ProVerif

Last updated
ProVerif
Developer(s) Bruno Blanchet
Initial releaseJune 1, 2002 (2002-06-01)
Stable release
2.04 / December 1, 2021 (2021-12-01) [1]
Written in OCaml
Available inEnglish
License Mainly, GNU GPL; Windows binaries, BSD licenses
Website prosecco.gforge.inria.fr/personal/bblanche/proverif/

ProVerif is a software tool for automated reasoning about the security properties of cryptographic protocols. The tool has been developed by Bruno Blanchet and others.

Contents

Support is provided for cryptographic primitives including: symmetric & asymmetric cryptography; digital signatures; hash functions; bit-commitment; and signature proofs of knowledge. The tool is capable of evaluating reachability properties, correspondence assertions and observational equivalence. These reasoning capabilities are particularly useful to the computer security domain since they permit the analysis of secrecy and authentication properties. Emerging properties such as privacy, traceability and verifiability can also be considered. Protocol analysis is considered with respect to an unbounded number of sessions and an unbounded message space. The tool is capable of attack reconstruction: when a property cannot be proved, an execution trace which falsifies the desired property is constructed.

Applicability of ProVerif

ProVerif has been used in the following case studies, which include the security analysis of actual network protocols:

Further examples can be found online: .

Alternatives

Alternative analysis tools include: AVISPA (for reachability and correspondence assertions), KISS (for static equivalence), YAPA (for static equivalence). CryptoVerif for verification of security against polynomial time adversaries in the computational model. The Tamarin Prover is a modern alternative to ProVerif, with excellent support for Diffie-Hellman equational reasoning, and verification of observational equivalence properties.

Related Research Articles

<span class="mw-page-title-main">David Chaum</span> American computer scientist and cryptographer

David Lee Chaum is an American computer scientist, cryptographer, and inventor. He is known as a pioneer in cryptography and privacy-preserving technologies, and widely recognized as the inventor of digital cash. His 1982 dissertation "Computer Systems Established, Maintained, and Trusted by Mutually Suspicious Groups" is the first known proposal for a blockchain protocol. Complete with the code to implement the protocol, Chaum's dissertation proposed all but one element of the blockchain later detailed in the Bitcoin whitepaper. He has been referred to as "the father of online anonymity", and "the godfather of cryptocurrency".

The Otway–Rees protocol is a computer network authentication protocol designed for use on insecure networks. It allows individuals communicating over such a network to prove their identity to each other while also preventing eavesdropping or replay attacks and allowing for the detection of modification.

In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party can prove to another party that a given statement is true, while avoiding conveying to the verifier any information beyond the mere fact of the statement's truth. The intuition underlying zero-knowledge proofs is that it is trivial to prove the possession of certain information by simply revealing it; the challenge is to prove this possession without revealing the information, or any aspect of it whatsoever.

A cryptographic protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods, often as sequences of cryptographic primitives. A protocol describes how the algorithms should be used and includes details about data structures and representations, at which point it can be used to implement multiple, interoperable versions of a program.

A Byzantine fault is a condition of a computer system, particularly distributed computing systems, where components may fail and there is imperfect information on whether a component has failed. The term takes its name from an allegory, the "Byzantine generals problem", developed to describe a situation in which, to avoid catastrophic failure of the system, the system's actors must agree on a concerted strategy, but some of these actors are unreliable.

Markus Guenther Kuhn is a German computer scientist, currently working at the Computer Laboratory, University of Cambridge and a fellow of Wolfson College, Cambridge.

In cryptography, a private information retrieval (PIR) protocol is a protocol that allows a user to retrieve an item from a server in possession of a database without revealing which item is retrieved. PIR is a weaker version of 1-out-of-n oblivious transfer, where it is also required that the user should not get information about other database items.

The Diffie–Hellman problem (DHP) is a mathematical problem first proposed by Whitfield Diffie and Martin Hellman in the context of cryptography and serves as the theoretical basis of the Diffie–Hellman key exchange and its derivatives. The motivation for this problem is that many security systems use one-way functions: mathematical operations that are fast to compute, but hard to reverse. For example, they enable encrypting a message, but reversing the encryption is difficult. If solving the DHP were easy, these systems would be easily broken.

