Trust Management in Strand Spaces: A Rely-Guarantee Method

We show how to combine trust management theories with nonce-based cryptographic protocols. The strand space framework for protocol analysis is extended by associating formulas from a trust management logic with the transmit and receive actions of the protocol principals. The formula on a transmission is a guarantee; the sender must ensure that this formula is true before sending the message. The formula on a receive event is an assumption that the recipient may rely on in deducing future guarantee formulas. The strand space framework allows us to prove that a protocol is sound, in the sense that when a principal relies on a formula, another principal has previously guaranteed it. We explain the ideas in reference to a simple new electronic commerce protocol, in which a customer obtains a money order from a bank to pay a merchant to ship some goods. Cryptographic protocol analysis has aimed primarily to determine what messages another principal must have sent or received, when one principal is known to have sent or received certain messages. However, other questions are also important: what does a principal commit herself to when she executes a protocol? What assumptions must she accept, on the basis of her peers’ assertions, to be willing to execute a protocol to the end? Answers to these questions spell out the trust assumptions of a protocol. We introduce here a method for reasoning about trust assumptions. The method clarifies the goals and consequences of engaging in a protocol, and the trust required to complete a protocol run. Trust management allows principals to make access control decisions using a local policy to combine assertions made by their peers [18, 5]. The same local access control policy also controls the action of making assertions (including requests) to other principals. Cryptographic methods such as digital signatures are used to determine which principal uttered each assertion. A central advantage of trust management is that it handles naturally different principals who trust each other for some kinds of assertions, but not all. A major subtrend is logical trust management [18, 2, 19]. Here the local policy is a logical theory held by the principal, so that access control is decided by logical derivation. ⋆ Supported by the MITRE-Sponsored Research Program. This paper appears in the European Symposium on Programming, April 2004. 2 ESOP 2004: 7 Jan 2004 Despite sophisticated academic work, trust management has seen limited uptake. It imposes a substantial security management burden on organizations that would use it. This burden is exacerbated by problems with key management and revocation. If the cryptographic secrets on which the method depends are poorly protected, then the likelihood of achieving benefits appears too low to offset the effort. From this point of view, Trusted Platform Modules (TPMs) [4], create an opportunity. These inexpensive cryptographic chips, now available in commercial personal computers, provide secure storage, on-chip cryptographic operations, and facilities to report securely on the system’s software state. The TPM is organized around nonce-based protocols, so remote principals receive freshness guarantees with the information they retrieve from TPM-equipped devices. Thus, the TPM is a promising platform for trust management [16], assuming trust management can effectively exploit nonce-based protocols. Goal of this paper Here we aim to resolve one underlying theoretical question needed to provide a rigorous basis for using the TPM as a platform for trust management. That is, what forms of reasoning can soundly combine information from nonce-based protocols and trust management theories? Our answer uses the well-developed strand space theory. Strand spaces allow us to determine what security goals a cryptographic protocol achieves [12, 24]; to decide when different cryptographic protocols may safely be combined [11]; to study interactions between protocols and the cryptography or message formatting used to implement them [13, 15]; and to guide protocol design [10, 23]. We now augment strand spaces with a rely-guarantee method [17]. The formulas are borrowed from a trust management logic, the choice of which is not tightly constrained by our method. The designer of a protocol annotates the behaviors of the principals with formulas. The formula associated with a message transmission must be guaranteed by the sender. Before sending the message, a principal obeying the protocol ensures the truth of the formula, presumably by combining reliable locally available data with guarantees offered earlier by other principals, using deduction in the local policy theory. The sender asserts the formula when sending the message. When another principal receives a message, that principal may rely on the fact that the sender has asserted the formula. The receiving principal can use the assertion in later deductions. A protocol annotated with rely and guarantee formulas is sound if in every execution, whenever a principal receives a message and relies on a formula, there were corresponding message transmissions, guaranteeing assertions that are at least as strong. The existing methods of the strand space theory may be used to prove annotated protocols sound. They may also be used to prove that the guaranteeing message transmissions occurred recently, rather than involving time scales on which revocation or key compromise are realistic threats. Section 1 introduces a simple illustrative protocol, based on money orders. Section 2 codifies the essential ingredients of logical trust management. The rely1 A nonce is a randomly chosen bitstring, used in protocols to ensure freshness and avoid replay attacks. ESOP 2004: 7 Jan 2004 3 guarantee method itself is in Section 3. Section 4 defines soundness and proves soundness for the example. Related work is in Section 5.