Abstract
A recent trend in the construction of security protocols such as voting and certificate management systems is to make principals accountable for their actions. Whenever some principals deviate from the protocol’s prescription and cause the failure of a goal of the system, accountability ensures that the system can detect the misbehaving parties who caused that failure. Accountability is an intuitively stronger property than verifiability as the latter only rests on the possibility of detecting the failure of a goal. A plethora of accountability and verifiability definitions have been proposed in the literature. Those definitions are either very specific to the protocols in question, hence not applicable in other scenarios, or too general and widely applicable but requiring complicated and hard to follow manual proofs.
In this paper, we advance formal definitions of verifiability and accountability that are amenable to automated verification. Our definitions are general enough to be applied to different classes of protocols and different automated security verification tools. Furthermore, we point out formally the relation between verifiability and accountability. We validate our definitions with the automatic verification of three protocols: a secure exam protocol, Google’s Certificate Transparency, and an improved version of Bingo Voting. We find through automated verification that all three protocols satisfy verifiability while only the first two protocols meet accountability.
In this paper, we advance formal definitions of verifiability and accountability that are amenable to automated verification. Our definitions are general enough to be applied to different classes of protocols and different automated security verification tools. Furthermore, we point out formally the relation between verifiability and accountability. We validate our definitions with the automatic verification of three protocols: a secure exam protocol, Google’s Certificate Transparency, and an improved version of Bingo Voting. We find through automated verification that all three protocols satisfy verifiability while only the first two protocols meet accountability.
Originalsprog | Engelsk |
---|---|
Titel | Information Security - 20th International Conference, {ISC} 2017, Ho Chi Minh City, Vietnam, November 22-24, 2017, Proceedings |
Forlag | Springer |
Publikationsdato | 2017 |
Sider | 417-434 |
ISBN (Trykt) | 978-3-319-69658-4 |
ISBN (Elektronisk) | 978-3-319-69659-1 |
DOI | |
Status | Udgivet - 2017 |
Navn | Lecture Notes in Computer Science |
---|---|
Vol/bind | 10599 |
ISSN | 0302-9743 |
Emneord
- accountability
- verifiability
- automated verification
- security protocols
- formal definitions