Certified Security Proofs of Cryptographic Protocols in the Computational Model : an Application to Intrusion Resilience

in the Computational Model :

an Application to Intrusion Resilience

Pierre Corbineau Mathilde Duclos Yassine Lakhnech

Université de Grenoble, CNRS – Verimag, Grenoble, France

Introduction

We report on

A formalization in Coq of

CIL: Computational Indistinguishability Logic [CCS’10] a logic for proving correctness of cryptographic systems in the complexity-theoric model;

and its application to prove correctness of an

intrusientresilient keyexchange protocol

-a non-trivi-al protocol in -a model th-at goes beyond the bl-ack box model.

Security Protocols

are rules for exchanging messages

ensure secure communicationon an open networkin the

presence of adversaries

applications: ATM, e-commerce, electronic vote or contract signing, etc.

of particular importance: authenticated key-exchange protocols Confidentiality: key is indistinguishable from a random key

Authentication: in a presence of a passive adversary, two legitimate partners engaged in a session compute the same key.

Motivation

Cryptographers develop proofs in the complexity-theoretic (computational) model:

System: a set of randomized oracles, called oracle system. Adversary: any randomized machine with access to the oracles. She tries to answer a question.

Correctness: a bound on the probability that the adversary answers correctly depending on the ressources of the adversary, both in terms of computation and number of calls to the oracles.

Black-Box model does notgive any extra information on the

internal state of the oracle system. I.e., view of the adversary is the interaction.

Non-black-box: some information about the internal state of the oracles.

State of affairs

Many flawed security proofs in the literature: Asiacrypt’05: Jackobson-Pointcheval’01, Wong-Chan’01,

Abdalla-Pointcheval’05, Bellare-Canetti-Krawczyck’98, Bellare-Rogaway’s OAEP, ....

Adhoc definitions of properties. Proofs are adhoc, untrustable,...

Many models that depend on the properties, cryptographic primitives, strength of the adversary, etc....

Can Formal Methods offer something? Our research program:

Computer-aided Formal Proofs in the complexity-theoretic approach

Outline

1 CIL in Coq

Oracle systems Adversary

Indistinguishability and Contexts

2 Dziembowski’s intrusion resilient protocol

Intrusion-Resilient Key Generation Protocol Proof in CIL of the Key Generation Protocol

Outline

1 CIL in Coq

Oracle systems Adversary

Indistinguishability and Contexts

2 Dziembowski’s intrusion resilient protocol Intrusion-Resilient Key Generation Protocol Proof in CIL of the Key Generation Protocol

Oracles and signatures

Cryptographic systems are modeled asoracle systems. Each oracle

has :

A name of type oracle_name

An input type and an output type

An implementation complying with this signature and the internal state of the system

Record oracle_signature := mkOS { oracle_name : Type;

oracle_input: oracle_name -> Type; oracle_output: oracle_name -> Type.}

Definition oracle_fun (input:Type) (output:Type) := input * State -> distr (output * State).

Variable os : oracle_signature.

Definition oracle_functions := forall name,

Adversary model

An adversary interacts with the oracle system by sending queries.

D e f i n i t i o n r u n _ f u n c t i o n s t a t e A := s t a t e - > d i s t r ( R e s p o n s e s t a t e A ).

A response can be :

a request of an oracle call a final value to be returned

I n d u c t i v e R e s p o n s e s t a t e A := R e q u e s t : f o r a l l ( n a m e : o r a c l e _ n a m e os ) , ( o r a c l e _ i n p u t os n am e ) - > ( o r a c l e _ o u t p u t os na m e - > s t a t e ) -> R e s p o n s e s t a t e A | R e t u r n : A -> R e s p o n s e s t a t e A .

Indistinguishability

Indistinguishablity between two oracles systems:

O1∼~_k,O2 ⇔ ∀A, (∀_O.P_(A|O)(>) =1)⇒

(∀O,o.P(A|O)(#o >ko) =0)⇒

P_(A|O1)(answer=true)−P_(A|O2)(answer=true)

≤

Definition indistinguishable

(f1:frame os State) (f2:frame os State2)

(call_bound:oracle_name os -> nat) (epsilon:U):= forall (att:attack _ bool),

at_most_calls att call_bound -> diff (outcome f1 att (True_ev _))

Contexts

Adversary Context σ_C[O] Context statemc Oracle System σO Oracle state m Adv state mA Adversary Context Simulator Oracle System Oracle state m Adversary extended state <mA,mc> σO

Other CIL Rules

Some other rules are based upon forward bisimulation, backward bisimulation, determinization...

hand proofs in CIL:

FDH, PSS, ElGamal, OAEP,....

a general theorem for verifying iterative hash designs applied to many Sha-3 candidates (Ph.D. Thesis M. Daubignard).

Outline

1 CIL in Coq Oracle systems Adversary

Indistinguishability and Contexts

2 Dziembowski’s intrusion resilient protocol

Intrusion-Resilient Key Generation Protocol Proof in CIL of the Key Generation Protocol

Introduction CIL in Coq Application Conclusion References

Intrusion Resilience in Black-Box Model?

Motivation:

the black box model has its limits: does not cover side-channel attacks nor intrusive attacks

there is a need to design cryptographic protocols resilient to intrusion (viruses).

