Layered Symbolic Security Analysis in DY*

Karthikeyan Bhargavan; Abhishek Bichhawat; Pedram Hosseyni; Ralf Küsters; Klaas Pruiksma; Guido Schmitz; Clara Waldmann; Tim Würtele

doi:10.1007/978-3-031-51479-1_1

Layered Symbolic Security Analysis in DY*

Karthikeyan Bhargavan, Abhishek Bichhawat, Pedram Hosseyni, Ralf Küsters, Klaas Pruiksma, Guido Schmitz, Clara Waldmann, Tim Würtele

Department of Information Security

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

While cryptographic protocols are often analyzed in isolation, they are typically deployed within a stack of protocols, where each layer relies on the security guarantees provided by the protocol layer be- low it, and in turn provides its own security functionality to the layer above. Formally analyzing the whole stack in one go is infeasible even for semi-automated verification tools, and impossible for pen-and-paper proofs. The DY⋆ protocol verification framework offers a modular and scalable technique that can reason about large protocols, specified as a set of F⋆ modules. However, it does not support the compositional verification of layered protocols since it treats the global security invariants monolithically. In this paper, we extend DY⋆ with a new methodology that allows analysts to modularly analyze each layer in a way that compose to provide security for a protocol stack. Importantly, our technique allows a layer to be replaced by another implementation, without affecting the proofs of other layers. We demonstrate this methodology on two case studies. We also present a verified library of generic authenticated and confidential communication patterns that can be used in future protocol analyses and is of independent interest.

Original language	English
Title of host publication	28th European Symposium on Research in Computer Security (ESORICS 2023)
Pages	3-21
Number of pages	19
ISBN (Electronic)	978-3-031-51479-1
DOIs	https://doi.org/10.1007/978-3-031-51479-1_1
Publication status	Published - 12 Jan 2024

Publication series

Name	Lecture Notes in Computer Science
Publisher	Springer
Volume	14346
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Access to Document

10.1007/978-3-031-51479-1_1

Cite this

@inproceedings{24b79eaf31974687a8c1bd13d119d771,

title = "Layered Symbolic Security Analysis in DY*",

abstract = "While cryptographic protocols are often analyzed in isolation, they are typically deployed within a stack of protocols, where each layer relies on the security guarantees provided by the protocol layer be- low it, and in turn provides its own security functionality to the layer above. Formally analyzing the whole stack in one go is infeasible even for semi-automated verification tools, and impossible for pen-and-paper proofs. The DY⋆ protocol verification framework offers a modular and scalable technique that can reason about large protocols, specified as a set of F⋆ modules. However, it does not support the compositional verification of layered protocols since it treats the global security invariants monolithically. In this paper, we extend DY⋆ with a new methodology that allows analysts to modularly analyze each layer in a way that compose to provide security for a protocol stack. Importantly, our technique allows a layer to be replaced by another implementation, without affecting the proofs of other layers. We demonstrate this methodology on two case studies. We also present a verified library of generic authenticated and confidential communication patterns that can be used in future protocol analyses and is of independent interest.",

author = "Karthikeyan Bhargavan and Abhishek Bichhawat and Pedram Hosseyni and Ralf K{\"u}sters and Klaas Pruiksma and Guido Schmitz and Clara Waldmann and Tim W{\"u}rtele",

year = "2024",

month = jan,

day = "12",

doi = "10.1007/978-3-031-51479-1_1",

language = "English",

isbn = "978-3-031-51478-4",

series = " Lecture Notes in Computer Science",

publisher = "Springer",

pages = "3--21",

booktitle = "28th European Symposium on Research in Computer Security (ESORICS 2023)",

}

TY - GEN

T1 - Layered Symbolic Security Analysis in DY*

AU - Bhargavan, Karthikeyan

AU - Bichhawat, Abhishek

AU - Hosseyni, Pedram

AU - Küsters, Ralf

AU - Pruiksma, Klaas

AU - Schmitz, Guido

AU - Waldmann, Clara

AU - Würtele, Tim

PY - 2024/1/12

Y1 - 2024/1/12

N2 - While cryptographic protocols are often analyzed in isolation, they are typically deployed within a stack of protocols, where each layer relies on the security guarantees provided by the protocol layer be- low it, and in turn provides its own security functionality to the layer above. Formally analyzing the whole stack in one go is infeasible even for semi-automated verification tools, and impossible for pen-and-paper proofs. The DY⋆ protocol verification framework offers a modular and scalable technique that can reason about large protocols, specified as a set of F⋆ modules. However, it does not support the compositional verification of layered protocols since it treats the global security invariants monolithically. In this paper, we extend DY⋆ with a new methodology that allows analysts to modularly analyze each layer in a way that compose to provide security for a protocol stack. Importantly, our technique allows a layer to be replaced by another implementation, without affecting the proofs of other layers. We demonstrate this methodology on two case studies. We also present a verified library of generic authenticated and confidential communication patterns that can be used in future protocol analyses and is of independent interest.

AB - While cryptographic protocols are often analyzed in isolation, they are typically deployed within a stack of protocols, where each layer relies on the security guarantees provided by the protocol layer be- low it, and in turn provides its own security functionality to the layer above. Formally analyzing the whole stack in one go is infeasible even for semi-automated verification tools, and impossible for pen-and-paper proofs. The DY⋆ protocol verification framework offers a modular and scalable technique that can reason about large protocols, specified as a set of F⋆ modules. However, it does not support the compositional verification of layered protocols since it treats the global security invariants monolithically. In this paper, we extend DY⋆ with a new methodology that allows analysts to modularly analyze each layer in a way that compose to provide security for a protocol stack. Importantly, our technique allows a layer to be replaced by another implementation, without affecting the proofs of other layers. We demonstrate this methodology on two case studies. We also present a verified library of generic authenticated and confidential communication patterns that can be used in future protocol analyses and is of independent interest.

U2 - 10.1007/978-3-031-51479-1_1

DO - 10.1007/978-3-031-51479-1_1

M3 - Conference contribution

SN - 978-3-031-51478-4

T3 - Lecture Notes in Computer Science

SP - 3

EP - 21

BT - 28th European Symposium on Research in Computer Security (ESORICS 2023)

ER -