Privacy Compliance Verification in Cryptographic Protocols
نویسندگان
چکیده
To provide privacy protection, cryptographic primitives are frequently applied to communication protocols in an open environment (e.g. the Internet). We call these protocols privacy enhancing protocols (PEPs) which constitute a class of cryptographic protocols. Proof of the security properties, in terms of the privacy compliance, of PEPs is desirable before they can be deployed. However, the traditional provable security approach, though well-established for proving the security of cryptographic primitives, is not applicable to PEPs. We apply the formal language of Coloured Petri Nets (CPNs) to construct an executable specification of a representative PEP, namely the Private Information Escrow Bound to Multiple Conditions Protocol (PIEMCP). Formal semantics of the CPN specification allow us to reason about various privacy properties of PIEMCP using state space analysis techniques. This investigation provides insights into the modelling and analysis of PEPs in general, and demonstrates the benefit of applying a CPN-based formal approach to the privacy compliance verification of PEPs.
منابع مشابه
A short introduction to two approaches in formal verification of security protocols: model checking and theorem proving
In this paper, we shortly review two formal approaches in verification of security protocols; model checking and theorem proving. Model checking is based on studying the behavior of protocols via generating all different behaviors of a protocol and checking whether the desired goals are satisfied in all instances or not. We investigate Scyther operational semantics as n example of this...
متن کاملFormal verification of cryptographic protocols with automated reasoning
Cryptographic protocols form the backbone of our digital society. Unfortunately, the security of numerous critical components has been neglected. As a consequence, attacks have resulted in financial loss, violations of personal privacy, and threats to democracy. This thesis aids the secure design of cryptographic protocols and facilitates the evaluation of existing schemes. Developing a secure ...
متن کاملTowards Verifying Voter Privacy through Unlinkability
The increasing official use of security protocols for electronic voting deepens the need for their trustworthiness, hence for their formal verification. The impossibility of linking a voter to her vote, often called voter privacy or ballot secrecy, is the core property of many such protocols. Most existing work relies on equivalence statements in cryptographic extensions of process calculi. Thi...
متن کاملAutomatic verification of cryptographic protocols : privacy-type properties. (Vérification automatique des protocoles cryptographiques : propriétés d'équivalence)
متن کامل
DISSERTATION Defense held on 18 / 11 / 2013 in Luxembourg to obtain the degree of DOCTEUR DE L ’ UNIVERSITÉ DU LUXEMBOURG EN INFORMATIQUE
Privacy protection is an important requirement in both everyday life and the Inter-net. As the Internet is an open network, adversaries can observe and manipulate data flowing over it. To ensure privacy in communications over open networks, cryptographic protocols have been widely used, and thus, proposing such protocols has become a popular research area. However, design of cryptographic proto...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Trans. Petri Nets and Other Models of Concurrency
دوره 6 شماره
صفحات -
تاریخ انتشار 2012