: .
5. M. Backes, A cryptographically sound Dolev-Yao style security proof of the Otway-Rees protocol, in: Proceedings of the ninth European Symposium on Research in Computer Security (ESORICS), vol. 3193 of Lecture Notes in Computer Science, Springer, 2004, pp. 89-108. (Pubitemid 39738735)
6. M. Backes, I. Cervesato, A. D. Jaggard, A. Scedrov, J.-K. Tsay, Cryptographically sound security proofs for basic and public-key Kerberos, in: Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS), Springer, 2006.
7. M. Backes, M. Dürmuth, A cryptographically sound Dolev-Yao style security proof of an electronic payment system, in: Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW), pp. 78-93, 2005. (Pubitemid 41696422)
8. M. Backes, M. Dürmuth, D. Hofheinz, R. Küsters, Conditional reactive simulatability, in: Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS), vol. 4189 in Lecture Notes in Computer Science, Springer, 2006, pp. 424-443. (Pubitemid 44609870)
9. M. Backes, D. Hofheinz, How to break and repair a universally composable signature functionality, in: Proceedings of the sixth Information Security Conference (ISC), vol. 3225 of Lecture Notes in Computer Science, Springer, 2004, pp. 61-72. (Pubitemid 39738652)
10. Extended version in IACR Cryptology ePrint Archive 2003/240, September 2003, http://eprint.iacr.org/.
11. M. Backes, D. Hofheinz, J. Mueller-Quade, D. Unruh, On fairness in simulatability-based cryptographic systems, in: Proceedings of the third ACM Workshop on Formal Methods in Security Engineering (FMSE), 2005, pp. 13-22.
12. M. Backes, C. Jacobi, Cryptographically sound and machine-assisted verification of security protocols, in: Proceedings of the 20th Annual Symposium on Theoretical Aspects of Computer Science (STACS), vol. 2607 of Lecture Notes in Computer Science, Springer, 2003, pp. 675-686.
13. M. Backes, C. Jacobi, B. Pfitzmann, Deriving cryptographically sound implementations using composition and formally verified bisimulation, in: Proceedings of the 11th Symposium on Formal Methods Europe (FME 2002), vol. 2391 of Lecture Notes in Computer Science, Springer, 2002, pp. 310-329.
14. M. Backes, P. Laud, Computationally sound secrecy proofs by mechanized flow analysis, in: Proceedings of the 13th ACM Conference on Computer and Communications Security, 2006.
15. M. Backes, B. Pfitzmann, A cryptographically sound security proof of the Needham-Schroeder-Lowe public-key protocol, in: Proceedings of the 23rd Conference on Foundations of Software Technology and Theoretical Computer Science (FSTTCS), 2003, pp. 1-12.
16. Full version in IACR Cryptology ePrint Archive 2003/121, June 2003, http://eprint.iacr.org/.
17. M. Backes, B. Pfitzmann, Intransitive non-interference for cryptographic purposes, in: Proceedings of the 24th IEEE Symposium on Security & Privacy, 2003, pp. 140-152.
18. M. Backes, B. Pfitzmann, Computational probabilistic non-interference, International Journal of Information Security 3 (1) (2004) 42-60.
19. M. Backes, B. Pfitzmann, Symmetric encryption in a simulatable Dolev-Yao style cryptographic library, in: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW), 2004, pp. 204-218.
20. M. Backes, B. Pfitzmann, Limits of the cryptographic realization of Dolev-Yao-style XOR, in: Proceedings of the 10th European Symposium on Research in Computer Security (ESORICS), vol. 3679 of Lecture Notes in Computer Science, Springer, 2005, pp. 178-196.
21. M. Backes, B. Pfitzmann, Relating symbolic and cryptographic secrecy, IEEE Transactions on Dependable and Secure Computing 2 (2) (2005) 109-123. (Pubitemid 41259860)
22. M. Backes, B. Pfitzmann, On the cryptographic key secrecy of the strengthened Yahalom protocol, in: Proceedings of the 21st IFIP TC-11 International Information Security Conference (SEC 2006), Security and Privacy in Dynamic Environments, Springer-Verlag, New York 2006, pp. 233-245. (Pubitemid 44920657)
23. M. Backes, B. Pfitzmann, A. Scedrov, Key-dependent message security under active attacks-BRSIM/UC-soundness of symbolic encryption with key cycles, in: Proceedings of the 20th IEEE Computer Security Foundations Workshop (CSFW), 2007.