Digital credentials are the digital equivalent of paper-based credentials. Just as a paper-based credential could be a passport, a driver's license, a membership certificate or some kind of ticket to obtain some service, such as a cinema ticket or a public transport ticket, a digital credential is a proof of qualification, competence, or clearance that is attached to a person. Also, digital credentials prove something about their owner. Both types of credentials may contain personal information such as the person's name, birthplace, birthdate, and/or biometric information such as a picture or a finger print.

Non-interactive zero-knowledge proofs are cryptographic primitives, where information between a prover and a verifier can be authenticated by the prover, without revealing any of the specific information beyond the validity of the statement itself. This function of encryption makes direct communication between the prover and verifier unnecessary, effectively removing any intermediaries. The core trustless cryptography "proofing" involves a hash function generation of a random number, constrained within mathematical parameters determined by the prover and verifier.

Virgil Dorin Gligor is a Romanian-American professor of electrical and computer engineering who specializes in the research of network security and applied cryptography.

Michael Burrows, FRS is a British computer scientist and the creator of the Burrows–Wheeler transform, currently working for Google. Born in Britain, as of 2018 he lives in the United States, although he remains a British citizen.

Direct Anonymous Attestation (DAA) is a cryptographic primitive which enables remote authentication of a trusted computer whilst preserving privacy of the platform's user. The protocol has been adopted by the Trusted Computing Group (TCG) in the latest version of its Trusted Platform Module (TPM) specification to address privacy concerns. ISO/IEC 20008 specifies DAA, as well, and Intel's Enhanced Privacy ID (EPID) 2.0 implementation for microprocessors is available for licensing RAND-Z along with an open source SDK.

Linked timestamping is a type of trusted timestamping where issued time-stamps are related to each other.

Extended static checking (ESC) is a collective name in computer science for a range of techniques for statically checking the correctness of various program constraints. ESC can be thought of as an extended form of type checking. As with type checking, ESC is performed automatically at compile time. This distinguishes it from more general approaches to the formal verification of software, which typically rely on human-generated proofs. Furthermore, it promotes practicality over soundness, in that it aims to dramatically reduce the number of false positives at the cost of introducing some false negatives. ESC can identify a range of errors that are currently outside the scope of a type checker, including division by zero, array out of bounds, integer overflow and null dereferences.

Computer security compromised by hardware failure is a branch of computer security applied to hardware. The objective of computer security includes protection of information and property from theft, corruption, or natural disaster, while allowing the information and property to remain accessible and productive to its intended users. Such secret information could be retrieved by different ways. This article focus on the retrieval of data thanks to misused hardware or hardware failure. Hardware could be misused or exploited to get secret data. This article collects main types of attack that can lead to data theft.

<span class="mw-page-title-main">F* (programming language)</span> Functional programming language inspired by ML and aimed at program verification

F* is a functional programming language inspired by ML and aimed at program verification. Its type system includes dependent types, monadic effects, and refinement types. This allows expressing precise specifications for programs, including functional correctness and security properties. The F* type-checker aims to prove that programs meet their specifications using a combination of SMT solving and manual proofs. Programs written in F* can be translated to OCaml, F#, and C for execution. Previous versions of F* could also be translated to JavaScript.

<span class="mw-page-title-main">Amit Sahai</span> American cryptographer (born 1974)

Amit Sahai is an Indian-American computer scientist. He is a professor of computer science at UCLA and the director of the Center for Encrypted Functionalities.

Garbled circuit is a cryptographic protocol that enables two-party secure computation in which two mistrusting parties can jointly evaluate a function over their private inputs without the presence of a trusted third party. In the garbled circuit protocol, the function has to be described as a Boolean circuit.

In computer security, proof of secure erasure (PoSE) or proof of erasure is a remote attestation protocol, by which an embedded device proves to a verifying party, that it has just erased (overwritten) all its writable memory. The purpose is to make sure that no malware remains in the device. After that typically a new software is installed into the device.

