From computationally-proved protocol specifications to implementations and application to SSH

Journal of Wireless Mobile Networks, Ubiquitous Computing, and Dependable Applications

Volumn 4, Issue 1, 2013, Pages 4-31

  Cadé, David ^a   Blanchet, Bruno ^a  

^a INRIA ROCQUENCOURT   (France)

Author keywords

Compiler; Computational model; Implementation; Security protocols; SSH; Verification

Indexed keywords

EID: 84886918886     PISSN: 20935374     EISSN: 20935382     Source Type: Journal    
DOI: None     Document Type: Article

References (37)

1. D. Cadé and B. Blanchet, From computationally-proved protocol specifications to implementations, in Proc. of the 7th International Conference on Availability, Reliability and Security (ARES'12), Prague, Chzech Republic. IEEE, August 2012, pp. 65-74.
2. B. Blanchet, A computationally sound mechanized prover for security protocols, IEEE Transactions on Dependable and Secure Computing, vol. 5, no. 4, pp. 193-207, October-December 2008.
3. B. Blanchet, Computationally sound mechanized proofs of correspondence assertions, in Proc. of the 20th IEEE Computer Security Symposium (CSF'07), Venice, Italy. IEEE, July 2007, pp. 97-111.
4. B. Blanchet and D. Pointcheval, Automated security proofs with sequences of games, in Proc. of the 26th Annual International Cryptology Conference (CRYPTO'06), Santa Barbara, California, USA, LNCS, vol. 4117. Springer-Verlag, August 2006, pp. 537-554.
5. D. Cadé and B. Blanchet, Proved generation of implementations from computationally secure protocol specifications, in Proc. of the 2nd Conference on Principles of Security and Trust (POST'13), Rome, Italy, LNCS, vol. 7796. Springer-Verlag, March 2013, pp. 63-82.
6. D. Song, A. Perrig, and D. Phan, AGVI-Automatic Generation, Verification, and Implementation of security protocols, in Proc. of the 13th Conference on Computer Aided Verification (CAV'01), Paris, France, LNCS, vol. 2102. Springer-Verlag, July 2001, pp. 241-245.
7. G. Milicia, χ-spaces: Programming security protocols, in Proc. of the 14th Nordic Workshop on Programming Theory (NWPT'02), Tallinn, Estonia, November 2002.
8. D. Pozza, R. Sisto, and L. Durante, Spi2Java: Automatic cryptographic protocol Java code generation from spi calculus, in Proc. of the Advanced Information Networking and Applications, 2004 (AINA'04), Fukuoka, Japan, vol. 1. IEEE, March 2004, pp. 400-405.
9. A. Pironti and R. Sisto, Provably correct Java implementations of spi calculus security protocols specifications, Computers and Security, vol. 29, no. 3, pp. 302-314, May 2010.
10. A. Pironti and R. Sisto, An experiment in interoperable cryptographic protocol implementation using automatic code generation, in Proc. of the IEEE Symposium on Computers and Communications (ISCC'07), Aveiro, Portugal. IEEE, July 2007, pp. 839-844.
11. M. Avalle, A. Pironti, R. Sisto, and D. Pozza, The JavaSPI framework for security protocol implementation, in Proc. of the 6th International Conference on Availability, Reliability and Security (ARES'11), Vienna, Austria. IEEE, August 2011, pp. 746-751.
12. th International Conference on Verification, Model Checking and Abstract Interpretation (VMCAI'05), Paris, France, LNCS, vol. 3385. Springer-Verlag, January 2005, pp. 363-379.
13. J. Jürjens, Security analysis of crypto-based Java programs using automated theorem provers, in Proc. Of the 21th IEEE/ACM International Conference on Automated Software Engineering (ASE'06), Tokyo, Japan. IEEE, September 2006, pp. 167-176.
14. E. Poll and A. Schubert, Verifying an implementation of SSH, in Proc. of the 17th Annual Workshop on Information Technologies (WITS'07), Braga, Portugal, March 2007.
15. S. Chaki and A. Datta, ASPIER: An automated framework for verifying security protocol implementations, in Proc. of the 22nd IEEE Computer Security Foundations Symposium (CSF'09), Port Jefferson, New York, USA. IEEE, July 2009, pp. 172-185.
16. F. Dupressoir, A. D. Gordon, J. Jürjens, and D. A. Naumann, Guiding a general-purpose C verifier to prove cryptographic protocols, in Proc. of the 24th IEEE Computer Security Foundations Symposium (CSF'11), Cernay-la-Ville, France. IEEE, June 2011, pp. 3-17.
17. K. Bhargavan, C. Fournet, A. Gordon, and S. Tse, Verified interoperable implementations of security protocols, ACM Transactions on Programming Languages and Systems (TOPLAS), vol. 31, no. 1, 2008.