24. M. Backes, B. Pfitzmann, M. Steiner, M. Waidner, Polynomial liveness, Journal of Computer Security 12 (3-4) (2004) 589-618.
25. M. Backes, B. Pfitzmann, M. Waidner, A composable cryptographic library with nested operations (extended abstract), in: Proceedings of the 10th ACM Conference on Computer and Communications Security, 2003, pp. 220-230. (Pubitemid 40673804)
26. Full version in IACR Cryptology ePrint Archive 2003/015, January 2003, http://eprint.iacr.org/.
27. M. Backes, B. Pfitzmann, M. Waidner, A general composition theorem for secure reactive systems, in: Proceedings of the first Theory of Cryptography Conference (TCC), vol. 2951 of Lecture Notes in Computer Science, Springer, 2004, pp. 336-354.
28. M. Backes, B. Pfitzmann, M. Waidner, Low-level ideal signatures and general integrity idealization, in: Proceedings of the seventh Information Security Conference (ISC), vol. 3225 of Lecture Notes in Computer Science, Springer, 2004, pp. 39-51. (Pubitemid 39738650)
29. M. Backes, B. Pfitzmann, M. Waidner, Reactively secure signature schemes, International Journal of Information Security 4 (4) (2005) 242-252. (Pubitemid 41554599)
30. M. Backes, B. Pfitzmann, M. Waidner, Symmetric authentication within a simulatable cryptographic library, International Journal of Information Security 4 (3) (2005) 135-154. (Pubitemid 40743362)
31. M. Backes, B. Pfitzmann, M. Waidner, Limits of the Reactive Simulatability/UC of Dolev-Yao models with hashes, in: Proceedings of the 11th European Symposium on Research in Computer Security (ESORICS), Lecture Notes in Computer Science. Springer, 2006.
32. Preliminary version in IACR Cryptology ePrint Archive 2006/068, February 2006, http://eprint.iacr.org/.
33. B. Barak, A. Sahai, How to play almost any mental game over the net-concurrent composition via super-polynomial simulation, in: Proceedings of the 46th IEEE Symposium on Foundations of Computer Science (FOCS), 2005, pp. 543-552. (Pubitemid 44375764)
34. D. Beaver, Secure multiparty protocols and zero knowledge proof systems tolerating a faulty minority, Journal of Cryptology 4 (2) (1991) 75-122.
35. D. Beaver, S. Haber, Cryptographic protocols provably secure against dynamic adversaries, in: Advances in Cryptology: EUROCRYPT'92, vol. 658 of Lecture Notes in Computer Science, Springer, 1992, pp. 307-323.
36. M. Bellare, R. Canetti, H. Krawczyk, A modular approach to the design and analysis of authentication and key exchange protocols, in: Proceedings of the 30th Annual ACM Symposium on Theory of Computing (STOC), 1998, pp. 419-428.
37. M. Bellare, P. Rogaway, Entity authentication and key distribution, in: Advances in Cryptology: CRYPTO'93, vol. 773 of Lecture Notes in Computer Science, Springer, 1994, pp. 232-249.
38. B. Blanchet, A computationally sound mechanized prover for security protocols, in: Proceedings of the 27th IEEE Symposium on Security & Privacy, 2006, pp. 140-154. (Pubitemid 44753719)
39. M. Blum, S. Micali, How to generate cryptographically strong sequences of pseudo-random bits, SIAM Journal on Computing 13 (4) (1984) 850-864. (Pubitemid 15510668)
40. M. Burrows, M. Abadi, R. Needham, A logic for authentication, Technical Report 39, SRC DIGITAL, 1990.
41. R. Canetti, Studies in secure multiparty computation and applications, Department of Computer Science and Applied Mathematics, The Weizmann Institute of Science, June 1995. Revised March 1996.
42. R. Canetti, Security and composition of multiparty cryptographic protocols, Journal of Cryptology 3 (1) (2000) 143-202.
43. R. Canetti, Universally composable security:anew paradigm for cryptographic protocols, in: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science (FOCS), 2001, pp. 136-145. Extended version available at . (Pubitemid 33068374)
44. R. Canetti, Universally composable security: a new paradigm for cryptographic protocols, in: Proceedings of the 42nd IEEE Symposium on Foundations of Computer Science (FOCS), 2001, pp. 136-145. (Pubitemid 33068374)
45. Extended version in Cryptology ePrint Archive, Report 2000/67, http://eprint.iacr.org/.
46. R. Canetti, Universally composable signatures, certification and authorization, in: Proceedings of the 17th IEEE Computer Security Foundations Workshop (CSFW), 2004.
