Team Moscova
Members
Overall Objectives
Scientific Foundations
Application Domains
Software
New Results
Other Grants and Activities
Dissemination
Bibliography
previous up next PDF XML

Section: New Results

Verified Implementations of Cryptographic Protocols

Participants : Karthik Bhargavan [ Microsoft Research ] , Ricardo Corin, Cédric Fournet [ Microsoft Research ] , Eugen Zalinescu [ MSR-INRIA ] .

In this work carried in collaboration with C. Fournet, K. Bhargavan (MSR Cambridge) and E. Zalinescu (MSR-INRIA), we intend to narrow the gap between concrete implementations and verified models of cryptographic protocols. To this end, we are considering protocols implemented in ML and verified using CryptoVerif, Blanchet's protocol verifier for computational cryptography. We experiment with compilers from ML code to CryptoVerif processes, and from CryptoVerif declarations to ML code.

Preliminary work appeared at FCC07  [21] .

We have used our compiler to verify the Transport Layer Security protocol (TLS). In that work  [20] , we programmed a small functional implementation of TLS that interoperates with mainstream implementations.

Relying on a combination of model-extraction and verification tools, we obtain a range of positive security results, covering both symbolic and computational cryptographic aspects of the protocol. We thus provide security guarantees for code as it is used in typical deployments of TLS.

We are currently working on extending that work. We show the correctness of our translation, with respect to a probabilistic, polynomial-time semantics for ML. This enables us to carry over the computational properties verified by CryptoVerif to our source programs, in terms of PPT adversaries with access to selected ML interfaces.

We also improve on libraries that rely on private databases to store local state and cryptographic materials for principals. This programming style is delicate to translate to CryptoVerif, which does not support private channels. We are considering models that combine local variable bindings (for data writes) and commands for data lookups.

More information, including the prototype compiler and supporting files for the examples, is available at the Project homepage (http://www.msr-inria.inria.fr/projects/sec/fs2cv/index.html ).


previous
next

Logo Inria