Automated Analysis of Accountability
Lecture Notes in Computer Science
A recent trend in the construction of security protocols such as voting and certificate management systems is to make principals accountable for their actions. Whenever some principals deviate from the protocol's prescription and cause the failure of a goal of the system, accountability ensures that the system can detect the misbehaving parties who caused that failure. Accountability is an intuitively stronger property than verifiability as the latter only rests on the possibility of detecting
... he failure of a goal. A plethora of accountability and verifiability definitions have been proposed in the literature. Those definitions are either very specific to the protocols in question, hence not applicable in other scenarios, or too general and widely applicable but requiring complicated and hard to follow manual proofs. In this paper, we advance formal definitions of verifiability and accountability that are amenable to automated verification. Our definitions are general enough to be applied to different classes of protocols and different automated security verification tools. Furthermore, we point out formally the relation between verifiability and accountability. We validate our definitions with the automatic verification of three protocols: a secure exam protocol, Google's Certificate Transparency, and an improved version of Bingo Voting. We find through automated verification that all three protocols satisfy verifiability while only the first two protocols meet accountability. Contribution. The goal of this paper is to fully mechanise the analysis of verifiability and accountability in security protocols. We propose definitions based on the existence of an accountability test that decides whether a principal should be blamed for the failure of a protocol's goal. We conveniently adapt a generic definition of protocol advanced by Küsters et al.  to specify the soundness and completeness conditions for accountability tests that can be checked by automated security protocol tools. We show that verifiability is a necessary condition for accountability and our treatment of accountability is general enough to apply to different tools and protocols. Then, we validate our definitions in three different case studies with two different tools. The first case study is about a secure exam protocol, and we check accountability with ProVerif . The second case study concerns Google's Certificate Transparency, and we prove accountability with AIF-ω . The third case study considers an improved version of Bingo Voting, which is analysed again with ProVerif.