47. Extended version in Cryptology ePrint Archive, Report 2003/239, http://eprint.iacr.org/.
48. R. Canetti, L. Cheung, D. K. Kaynar, M. Liskov, N. A. Lynch, O. Pereira, R. Segala, Time-bounded task-PIOAs: a framework for analyzing security protocols, in: Proceedings of the 20th International Symposium on Distributed Computing (DISC), 2006, pp. 238-253. (Pubitemid 44849714)
49. R. Canetti, M. Fischlin, Universally composable commitments, in: Advances in Cryptology: CRYPTO 2001, vol. 2139 of Lecture Notes in Computer Science, Springer, 2001, pp. 19-40. (Pubitemid 33317906)
50. R. Canetti, S. Goldwasser, Anefficient threshold public key cryptosystem secure against adaptive chosen ciphertext attack, in: Advances in Cryptology: EUROCRYPT'99, vol. 1592 of Lecture Notes in Computer Science, Springer, 1999, pp. 90-106.
51. R. Canetti, J. Herzog, Universally composable symbolic analysis of mutual authentication and key exchange protocols, in: Proceedings of the third Theory of Cryptography Conference (TCC), vol. 3876 of Lecture Notes in Computer Science, Springer, 2006, pp. 380-403. (Pubitemid 43979859)
52. R. Canetti, H. Krawczyk, Universally composable notions of key exchange and secure channels (extended abstract), in: Advances in Cryptology: EUROCRYPT 2002, vol. 2332 of Lecture Notes in Computer Science, Springer, 2002, pp. 337-351.
53. Extended version in IACR Cryptology ePrint Archive 2002/059, http://eprint.iacr.org/.
54. R. Canetti, E. Kushilevitz, Y. Lindell, On the limitations of universally composable two-party computation without set-up assumptions, in: Advances in Cryptology: EUROCRYPT 2003, vol. 2656 of Lecture Notes in Computer Science, Springer, 2003, pp. 68-86.
55. R. Canetti, Y. Lindell, R. Ostrovsky, A. Sahai, Universally composable two-party and multi-party secure computation, in: Proceedings of the 34th Annual ACM Symposium on Theory of Computing (STOC), 2002, pp. 494-503. (Pubitemid 35009410)
56. A. Datta, A. Derek, J. Mitchell, A. Ramanathan, A. Scedrov, Games and the impossibility of realizable ideal functionality, in: Proceedings of the third Theory of Cryptography Conference (TCC), Springer, 2006.
57. A. Datta, A. Derek, J. Mitchell, V. Shmatikov, M. Turuani, Probabilistic polynomial-time semantics for a protocol security logic, in: Proceedings of the 32nd International Colloquium on Automata, Languages and Programming (ICALP), vol. 3580 of Lecture Notes in Computer Science, Springer, 2005, pp. 16-29. (Pubitemid 41436087)
58. A. Datta, R. Küsters, J. C. Mitchell, A. Ramanathan, On the relationships between notions of simulation-based security, in: Proceedings of the second Theory of Cryptography Conference (TCC), vol. 3378 of Lecture Notes in Computer Science, Springer, 2005, pp. 476-494. (Pubitemid 41231179)
59. Y. Desmedt, K. Kurosawa, How to break a practical mix and design a new one, in: Advances in Cryptology: EUROCRYPT 2000, vol. 1807 of Lecture Notes in Computer Science, Springer, 2000, pp. 557-572.
60. D. Dolev, A. C. Yao, On the security of public key protocols, IEEE Transactions on Information Theory 29 (2) (1983) 198-208.
61. J. Garay, P. MacKenzie, K. Yang, Efficient and universally composable committed oblivious transfer and applications, in: Proceedings of the first Theory of Cryptography Conference (TCC), 2004, pp. 171-190.
62. R. Gennaro, S. Micali, Verifiable secret sharing as secure computation, in: Advances in Cryptology: EUROCRYPT'95, vol. 921 of Lecture Notes in Computer Science, Springer, 1995, pp. 168-182.
63. O. Goldreich, Secure multi-party computation. Department of Computer Science and Applied Mathematics, The Weizmann Institute of Science, June 1998, revised Version 1.4 October 2002. Available from: .
64. O. Goldreich, S. Micali, A. Wigderson, How to play any mental game-or-a completeness theorem for protocols with honest majority, in: Proceedings of the 19th Annual ACM Symposium on Theory of Computing (STOC), 1987, pp. 218-229. (Pubitemid 18643409)
65. S. Goldwasser, L. Levin, Fair computation of general functions in presence of immoral majority, in: Advances in Cryptology: CRYPTO'90, vol. 537 of Lecture Notes in Computer Science, Springer, 1990, pp. 77-93.
