Verified cryptographic implementations for TLS

ACM Transactions on Information and System Security

Volumn 15, Issue 1, 2012, Pages

  Bhargavan, Karthikeyan ^a   Fournet, Cédric ^a   Corin, Ricardo ^b   Zǎlinescu, Eugen ^b  

^a MICROSOFT RESEARCH   (United Kingdom)

^b Parc Orsay Université   (France)

Author keywords

Security; Verification

Indexed keywords

COMPUTATIONAL MODEL; CRYPTOGRAPHIC IMPLEMENTATION; CRYPTOGRAPHIC PROTOCOLS; EXECUTABLE CODES; INTEROPERABILITY TESTING; SECURITY; TRANSPORT LAYER SECURITY PROTOCOLS;

SEEBECK EFFECT; VERIFICATION;

CRYPTOGRAPHY;

EID: 84859467774     PISSN: 10949224     EISSN: 15577406     Source Type: Journal    
DOI: 10.1145/2133375.2133378     Document Type: Conference Paper

References (44)

1. ABADI, M. AND FOURNET, C. 2001. Mobile values, new names, and secure communication. In Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL'01). ACM, 104-115.
2. BACKES, M. AND LAUD, P. 2006. Computationally sound secrecy proofs by mechanized flow analysis. In Proceedings of the 13th ACM Conference on Computer and Communications Security (CCS'06). ACM, 370-379. (Pubitemid 47131384)
3. BELLARE, M., CANETTI, R., AND KRAWCZYK, H. 1996. Keying hash functions for message authentication. In Proceedings of the 16th Annual Cryptology Conference on Advances in Cryptology (CRYPTO'96). Springer, 1-15. (Pubitemid 126106226)
4. BELLARE, M. AND ROGAWAY, P. 1993. Random oracles are practical: A paradigm for designing efficient protocols. In Proceedings of the 1st ACM Conference on Computer and Communications Security (CCS'93). ACM, 62-73.
5. BHARGAVAN, K., CORIN, R., FOURNET, C., AND ŽALINESCU, E. 2009. Automated computational verification for cryptographic protocol implementations. MSR-INRIA Tech. rep. http://msr-inria.inria.fr/projects/sec/fs2cv.
6. BHARGAVAN, K., FOURNET, C., GORDON, A. D., AND TSE, S. 2006. Verified interoperable implementations of security protocols. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06). IEEE Computer Society, 139-152. (Pubitemid 46499723)
7. BLANCHET, B. 2001. An efficient cryptographic protocol verifier based on Prolog rules. In Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW'01). IEEE Computer Society, 82-96. (Pubitemid 32877779)
8. BLANCHET, B. 2007. Computationally sound mechanized proofs of correspondence assertions. In Proceedings of the 20th IEEE Computer Security Foundations Symposium (CSF'07). IEEE Computer Society, 97-111. (Pubitemid 47554208)
9. BLANCHET, B. 2008. A computationally sound mechanized prover for security protocols. IEEE Trans. Depend. Secur. Comput. 5, 4, 193-207.
10. BLANCHET, B. AND POINTCHEVAL, D. 2006. Automated security proofs with sequences of games. In Proceedings of the 26th Annual International Cryptology Conference (CRYPTO'06). Lecture Notes in Computer Science, vol. 4117. Springer, 537-554. (Pubitemid 44532137)
11. BLANCHET, B., JAGGARD, A. D., SCEDROV, A., AND TSAY, J.-K. 2008. Computationally sound mechanized proofs for basic and public-key Kerberos. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08). ACM, 87-99.
12. BLEICHENBACHER, D. 1998. Chosen ciphertext attacks against protocols based on RSA encryption standard PKCS #1. In Proceedings of the 18th Annual Cryptology Conference on Advances in Cryptology (CRYPTO'98). Lecture Notes in Computer Science, vol. 1462. Springer, 1-12. (Pubitemid 128118993)
13. CHAKI, S. AND DATTA, A. 2009. Aspier: An automated framework for verifying security protocol implementations. In Proceedings of the 22nd IEEE Computer Security Foundations Symposium (CSF'09). IEEE Computer Society, 172-185.
14. CISCO. 2007. SSL/TLS certificate and SSH public key validation vulnerability. http://www.cisco.com/warp/public/707/cisco-sa-20070118-certs. shtml.
15. CORIN, R. AND DEN HARTOG, J. 2006. A probabilistic hoare-style logic for game-based cryptographic proofs. In Proceedings of the 33rd International Colloquium on Automata, Languages and Programming Part II (ICALP'06). Lecture Notes in Computer Science, vol. 4052. Springer, 252-263. (Pubitemid 44113252)
16. DATTA, A., DEREK, A.,MITCHELL, J. C., AND WARINSCHI, B. 2006. Computationally sound compositional logic for key exchange protocols. In Proceedings of the 19th IEEE Computer Security Foundations Workshop (CSFW'06). IEEE Computer Society, 321-334. (Pubitemid 46499737)
17. DÍAZ, G., CURTERO, F., VALERO, V., AND PELAYO, F. 2004. Automatic verification of the TLS handshake protocol. In Proceedings of the 19th ACM Symposium on Applied Computing (SAC'04). ACM, 789-794.
18. DIERKS, T. AND ALLEN, C. 1999. The TLS protocol version 1.0.
19. DIERKS, T. AND RESCORLA, E. 2006. The Transport layer security (TLS) protocol version 1.1.
