Automatic Verification of Security Properties in Remote Internet Voting Protocol with Applied Pi Calculus

Bo Meng, Wei Huang, Zimao Li, Dejun Wang
<span title="2010-10-31">2010</span> <i title="AICIT"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/k6mhzrlohnd5dmmnebu3zyd6fu" style="color: black;">International Journal of Digital Content Technology and its Applications</a> </i> &nbsp;
Soundness and coercion resistance are the important and intricate security requirements for remote voting protocols. Several formal models of soundness and coercion-resistance have been proposed in the literatures, but these formal models are not supported by automatic tools. Recently Backes et al. propose a new formal automated model of security properties including soundness and coercionresistance in applied pi calculus. Meng protocol is one of the leading remote internet voting protocols
more &raquo; ... claims to satisfy formal definitions of key properties, such as soundness, individual verifiability, as well as receipt-freeness and coercion resistance with weak physical constrains. But in his paper the analysis of its claimed security properties is finished in manual way which depends on experts' knowledge and skill and is prone to make mistakes. Owning to the contribution of Backes et al., Meng protocol can be analyzed with automatic tool.In this study firstly the review of the formal method of security protocols are introduced then applied pi calculus and the automatic tool ProVerif are examined. Thirdly Meng protocol is modeled in applied pi calculus. Finally security properties, including soundness and coercion resistance, are verified with ProVerif, a resolution-based theorem prover for security protocols. The result we obtain is that Meng protocol has coercion resistance. But it has not soundness because ProVerif found an attack on soundness. Finally the improvement of Meng protocol is proposed, and also modeled in applied pi calculus and automatically analyzed in ProVerif. The result we get is that the improvement of Meng protocol has soundness. To our best knowledge, the first automated analysis of Meng protocol for an unbounded number of honest and corrupted voters is finished In the last twenty years many remote internet voting protocols [2] [3] [4] [5] [6] [7] [8] [9] [10] [11] [12] , claimed on their security, have be proposed. In order to verify security properties of remote internet voting protocol there are two model can be used: one is formal model (or Dolev-Yao, symbolic model) in which cryptographic primitives are ideally abstracted as black boxes, the other is computational model(or cryptographic model) based on complexity and probability theory. Firstly each model formally defines security properties expected from security protocol, and then develop methods for strictly proving that given security protocols satisfy these requirements in adversarial environments. Computational model is complicated and is difficult to get the support of automatic tools. In contrast, symbolic model is considerably simpler than the computational model, proofs are therefore also simpler, and can sometimes benefit from automatic tools support. ProVerif [13] is an automatic cryptographic protocol verifier based on a representation of the protocol by Horn clauses. It can handle many different cryptographic primitives, including shared-and public-key encryption and signatures, hash functions, and Deffie-Hellman key agreements, specified both as rewrite rules and as equations. It can also deal with an unbounded number of sessions of the protocol (even in parallel) and an unbounded message space. When ProVerif cannot prove a property, it can reconstruct an attack, that is, an execution trace of the protocol that falsifies the desired property .This verifier can prove the following properties: secrecy, authentication and more generally correspondence properties, strong secrecy, equivalences between processes that differ only by terms. ProVerif has been tested on protocols of the literature with very great results (http://www.proverif.ens.fr/proverif-users.html). Owning to analysis manually of security properties of Meng protocol [10] in their paper, this method depend on experts' knowledge and skill and is prone to make mistakes, we use automatic tool ProVerif to verify security properties of Meng protocol. The main contributions of this paper are summarized as follows:  review the formal analysis of security properties in electronic voting protocol  apply the automatic formal model proposed by Backes et al.[34] for automatically analyzing Meng protocol and its security properties. Therefore, Meng protocol is modeled in applied pi calculus and the soundness and coercion-resistance take into account. The analysis itself is performed by automatic tool ProVerif developed by Blanchet.  