66. S. Goldwasser, S. Micali, Probabilistic encryption, Journal of Computer and System Sciences 28 (1984) 270-299.
67. S. Goldwasser, S. Micali, C. Rackoff, The knowledge complexity of interactive proof systems, SIAM Journal on Computing 18 (1) (1989) 186-207.
68. M. Hirt, U. Maurer, Player simulation and general adversary structures in perfect multiparty computation, Journal of Cryptology 13 (1) (2000) 31-60.
69. C. A. R. Hoare, Communicating sequential processes, in: International Series in Computer Science, Prentice Hall, Hemel Hempstead, 1985.
70. D. Hofheinz, J. Müller-Quade, R. Steinwandt, Initiator-resilient universally composable key exchange, in: Proceedings of the eighth European Symposium on Research in Computer Security (ESORICS), vol. 2808 of Lecture Notes in Computer Science, Springer, 2003, pp. 61-84. (Pubitemid 37311863)
71. D. Hofheinz, J. Müller-Quade, D. Unruh, Polynomial runtime in simulatability definitions, in: Proceedings of the 18th IEEE Computer Security Foundations Workshop (CSFW), 2005, pp. 156-169.
72. D. Hofheinz, D. Unruh, Comparing two notions of simulatability, in: Proceedings of the second Theory of Cryptography Conference (TCC), vol. 3378 of Lecture Notes in Computer Science, Springer, 2005, pp. 86-103. (Pubitemid 41231160)
73. D. Hofheinz, D. Unruh, On the notion of statistical security in simulatability definitions, in: Proceedings of the eighth Information Security Conference (ISC), vol. 3650 of Lecture Notes in Computer Science, Springer, 2005, pp. 118-133.
74. D. Hofheinz, D. Unruh, Simulatable security and polynomially bounded concurrent composability, in: Proceedings of the 27th IEEE Symposium on Security & Privacy, 2006, pp. 169-183.
75. R. Impagliazzo, B. M. Kapron, Logics for reasoning about cryptographic constructions, in: Proceedings of the 44th IEEE Symposium on Foundations of Computer Science (FOCS), 2003, pp. 372-381.
76. R. Kemmerer, Analyzing encryption protocols using formal verification techniques, IEEE Journal on Selected Areas in Communications 7 (4) (1989) 448-457.
77. R. Küsters, Simulation-based security with inexhaustible interactive turing machines, in: Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW), 2006, pp. 309-320. (Pubitemid 46499736)
78. K. Larsen, A. Skou, Bisimulation through probabilistic testing, Information and Computation 94 (1) (1991) 1-28. (Pubitemid 21694897)
79. P. Laud, Symmetric encryption in automatic analyses for confidentiality against active adversaries, in: Proceedings of the 25th IEEE Symposium on Security & Privacy, 2004, pp. 71-85.
80. P. Lincoln, J. Mitchell, M. Mitchell, A. Scedrov, A probabilistic poly-time framework for protocol analysis, in: Proceedings of the fifth ACM Conference on Computer and Communications Security, 1998, pp. 112-121.
81. P. Lincoln, J. Mitchell, M. Mitchell, A. Scedrov, Probabilistic polynomial-time equivalence and security analysis, in: Proceedings of the eighth Symposium on Formal Methods Europe (FME 1999), vol. 1708 of Lecture Notes in Computer Science, Springer, 1999, pp. 776-793.
82. Y. Lindell, General composition and universal composability in secure multi-party computation, in: Proceedings of the 44th IEEE Symposium on Foundations of Computer Science (FOCS), 2003, pp. 394-403.
83. Y. Lindell, A. Lysyanskaya, T. Rabin, On the composition of authenticated byzantine agreement, in: Proceedings of the 34th Annual ACM Symposium on Theory of Computing (STOC), 2002, pp. 514-523. (Pubitemid 35009412)
84. G. Lowe, Breaking and fixing the Needham-Schroeder public-key protocol using FDR, in: Proceedings of the second International Conference on Tools and Algorithms for the Construction and Analysis of Systems (TACAS), vol. 1055 of Lecture Notes in Computer Science, Springer, 1996, pp. 147-166. (Pubitemid 126050413)
85. N. Lynch, Distributed Algorithms, Morgan Kaufmann Publishers, San Francisco, 1996.
86. N. Lynch, I/O automaton models and proofs for shared-key communication systems, in: Proceedings of the 12th IEEE Computer Security Foundations Workshop (CSFW), 1999, pp. 14-29.
