Formalizing and analyzing security ceremonies with heterogeneous devices in ANP and PDL

Abstract

In today's security protocols (also called “security ceremonies” when humans play a key role), different nodes may have different capabilities: computers can encrypt and decrypt messages, whereas humans cannot; a biometric device can capture biometric information, whereas a random number generator used in e-banking cannot; and so on. Furthermore, even if a node has the decryption capability, it must also know the encryption key to decrypt a message. Actor-network procedures (ANPs) are a well-known formal model of heterogeneous security protocols by Meadows and Pavlovic, and their procedure derivation logic (PDL) supports the logical reasoning about ANPs. However, ANPs do not support explicitly specifying node capabilities, and PDL does not support reasoning explicitly about the knowledge of the participants at different points in time. In this paper, we extend ANPs to deal with heterogeneous devices by explicitly specifying the nodes' capabilities, as well as by adding new types of events. We also modify PDL to take into account the knowledge of participants at different points in time, and extend PDL to reason both from a “bird's-eye” view of the system, as well from a “node's-eye” view. All this allows us to reason about secrecy and authentication in security protocols/ceremonies with different kinds of devices and human users. We illustrate the use of our modeling notation ANP-C and our logics PDL-CK and PDL-CKL to specify and reason about a number of scenarios involving different kinds of devices, including: scenarios for updating someone's data in a smart card reader; an SSL/TLS ceremony involving a user, a smartphone with a fingerprint reader, and a remote computer/server; and scenarios involving the YubiKey authentication device used by companies such as Google, Facebook, and Bank of America.