Modular code-based cryptographic verification
Cédric Fournet,Markulf Kohlweiss,Pierre-Yves Strub +2 more
- 17 Oct 2011
- pp 341-350
TL;DR: This work presents the first modular automated program verification method based on standard cryptographic assumptions using F7, a refinement type checker coupled with an SMT-solver, and develops a probabilistic core calculus for F7 and formalizes its type safety in Coq.
read more
Abstract: Type systems are effective tools for verifying the security of cryptographic programs. They provide automation, modularity and scalability, and have been applied to large security protocols. However, they traditionally rely on abstract assumptions on the underlying cryptographic primitives, expressed in symbolic models. Cryptographers usually reason on security assumptions using lower level, computational models that precisely account for the complexity and success probability of attacks. These models are more realistic, but they are harder to formalize and automate. We present the first modular automated program verification method based on standard cryptographic assumptions. We show how to verify ideal functionalities and protocols written in ML by typing them against new cryptographic interfaces using F7, a refinement type checker coupled with an SMT-solver. We develop a probabilistic core calculus for F7 and formalize its type safety in Coq.We build typed module and interfaces for MACs, signatures, and encryptions, and establish their authenticity and secrecy properties. We relate their ideal functionalities and concrete implementations, using game-based program transformations behind typed interfaces. We illustrate our method on a series of protocol implementations.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Implementing TLS with Verified Cryptographic Security
Karthikeyan Bhargavan,Cédric Fournet,Markulf Kohlweiss,Alfredo Pironti,Pierre-Yves Strub +4 more
- 19 May 2013
TL;DR: A verified reference implementation of TLS 1.2 is developed, including security specifications for its main components, such as authenticated stream encryption for the record layer and key establishment for the handshake, and typecheck the protocol state machine.
Triple Handshakes and Cookie Cutters: Breaking and Fixing Authentication over TLS
Karthikeyan Bhargavan,Antoine Delignat Lavaud,Cédric Fournet,Alfredo Pironti,Pierre-Yves Strub +4 more
- 18 May 2014
TL;DR: This work designs and implements two new TLS extensions that strengthen the authentication guarantees of the handshake and develops an exemplary HTTPS client library that implements several mitigations, on top of a previously verified TLS implementation, and proves that their composition provides strong, simple application security.
Secure distributed programming with value-dependent types
TL;DR: F*, a full-fledged design and implementation of a new dependently typed language for secure distributed programming, provides arbitrary recursion while maintaining a logically consistent core; it enables modular reasoning about state and other effects using affine types; and it supports proofs of refinement properties using a mixture of cryptographic evidence and logical proof terms.
Security protocol verification: symbolic and computational models
Bruno Blanchet
- 24 Mar 2012
TL;DR: This paper surveys various approaches in this area, considering the verification in the symbolic model, as well as the more recent approaches that rely on the computational model or that verify protocol implementations rather than specifications.
SoK: Computer-Aided Cryptography
Manuel Barbosa,Gilles Barthe,Karthikeyan Bhargavan,Bruno Blanchet,Cas Cremers,Kevin Liao,Bryan Parno +6 more
- 23 May 2021
TL;DR: A cross-cutting systematization of the computer-aided cryptography literature, focusing on three main areas: (i) design-level security (both symbolic security and computational security), (ii) functional correctness and efficiency, and (iii) implementation- level security (with a focus on digital side-channel resistance).
References
On the security of public key protocols
Danny Dolev,Andrew Chi-Chih Yao +1 more
TL;DR: Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.
Universally composable security: a new paradigm for cryptographic protocols
Ran Canetti
- 14 Oct 2001
TL;DR: The notion of universally composable security was introduced in this paper for defining security of cryptographic protocols, which guarantees security even when a secure protocol is composed of an arbitrary set of protocols, or more generally when the protocol is used as a component of a system.
A digital signature scheme secure against adaptive chosen-message attacks
TL;DR: A digital signature scheme based on the computational difficulty of integer factorization possesses the novel property of being robust against an adaptive chosen-message attack: an adversary who receives signatures for messages of his choice cannot later forge the signature of even a single additional message.
•Book
Introduction to Modern Cryptography
Jonathan Katz,Yehuda Lindell +1 more
- 01 Jan 2007
TL;DR: This book discusses Private-Key (Symmetric) Cryptography, Number Theory and Cryptographic Hardness Assumptions, and the Random-Oracle Model in Detail.
2.7K
HMAC: Keyed-Hashing for Message Authentication
Hugo Krawczyk,Mihir Bellare,Ran Canetti +2 more
- 01 Feb 1997
TL;DR: This document describes HMAC, a mechanism for message authentication using cryptographic hash functions that can be used with any iterative cryptographic hash function, e.g., MD5, SHA-1, in combination with a secret shared key.
2.6K