Efficient Interactive Construction of Machine-Checked Protocol Security Proofs in the Context of Dynamically Compromising Adversaries

Abstract

In this master thesis, we provide a method for the efficient interactive construction of machinecheckable protocol security proofs in the context of compromising adversaries. In our method, we first specify a protocol according to our security protocol model. That means we specify which data is sent and received. Moreover, we also specify at which points in the protocol execution, data is stored in an unprotected system state, when a session-key is established, and which data is a randomly generated number. In our security protocol model, the adversary can reveal data from all three categories. Moreover he can also reveal long-term secrets of protocol participants. In the next step of our proof method, we specify the capabilities of the adversary. Based on these capabilities, we specify security properties. Before proving them, we establish a property per message meant to be secret. This property lists the reveals the adversary has to perform in order to learn the message. In the secrecy property proofs, we can use the property of the according message to verify that non of the reveals are allowed and therefore the message is secret. Moreover we use secrecy properties for shortening authentication property proofs. We apply this proof method successfully to various protocols from the literature as well as artificial protocol creations. The security proof construction times depend on how much short-term data is available. In protocols without short-term data they are comparable to other methods for interactive construction of machine-checkable protocol security proofs. For our proof method, we use a method that provides efficient construction of machinecheckable protocol security proofs for a Dolev-Yao style adversary as base. From the according security protocol model, we first removed the Dolev-Yao style adversary and replaced it with the compromising adversaries framework. Then we adopted the proof method to support the explicit capabilities of the adversary.