the result of analysis of Meng protocol is that it has coercion resistance. But it has not soundness because ProVerif found an attack on it. Then the improvement of Meng protocol is proposed. After that the soundness of the improvement of Meng protocol is modeled in applied pi calculus and automatically analyzed by ProVerif. The result we get is that the improvement of Meng protocol has soundness. Related work Formal methods are an important tool for designing and implementing secure cryptographic protocol. By applying techniques concerned with the construction and analysis of models and proving that certain properties hold in the context of these models, formal methods can significantly increase one's confidence that a protocol will meet its requirements in the real world. The development of formal methods has started in 1980s. The field matured considerably in the 1990s. Some of the methods rely on rigorous but informal frameworks, sometimes supporting sophisticated complexity-theoretic definitions and arguments. Others rely on formalisms specially tailored for this task. Yet others are based on Mur [15] , spi calculus [16] ,Kessler and Neumann logic [17] ,applied pi calculus [18], strand space [19]. Owning to the abstraction ideally of cryptography, formal methods are often quite effective; a fairly abstract view of cryptography often suffices in the design, implementation, and analysis of security protocols. Formal methods enable relatively simple reasoning, and also benefit from substantial work on proof methods and from extensive tool support, for example, ProVerif [13 ], Scyther [14], SMV [20], NRL [21], Casper [22], Isabelle [23], Athena [24], Revere [25], SPIN [26], Brutus [27]. Delaune et al. [28] have done a path breaking work on the formal definition of receipt-freeness and coercion-resistance in applied pi calculus. Their formal model is based on Dolev-Yao model. They International Journal of Digital Content Technology and its Applications Volume 4, Number 7, Octber 2010 verifiability) and analyze Fujioka et al. protocol [33]. Their goal is to verify these properties against a trace-based model. Groth [49] evaluate the voting scheme based on homomorphic threshold encryption with universal composability framework. He formalizes the privacy, robustness, fairness and accuracy Contribution and overview In the last two decades many remote internet voting protocol have been introduced. Owning to the complexity how to assess their security is a challenging issue. Formal method is crucial to assess their security. So in this paper we firstly review the development of the formal method on remote electronic voting protocol, and then apply the automatic formal model proposed by Backes et al. [34] to analyze Meng protocol and its security properties including soundness and coercion-resistance. Therefore, first, Meng protocol is modeled in applied pi calculus, and then its analysis is performed by automatic tool ProVerif. The result of analysis of Meng protocol is that it has coercion resistance. But it has not soundness because ProVerif found an attack on it. Then the improvement of Meng protocol is proposed. After that the soundness of the improvement of Meng protocol is modeled in applied pi calculus and automatically analyzed by ProVerif. The result we get is that the improvement of Meng protocol has soundness. Meng protocol is modeled with applied pi calculus [18] . Our choice is based on the fact that applied pi calculus allows the modeling of relations between data in a simple and precise manner using equational theories over term algebra. There, the security properties model is equivalence between processes, while the attacker is thought as an arbitrary process running in parallel with the protocol process representing the adversary model, which is the parallel composition of the (sequential) protocol participants processes. The considered attacker is stronger than the basic Dolev-Yao attacker since it can exploit particular relations between the messages by using particular equational theories stating the message relations. Review of the applied Pi-calculus Applied pi calculus is a language for describing concurrent processes and their interactions based on Dolev-Yao model. Applied pi calculus is an extension of the pi calculus that inherits the constructs for communication and concurrency from the pure pi-calculus. It preserves the constructs for generating statically scoped new names and permits a general systematic development of syntax, operational semantics equivalence and proof techniques. At the same time there are several powerful automatic tool supported applied pi-calculus, for example, ProVerif. Applied pi calculus with ProVerif has been used to study a variety of complicated security protocols, such as a certified email protocol, Just Fast Keying protocol [50], JCJ remote electronic voting protocol [34], a key establishment protocol, direct anonymous attestation protocol [51], TLS protocol [52] .
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.4156/jdcta.vol4.issue7.9">doi:10.4156/jdcta.vol4.issue7.9</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/knrcy2p5abatxir6veqylwbnaq">fatcat:knrcy2p5abatxir6veqylwbnaq</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20110409135612/http://www.aicit.org/jdcta/ppl/9-JDCTA1-464168JE.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/ca/ee/caee076c4af9e2c338c977e02f512e52a02f1e79.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.4156/jdcta.vol4.issue7.9"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="external alternate icon"></i> Publisher / doi.org </button> </a>