References

  1. New release: ProVerif 2.04 - Community - OCaml
  2. Abadi, Martín; Blanchet, Bruno (2005). "Computer-assisted verification of a protocol for certified email". Science of Computer Programming. 58 (1–2): 3–27. doi: 10.1016/j.scico.2005.02.002 .
  3. Abadi, Martín; Glew, Neal (2002). "Certified email with a light on-line trusted third party". Proceedings of the 11th international conference on World Wide Web. WWW '02. New York, NY, USA: ACM. pp. 387–395. doi:10.1145/511446.511497. ISBN   978-1581134490. S2CID   9035150.
  4. Abadi, Martín; Blanchet, Bruno; Fournet, Cédric (July 2007). "Just Fast Keying in the Pi Calculus". ACM Transactions on Information and System Security. 10 (3): 9–es. CiteSeerX   10.1.1.3.3762 . doi:10.1145/1266977.1266978. ISSN   1094-9224. S2CID   2371806.
  5. Aiello, William; Bellovin, Steven M.; Blaze, Matt; Canetti, Ran; Ioannidis, John; Keromytis, Angelos D.; Reingold, Omer (May 2004). "Just Fast Keying: Key Agreement in a Hostile Interne". ACM Transactions on Information and System Security. 7 (2): 242–273. doi:10.1145/996943.996946. ISSN   1094-9224. S2CID   14442788.
  6. Blanchet, B.; Chaudhuri, A. (May 2008). "Automated Formal Analysis of a Protocol for Secure File Sharing on Untrusted Storage". 2008 IEEE Symposium on Security and Privacy (Sp 2008). pp. 417–431. CiteSeerX   10.1.1.362.4343 . doi:10.1109/SP.2008.12. ISBN   978-0-7695-3168-7. S2CID   6736116.
  7. Kallahalla, Mahesh; Riedel, Erik; Swaminathan, Ram; Wang, Qian; Fu, Kevin (2003). "Plutus: Scalable Secure File Sharing on Untrusted Storage". Proceedings of the 2nd USENIX Conference on File and Storage Technologies. FAST '03: 29–42.
  8. Bhargavan, Karthikeyan; Fournet, Cédric; Gordon, Andrew D. (2006-09-08). "Verified Reference Implementations of WS-Security Protocols". Web Services and Formal Methods. Lecture Notes in Computer Science. Vol. 4184. Springer, Berlin, Heidelberg. pp. 88–106. CiteSeerX   10.1.1.61.3389 . doi:10.1007/11841197_6. ISBN   9783540388623.
  9. Bhargavan, Karthikeyan; Fournet, Cédric; Gordon, Andrew D.; Swamy, Nikhil (2008). "Verified implementations of the information card federated identity-management protocol". Proceedings of the 2008 ACM symposium on Information, computer and communications security. ASIACCS '08. New York, NY, USA: ACM. pp. 123–135. doi:10.1145/1368310.1368330. ISBN   9781595939791. S2CID   6821014.
  10. Bhargavan, Karthikeyan; Fournet, Cédric; Gordon, Andrew D.; Tse, Stephen (December 2008). "Verified Interoperable Implementations of Security Protocols". ACM Transactions on Programming Languages and Systems. 31 (1): 5:1–5:61. CiteSeerX   10.1.1.187.9727 . doi:10.1145/1452044.1452049. ISSN   0164-0925. S2CID   14018835.
  11. Chen, Liqun; Ryan, Mark (2009-11-05). "Attack, Solution and Verification for Shared Authorisation Data in TCG TPM". Formal Aspects in Security and Trust. Lecture Notes in Computer Science. Vol. 5983. Springer, Berlin, Heidelberg. pp. 201–216. CiteSeerX   10.1.1.158.2073 . doi:10.1007/978-3-642-12459-4_15. ISBN   9783642124587.
