TY - GEN
T1 - Modular code-based cryptographic verification
AU - Fournet, Cédric
AU - Kohlweiss, Markulf
AU - Strub, Pierre Yves
PY - 2011/11/14
Y1 - 2011/11/14
N2 - Type systems are effective tools for verifying the security of cryptographic programs. They provide automation, modularity and scalability, and have been applied to large security protocols. However, they traditionally rely on abstract assumptions on the underlying cryptographic primitives, expressed in symbolic models. Cryptographers usually reason on security assumptions using lower level, computational models that precisely account for the complexity and success probability of attacks. These models are more realistic, but they are harder to formalize and automate. We present the first modular automated program verification method based on standard cryptographic assumptions. We show how to verify ideal functionalities and protocols written in ML by typing them against new cryptographic interfaces using F7, a refinement type checker coupled with an SMT-solver. We develop a probabilistic core calculus for F7 and formalize its type safety in COQ. We build typed module and interfaces for MACs, signatures, and encryptions, and establish their authenticity and secrecy properties. We relate their ideal functionalities and concrete implementations, using game-based program transformations behind typed interfaces. We illustrate our method on a series of protocol implementations.
AB - Type systems are effective tools for verifying the security of cryptographic programs. They provide automation, modularity and scalability, and have been applied to large security protocols. However, they traditionally rely on abstract assumptions on the underlying cryptographic primitives, expressed in symbolic models. Cryptographers usually reason on security assumptions using lower level, computational models that precisely account for the complexity and success probability of attacks. These models are more realistic, but they are harder to formalize and automate. We present the first modular automated program verification method based on standard cryptographic assumptions. We show how to verify ideal functionalities and protocols written in ML by typing them against new cryptographic interfaces using F7, a refinement type checker coupled with an SMT-solver. We develop a probabilistic core calculus for F7 and formalize its type safety in COQ. We build typed module and interfaces for MACs, signatures, and encryptions, and establish their authenticity and secrecy properties. We relate their ideal functionalities and concrete implementations, using game-based program transformations behind typed interfaces. We illustrate our method on a series of protocol implementations.
KW - Cryptography
KW - Refinement types
KW - Security protocols
U2 - 10.1145/2046707.2046746
DO - 10.1145/2046707.2046746
M3 - Conference contribution
AN - SCOPUS:80755169483
SN - 9781450310758
T3 - Proceedings of the ACM Conference on Computer and Communications Security
SP - 341
EP - 350
BT - CCS'11 - Proceedings of the 18th ACM Conference on Computer and Communications Security
T2 - 18th ACM Conference on Computer and Communications Security, CCS'11
Y2 - 17 October 2011 through 21 October 2011
ER -