18. K. Bhargavan, R. Corin, C. Fournet, and E. Zǎlinescu, Cryptographically verified implementations for TLS, in Proc. of the 15th ACM Conference on Computer and Communications Security (CCS'08), Alexandria, Virginia, USA. ACM, October 2008, pp. 459-468.
19. N. O'Shea, Using Elyjah to analyse Java implementations of cryptographic protocols, in Proc. of the Joint Workshop on Foundations of Computer Security, Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security (FCS-ARSPA-WITS'08), Pittsburgh, Pennsylvania, USA, June 2008.
20. M. Aizatulin, A. D. Gordon, and J. Jürjens, Extracting and verifying cryptographic models from C protocol code by symbolic execution, in Proc. of the 18th ACM Conference on Computer and Communications Security (CCS'11), Chicago, Illinois, USA. ACM, October 2011, pp. 331-340.
21. J. Bengtson, K. Bhargavan, C. Fournet, A. Gordon, and S. Maffeis, Refinement types for secure implementations, ACM Transactions on Programming Languages and Systems (TOPLAS), vol. 33, no. 2, 2011.
22. K. Bhargavan, C. Fournet, and A. Gordon, Modular verification of security protocol code by typing, in Proc. of the 37th ACM SIGACT-SIGPLAN Symposium on Principles of Programming Languages (POPL'10), Madrid, Spain. ACM, January 2010, pp. 445-456.
23. N. Swamy, J. Chen, C. Fournet, P.-Y. Strub, K. Bharagavan, and J. Yang, Secure distributed programming with value-dependent types, in Proc. of the 16th ACM SIGPLAN International Conference on Functional Programming (ICFP'11), Tokyo, Japan. ACM, September 2011, pp. 266-278.
24. C. Fournet, M. Kohlweiss, and P.-Y. Strub, Modular code-based cryptographic verification, in Proc. of the 18th ACM Conference on Computer and Communications Security (CCS'11), Chicago, Illinois, USA. ACM, October 2011, pp. 341-350.
25. M. Backes, D. Hofheinz, and D. Unruh, CoSP: A general framework for computational soundness proofs, in Proc. of the 16th ACM Conference on Computer and Communications Security (CCS'09), Chicago, Illinois, USA. ACM, November 2009, pp. 66-78.
26. M. Aizatulin, A. D. Gordon, and J. Jürjens, Computational verification of C protocol implementations by symbolic execution, in Proc. of the 19th ACM Conference on Computer and Communications Security (CCS'12), Raleigh, North Carolina, USA. ACM, October 2012, pp. 712-723.
27. T. Ylönen, RFC 4251: The Secure Shell (SSH) Protocol Architecture, January 2006, http://www.ietf.org/rfc/rfc4251.txt
28. T. Ylönen, RFC 4253: The Secure Shell (SSH) Transport Layer Protocol, January 2006, http://www.ietf.org/rfc/rfc4253.txt.
29. T. Ylönen, RFC 4252: The Secure Shell (SSH) Authentication Protocol, January 2006, http://www.ietf.org/rfc/rfc4252.txt.
30. T. Ylönen, RFC 4254: The Secure Shell (SSH) Connection Protocol, January 2006, http://www.ietf.org/rfc/rfc4254.txt.
31. M. Bellare, T. Kohno, and C. Namprempre, The secure shell (SSH) transport layer encryption modes, January 2006, http://www.ietf.org/rfc/rfc4344.txt.
32. T. Kivinen and M. Kojo, RFC 3526: More modular exponential (MODP) Diffie-Hellman groups for Internet Key Exchange (IKE), May 2003, http://www.ietf.org/rfc/rfc3526.txt.
33. A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of Applied Cryptography. CRC Press, 1996.
34. M. Bellare, T. Kohno, and C. Namprempre, Authenticated encryption in SSH: Provably fixing the SSH binary packet protocol, in Proc. of the 9th ACM conference on Computer and communications security (CCS'02), Washington, DC, USA. ACM, November 2002, pp. 1-11.
35. M. R. Albrecht, K. G. Paterson, and G. J. Watson, Plaintext recovery attacks against SSH, in Proc. of the 30th IEEE Symposium on Security and Privacy, Oakland, California, USA. IEEE, May 2009, pp. 16-26.
36. M. Bellare, A. Desai, E. Jokipii, and P. Rogaway, A concrete security treatment of symmetric encryption, in Proc. of the 38th Annual Symposium on Foundations of Computer Science (FOCS'97), Miami Beach, Florida. IEEE, October 1997, pp. 394-403.
37. K. G. Paterson and G. J. Watson, Plaintext-dependent decryption: A formal security treatment of SSH-CTR, in Proc. of the 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques (Eurocrypt'10), Monaco and Nice, French Riviera, LNCS, vol. 6110. Springer-Verlag, May-June 2010, pp. 345-361, full version available at http://eprint.iacr.org/2010/095.