87. C. Meadows, Using narrowing in the analysis of key management protocols, in: Proceedings of the 10th IEEE Symposium on Security & Privacy, 1989, pp. 138-147.
88. S. Micali, P. Rogaway, Secure computation, in: Advances in Cryptology: CRYPTO'91, vol. 576 of Lecture Notes in Computer Science, Springer, 1991, pp. 392-404.
89. D. Micciancio, B. Warinschi, Soundness of formal encryption in the presence of active adversaries, in: Proceedings of the first Theory of Cryptography Conference (TCC), vol. 2951 of Lecture Notes in Computer Science, Springer, 2004, pp. 133-151.
90. J. K. Millen, The interrogator: a tool for cryptographic protocol security, in: Proceedings of the fifth IEEE Symposium on Security & Privacy, 1984, pp. 134-141.
91. J. Mitchell, M. Mitchell, A. Scedrov, A linguistic characterization of bounded oracle computation and probabilistic polynomial time, in: Proceedings of the 39th IEEE Symposium on Foundations of Computer Science (FOCS), 1998, pp. 725-733.
92. J. Mitchell, M. Mitchell, A. Scedrov, V. Teague, A probabilistic polynominal-time process calculus for analysis of cryptographic protocols (preliminary report), Electronic Notes in Theoretical Computer Science 47 (2001) 1-31.
93. J. Neveu, Mathematical Foundations of the Calculus of Probability, Holden-Day, 1965.
94. R. Ostrovsky, M. Yung, How to withstand mobile virus attacks, in: Proceedings of the 10th ACM Symposium on Principles of Distributed Computing (PODC), 1991, pp. 51-59.
95. L. Paulson, The inductive approach to verifying cryptographic protocols, Journal of Cryptology 6 (1) (1998) 85-128.
96. B. Pfitzmann, M. Waidner, How to break and repair a "provably secure" untraceable payment system, in: Advances in Cryptology: CRYPTO'91, vol. 576 of Lecture Notes in Computer Science, Springer, 1992, pp. 338-350.
97. B. Pfitzmann, M. Waidner, A general framework for formal notions of "secure" systems. Research Report 11/94, University of Hildesheim, April 1994. Available from: .
98. B. Pfitzmann, M. Waidner, Composition and integrity preservation of secure reactive systems, in: Proceedings of the seventh ACM Conference on Computer and Communications Security, 2000, pp. 245-254. (Pubitemid 32393924)
99. Extended version (with Matthias Schunter) IBM Research Report RZ 3206, May 2000. Available from: .
100. B. Pfitzmann, M. Waidner, A model for asynchronous reactive systems and its application to secure message transmission, in: Proceedings of the 22nd IEEE Symposium on Security & Privacy, 2001, pp. 184-200. (Pubitemid 32882636)
101. Extended version of the model (with Michael Backes) IACR Cryptology ePrint Archive 2004/082, http://eprint.iacr.org/.
102. M. Prabhakaran, A. Sahai, New notions of security: achieving universal composability without trusted setup, in: Proceedings of the 36th Annual ACM Symposium on Theory of Computing (STOC), 2004, pp. 242-251.
103. R. Segala, N. Lynch, Probabilistic simulation for probabilistic processes, Nordic Journal of Computing 2 (2) (1995) 250-273.
104. C. Sprenger, M. Backes, D. Basin, B. Pfitzmann, M. Waidner, Cryptographically sound theorem proving, in: Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW), 2006, pp. 153-166. (Pubitemid 46499724)
105. M. Steiner, Secure Group Key Agreement. Ph. D. Thesis, Universität des Saarlandes, 2002. Available from: .
106. F. J. Thayer Fabrega, J. C. Herzog, J. D. Guttman, Strand spaces: why is a security protocol correct? in: Proceedings of the 19th IEEE Symposium on Security & Privacy, 1998, pp. 160-171.
107. S.-H. Wu, S. A. Smolka, E. W. Stark, Composition and behaviors of probabilistic I/O automata, Theoretical Computer Science 176 (1-2) (1997) 1-38. (Pubitemid 127452890)
108. A. C. Yao, Protocols for secure computations, in: Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science (FOCS), 1982, pp. 160-164.
109. A. C. Yao, Theory and applications of trapdoor functions, in: Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science (FOCS), 1982, pp. 80-91.