Cristian Ene

A symbolic decision procedure for cryptographic protocols with time stamps

Abstract We present a symbolic decision procedure for time-sensitive cryptographic protocols. We consider protocols described in a process algebra-like notation that includes clocks, time-stamps and time variables. While the values of all clocks increase with rate one when time passes, time variables are simply variables that range over the time domain and can be used to remember time-stamps, i.e. time values. Our symbolic decision procedure deals with secrecy, authentication and any property that can be described as a safety property. Our approach is based on a logic representation of sets of configurations that combines a decidable logic with time constraints.

Computationally sound typing for non-interference: the case of deterministic encryption

Type systems for secure information flow aim to prevent a program from leaking information from variables that hold secret data to variables that hold public data. In this work we present a type system to address deterministic encryption. The intuition that encrypting a secret yields a public value, that can be stored in a public variable, is faithful for probabilistic encryption but erroneous for deterministic encryption. We prove the computational soundness of our type system in the concrete security framework.

Automated Proofs for Asymmetric Encryption

Many generic constructions for building secure cryptosystems from primitives with lower level of security have been proposed. Providing security proofs has also become standard practice. There is, however, a lack of automated verification procedures that analyze such cryptosystems and provide security proofs. In this paper, we present a sound and automated procedure that allows us to verify that a generic asymmetric encryption scheme is secure against chosen-plaintext attacks in the random oracle model. It has been applied to several examples of encryption schemes among which the construction of Bellare–Rogaway 1993, of Pointcheval at PKC’2000.

On unique decomposition of processes in the applied π-calculus

Unique decomposition has been a subject of interest in process algebra for a long time (for example in BPP [2] or CCS [11,13]), as it provides a normal form with useful cancellation properties. We provide two parallel decomposition results for subsets of the Applied π-Calculus: we show that any closed normed (i.e. with a finite shortest complete trace) process P can be decomposed uniquely into prime factors Pi with respect to strong labeled bisimilarity, i.e. such that P ~lP1 | …| Pn. We also prove that closed finite processes can be decomposed uniquely with respect to weak labeled bisimilarity.

A Symbolic Decision Procedure for Cryptographic Protocols with Time Stamps

We present a symbolic decision procedure for time-sensitive cryptographic protocols with time-stamps. Our decision procedure deals with secrecy, authentication and any property that can be described as an invariance property.

Formal indistinguishability extended to the random oracle model

Several generic constructions for transforming one-way functions to asymmetric encryption schemes have been proposed. One-way functions only guarantee the weak secrecy of their arguments. That is, given the image by a one-way function of a random value, an adversary has only negligible probability to compute this random value. Encryption schemes must guarantee a stronger secrecy notion. They must be at least resistant against indistinguishability-attacks under chosen plaintext text (IND-CPA). Most practical constructions have been proved in the random oracle model (ROM for short). Such computational proofs turn out to be complex and error prone. Bana et al. have introduced Formal Indistinguishability Relations (FIR), as an abstraction of computational indistinguishability. In this paper, we extend the notion of FIR to cope with the ROM on one hand and adaptive adversaries on the other hand. Indeed, when dealing with hash functions in the ROM and one-way functions, it is important to correctly abstract the notion of weak secrecy. Moreover, one needs to extend frames to include adversaries in order to capture security notions as IND-CPA. To fix these problems, we consider pairs of formal indistinguishability relations and formal nonderivability relations. We provide a general framework along with general theorems, that ensure soundness of our approach and then we use our new framework to verify several examples of encryption schemes among which the construction of Bellare Rogaway and Hashed ElGamal.

On the Existence of an Effective and Complete Inference System for Cryptographic Protocols

A central question in the domain of program semantics and program verification is the existence of a complete inference system for assertions of the form π |= φ meaning that program π satisfies property φ. A stronger version of this question asks for an effective (decidable) complete inference system. We investigate these questions for cryptographic protocols focusing on authentication and confidentiality properties. While it is not difficult to see that a complete and effective inference system cannot exist when an unbounded number of sessions are considered, we prove that such a system exists for bounded protocols. More, precisely 1.) we provide a complete weakest pre-condition calculus for bounded cryptographic protocols and 2.) we show that assertions needed for completeness of the calculus are expressible in a decidable second order logic on terms.

CIL Security Proof for a Password-Based Key Exchange

Computational Indistinguishability Logic (CIL) is a logic for reasoning about cryptographic primitives in computational model. It is sound for standard model, but also supports reasoning in the random oracle and other idealized models. We illustrate the benefits of CIL by formally proving the security of a Password-Based Key Exchange (PBKE) scheme, which is designed to provide entities communicating over a public network and sharing a short password, under a session key.