Title : 
Verifying Privacy-Type Properties in a Modular Way
         
        
            Author : 
Arapinis, M. ; Cheval, V. ; Delaune, S.
         
        
            Author_Institution : 
Sch. of Comput. Sci., Univ. of Birmingham, Birmingham, UK
         
        
        
        
        
        
            Abstract : 
Formal methods have proved their usefulness for analysing the security of protocols. In this setting, privacy-type security properties (e.g. vote-privacy, anonymity, unlink ability) that play an important role in many modern applications are formalised using a notion of equivalence. In this paper, we study the notion of trace equivalence and we show how to establish such an equivalence relation in a modular way. It is well-known that composition works well when the processes do not share secrets. However, there is no result allowing us to compose processes that rely on some shared secrets such as long term keys. We show that composition works even when the processes share secrets provided that they satisfy some reasonable conditions. Our composition result allows us to prove various equivalence-based properties in a modular way, and works in a quite general setting. In particular, we consider arbitrary cryptographic primitives and processes that use non-trivial else branches. As an example, we consider the ICAO e-passport standard, and we show how the privacy guarantees of the whole application can be derived from the privacy guarantees of its sub-protocols.
         
        
            Keywords : 
cryptographic protocols; data privacy; formal verification; government data processing; ICAO e-passport standard; anonymity; cryptographic primitives; equivalence relation; formal methods; formal verification; privacy-type security properties; protocol security; secret sharing; subprotocols; trace equivalence; Context; Cryptography; Mathematical model; Mobile handsets; Privacy; Protocols; Anonymity and privacy; Formal methods; Parallel composition; Security procotols; Trace equivalence;
         
        
        
        
            Conference_Titel : 
Computer Security Foundations Symposium (CSF), 2012 IEEE 25th
         
        
            Conference_Location : 
Cambridge, MA
         
        
        
            Print_ISBN : 
978-1-4673-1918-8
         
        
            Electronic_ISBN : 
1940-1434
         
        
        
            DOI : 
10.1109/CSF.2012.16