Lucca Hirschi, David Baelde, and Stéphanie Delaune. A method for unbounded verification of privacy-type properties. Journal of Computer Security, 27(3):277–342, 2019.
In this paper, we consider the problem of verifying anonymity and unlinkability in the symbolic model, where protocols are represented as processes in a variant of the applied pi calculus, notably used in the Proverif tool. Existing tools and techniques do not allow to verify directly these properties, expressed as behavioral equivalences. We propose a different approach: we design two conditions on protocols which are sufficient to ensure anonymity and unlinkability, and which can then be effectively checked automatically using \proverif. Our two conditions correspond to two broad classes of attacks on unlinkability, i.e. data and control-flow leaks. % This theoretical result is general enough that it applies to a wide class of protocols based on a variety of cryptographic primitives. In particular, using our tool, UKano, we provide the first formal security proofs of protocols such as BAC and PACE (e-passport), Hash-Lock (RFID authentication), etc. Our work has also lead to the discovery of new attacks, including one on the LAK protocol (RFID authentication) which was previously claimed to be unlinkable (in a weak sense).
@article{HBD-jcs19,
abstract = {In this paper, we consider the problem of verifying anonymity and
unlinkability in the symbolic model, where protocols are represented
as processes in a variant of the applied pi calculus, notably used
in the Proverif tool.
Existing tools and techniques do not allow to
verify directly these properties, expressed as behavioral
equivalences. We propose a different approach:
we design two conditions on protocols
which are sufficient to ensure anonymity and unlinkability, and
which can then be effectively checked automatically using \proverif.
Our two conditions correspond to two broad classes of attacks
on unlinkability, i.e. data and control-flow leaks.
%
This theoretical result is general enough that it applies to a wide
class of protocols based on a variety of cryptographic primitives. In particular, using our tool, UKano, we
provide the first formal security proofs of protocols such as BAC and
PACE (e-passport), Hash-Lock (RFID authentication), etc.
Our work has also lead to the discovery of new attacks,
including one on the LAK protocol (RFID authentication)
which was previously claimed to be unlinkable (in a weak sense).
},
author = {Lucca Hirschi and
David Baelde and
St{\'{e}}phanie Delaune},
title = {A method for unbounded verification of privacy-type properties},
journal = {Journal of Computer Security},
volume = {27},
number = {3},
pages = {277--342},
year = {2019},
}