  12. Delaune, Stéphanie; Kremer, Steve; Ryan, Mark (2009-01-01). "Verifying privacy-type properties of electronic voting protocols". Journal of Computer Security. 17 (4): 435–487. CiteSeerX   10.1.1.142.1731 . doi:10.3233/jcs-2009-0340. ISSN   0926-227X.
  13. Kremer, Steve; Ryan, Mark (2005-04-04). "Analysis of an Electronic Voting Protocol in the Applied Pi Calculus". Programming Languages and Systems. Lecture Notes in Computer Science. Vol. 3444. Springer, Berlin, Heidelberg. pp. 186–200. doi:10.1007/978-3-540-31987-0_14. ISBN   9783540254355.
  14. Backes, M.; Hritcu, C.; Maffei, M. (June 2008). "Automated Verification of Remote Electronic Voting Protocols in the Applied Pi-Calculus". 2008 21st IEEE Computer Security Foundations Symposium. pp. 195–209. CiteSeerX   10.1.1.612.2408 . doi:10.1109/CSF.2008.26. ISBN   978-0-7695-3182-3. S2CID   15189878.
  15. Delaune, Stéphanie; Ryan, Mark; Smyth, Ben (2008-06-18). "Automatic Verification of Privacy Properties in the Applied pi Calculus". Trust Management II. IFIP – The International Federation for Information Processing. Vol. 263. Springer, Boston, MA. pp. 263–278. doi:10.1007/978-0-387-09428-1_17. ISBN   9780387094274.
  16. Backes, M.; Maffei, M.; Unruh, D. (May 2008). "Zero-Knowledge in the Applied Pi-calculus and Automated Verification of the Direct Anonymous Attestation Protocol". 2008 IEEE Symposium on Security and Privacy (Sp 2008). pp. 202–215. CiteSeerX   10.1.1.463.489 . doi:10.1109/SP.2008.23. ISBN   978-0-7695-3168-7. S2CID   651680.
  17. Küsters, R.; Truderung, T. (July 2009). "Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation". 2009 22nd IEEE Computer Security Foundations Symposium. pp. 157–171. CiteSeerX   10.1.1.667.7130 . doi:10.1109/CSF.2009.17. ISBN   978-0-7695-3712-2. S2CID   14185888.
  18. Küsters, Ralf; Truderung, Tomasz (2011-04-01). "Reducing Protocol Analysis with XOR to the XOR-Free Case in the Horn Theory Based Approach". Journal of Automated Reasoning. 46 (3–4): 325–352. arXiv: 0808.0634 . doi:10.1007/s10817-010-9188-8. ISSN   0168-7433. S2CID   7597742.
  19. Kremer, Steve; Ryan, Mark; Smyth, Ben (2010-09-20). "Election Verifiability in Electronic Voting Protocols". Computer Security – ESORICS 2010. Lecture Notes in Computer Science. Vol. 6345. Springer, Berlin, Heidelberg. pp. 389–404. CiteSeerX   10.1.1.388.2984 . doi:10.1007/978-3-642-15497-3_24. ISBN   9783642154966.
  20. "Application Layer Transport Security | Documentation". Google Cloud.
  21. Sardar, Muhammad Usama; Quoc, Do Le; Fetzer, Christof (August 2020). "Towards Formalization of Enhanced Privacy ID (EPID)-based Remote Attestation in Intel SGX". 2020 23rd Euromicro Conference on Digital System Design (DSD). Kranj, Slovenia: IEEE. pp. 604–607. doi:10.1109/DSD51259.2020.00099. ISBN   978-1-7281-9535-3. S2CID   222297511.
  22. Sardar, Muhammad Usama; Faqeh, Rasha; Fetzer, Christof (2020). "Formal Foundations for Intel SGX Data Center Attestation Primitives". In Lin, Shang-Wei; Hou, Zhe; Mahony, Brendan (eds.). Formal Methods and Software Engineering. Lecture Notes in Computer Science. Vol. 12531. Cham: Springer International Publishing. pp. 268–283. doi:10.1007/978-3-030-63406-3_16. ISBN   978-3-030-63406-3. S2CID   229344923.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.