Aim: secure protocols in the presence of viruses.

be any computation that has no limit on its computation time and memory but whose output is limited in size.

Intrusion Resilience in Black-Box Model?

Motivation:

the black box model has its limits: does not cover side-channel attacks nor intrusive attacks

there is a need to design cryptographic protocols resilient to intrusion (viruses).

Aim: secure protocols in the presence of viruses.

The Bounded Storage Memory model (from [Mau92]): a virus can be any computation that has no limit on its computation time and memory but whose output is limited in size.

Intrusion Resilient Key Generation Protocol

Scheme is from [Dzi06].

π0 π1 Alice Na Bob N_b S_a0 def= H(f(K,Na,Nb)) Sb0 def = H(f(K,Na,Nb)) pk_a,macS0(pk_a) checkmac

κi R

←− {0,1}δ(k) εpka(κi),macS0(εpka(κi))

checkmac

K: a large random key.

f: a random extractor.

An Example of an Oracle Formalization

Definition o_Bob_nonce_sender :

oracle_fun State (input_type Bob_nonce_sender) (output_type Bob_nonce_sender) :=

fun e => match Bflags (snd e) with | Bob_start =>

let n := Brnd_nonce (Brnds (snd e)) in

let s := (long_term_key (snd e) (fst e) n) in mlet hashs := o_H (s,snd e) in

let (K,LH,As,_,Ar,Br,v) := snd hashs in

!(n,mks K LH As (Bob_middle (fst hashs)) Ar Br v) | _ => !(nul_string,snd e)

Idealized Protocol

π0 π1 Alice Na Bob Nb if pass. adver. thenS_a0 :=S_b0 elseS_a0 ←R− DH S_b0 ←R− DH

pk_a,macS0(pk_a) checkmac

κi R ←− {0,1}δ(k) εpka(0),macS0(εpka(0)) checkmac κA_i :=κi S0 _{is independent fromN}

Attack Model

Adversary can observe and corrupt several sessions. Sequential (no concurrent sessions).

Proof Sketch

Oπ ∼ O_πid = = Cπ0[Oπ1] C_πid 0 [O_πid 1 ] Oπ1 ∼ O_πid 1 =⇒ ∼ ∼ ⇐= Oπ0 ∼ O_πid 0 = = Cπ0[O_πid 1 ] = C_πid 1 [Oπ0] = = Cε_pk(·)[OMAC] C_{MAC id}[Oε_pk(0)] CH[OK] ∼ CH[OU] ∼ ∼ ⇑ Cε_pk(·)[O_{MAC id}] = C_{MAC id}[Oε_pk(·)] OK ∼ OU ⇑ ⇑ O_{MAC id}∼OMAC Oε_pk(·)∼Oε_pk(0)

π0: first part of the protocol π1: second part of the protocol

Introduction CIL in Coq Application Conclusion References

Focus on

π

1

∼

π

id1 π1 ∼ π1id Cεsk(·)[MAC] CMACid[εsk(0)] ∼ ∼ Cεsk(·)[MAC id_{] =} CMACid[ε_sk(·)] ⇑ ⇑ MACid _{∼MAC ε} pk(·)∼εpk(0)

Introduction CIL in Coq Application Conclusion References

Focus on

π

1

∼

π

id1 π1 ∼ π1id = = Cεsk(·)[MAC] CMACid[εsk(0)] Cεsk(·)[MAC id_{] =} CMACid[ε_sk(·)] ⇑ ⇑ MACid _{∼MAC ε} pk(·)∼εpk(0)

Introduction CIL in Coq Application Conclusion References

Focus on

π

1

∼

π

id1 π1 ∼ π1id = = Cεsk(·)[MAC] CMACid[εsk(0)] ∼ ∼ Cεsk(·)[MAC id_{] =} CMACid[ε_sk(·)] MACid _{∼MAC ε} pk(·)∼εpk(0)

Focus on

π

1

∼

π

id1 π1 ∼ π1id = = Cεsk(·)[MAC] CMACid[εsk(0)] ∼ ∼ Cεsk(·)[MAC id_{] =} CMACid[ε_sk(·)] ⇑ ⇑ MACid _{∼MAC ε} pk(·)∼εpk(0)

Conclusion

In this work, we have:

demonstrated the usability of CIL’s formalization in Coq to prove intrusion resilience of a non-trivial key-exchange protocol To our knowledge, the first formal proof of a scheme in the non-black-box model

The first formal proof of a protocol in the concrete security model.

Related Work:

Formal verification of cryptographic schemes:

Indistinguishability logics: Impaglazzio and Kapron (2006); Datta et. al. (2006); Zhang (2008)...

Future Work

other examples: group key exchange protocols, ... use “decision procedures” for higher automatization

bisimilation,

probability bounds,...

improve the tactics to minimize the user’s goals to non-trivial proofs,

design a tool that builds the Coq formalization of a cryptographic scheme from a protocol description, and the trivial parts of the proof.

References

S. Dziembowski.

Intrusion-resilience via the bounded-storage model.

Lecture Notes in Computer Science, 3876:207, 2006.

U.M. Maurer.

Conditionally-perfect secrecy and a provably-secure randomized cipher.