20. DIERKS, T. AND RESCORLA, E. 2008. The Transport layer security (TLS) protocol version 1.2.
21. DIETRICH, S. 1997. A formal analysis of the secure sockets layer protocol. Ph.D. thesis, Adelphi University.
22. DOLEV, D. AND YAO, A. 1983. On the security of public key protocols. IEEE Trans. Inform. Theory IT-29, 2, 198-208.
23. FOUQUE, P.-A., POINTCHEVAL, D., AND ZIMMER, S. 2008. HMAC is a randomness extractor and applications to TLS. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08). ACM, 21-32.
24. FRIER, A. O., KARLTON, P., AND KOCHER, P. C. 1996. The SSL protocol version 3.0. Internet Draft, IETF.
25. GAJEK, S., MANULIS, M., SADEGHI, A.-R., AND SCHWENK, J. 2008. Provably secure browser-based useraware mutual authentication over TLS. In Proceedings of the ACM Symposium on Information, Computer and Communications Security (ASIACCS'08). ACM, 300-311.
26. GOUBAULT-LARRECQ, J. AND PARRENNES, F. 2005. Cryptographic protocol analysis on real C code. In Proceedings of the 6th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05). Lecture Notes in Computer Science, vol. 3385. Springer, 363-379. (Pubitemid 41231372)
27. HE, C., SUNDARARAJAN, M., DATTA, A., DEREK, A., AND MITCHELL, J. C. 2005. A modular correctness proof of IEEE 802.11i and TLS. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS'05). ACM, 2-15. (Pubitemid 44021985)
28. HICKMAN, K. E. 1995. The SSL protocol. Draft specification, Netscape.
29. JONSSON, J. AND KALISKI, J. B. S. 2002. On the security of RSA encryption in TLS. In Proceedings of the 22nd Annual International Cryptology Conference (CRYPTO'02). Lecture Notes in Computer Science, vol. 2442. Springer, 127-142.
30. JÜRJENS, J. 2006. Security analysis of crypto-based java programs using automated theorem provers. In Proceedings of the 21st IEEE/ACM International Conference on Automated Software Engineering (ASE'06). IEEE Computer Society, 167-176. (Pubitemid 47159344)
31. KAMIL, A. AND LOWE, G. 2008. Analysing TLS in the strand spaces model. Tech. rep., Oxford University Computing Laboratory.
32. KLIMA, V., POKORNY, O., AND ROSA, T. 2003. Attacking RSA-based sessions in SSL/TLS. In Proceedings of the Workshop on Cryptographic Hardware and Embedded Systems (CHES'03). Lecture Notes in Computer Science, vol. 2779. Springer, 426-440.
33. KRAWCZYK, H. 2001. The order of encryption and authentication for protecting communications (or How secure is SSL?). In Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology (CRYPTO'01). Lecture Notes in Computer Science, vol. 2139. Springer, 310-331. (Pubitemid 33317923)
34. LAUD, P. 2005. Secrecy types for a simulatable cryptographic library. In Proceedings of the 12th ACM Conference on Computer and Communications Security (CCS'05). ACM, 26-35. (Pubitemid 44021987)
35. MITCHELL, J. C., SHMATIKOV, V., AND STERN, U. 1998. Finite-state analysis of SSL 3.0. In Proceedings of the 7th USENIX Security Symposium (SSYM'98). USENIX Association, 201-216.
36. MORRISSEY, P., SMART, N. P., AND WARINSCHI, B. 2010. The TLS handshake protocol: A modular analysis. J. Cryptology 23, 2, 187-223.
37. NEEDHAM, R. AND SCHROEDER, M. 1978. Using encryption for authentication in large networks of computers. Comm. ACM 21, 12, 993-999. (Pubitemid 9408754)
38. OGATA, K. AND FUTATSUGI, K. 2005. Equational approach to formal analysis of TLS. In Proceedings of the 25th IEEE International Conference on Distributed Computing Systems (ICSCS'05). IEEE Computer Society, 795-804.
39. OPENSSL. 2009. EVP-VerifyFinal function signature verification vulnerability. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5077.
40. PAULSON, L. C. 1999. Inductive analysis of the Internet protocol TLS. ACM Trans. Inf. Syst. Secur. 2, 3, 332-351.
41. PHAN, D. H. AND POINTCHEVAL, D. 2004. About the security of ciphers (semantic security and pseudorandom permutations). In Proceedings of the 11th International Workshop on Selected Areas in Cryptography (SAC'04). Lecture Notes in Computer Science, vol. 3357. Springer, 182-197. (Pubitemid 39743822)
42. TSAHHIROV, I. AND LAUD, P. 2007. Application of dependency graphs to security protocol analysis. In Proceedings of the 3rd Symposium on Trustworthy Global Computing. Lecture Notes in Computer Science, vol. 4912. Springer, 294-311.
43. WAGNER, D. AND SCHNEIER, B. 1996. Analysis of the SSL 3.0 protocol. In Proceedings of the 2nd USENIX Workshop on Electronic Commerce (WOEC'96). USENIX Association, 29-40.
44. YAU, A. K. L., PATERSON, K. G., AND MITCHELL, C. J. 2005. Padding oracle attacks on CBC-mode encryption with secret and random IVs. In Fast Software Encryption, Springer, 299-319. (Pubitemid 41425171)