Paper 2022/741

Sapic+: protocol verifiers of the world, unite!

Vincent Cheval, Inria Paris
Charlie Jacomme, CISPA Helmholtz Center for Information Security
Steve Kremer, LORIA & Inria Nancy
Robert Künnemann, CISPA Helmholtz Center for Information Security
Abstract

Symbolic security protocol verifiers have reached a high degree of automation and maturity. Today, experts can model real-world protocols, but this often requires model-specific encodings and deep insight into the strengths and weaknesses of each of those tools. With Sapic+ , we introduce a protocol verification platform that lifts this burden and permits choosing the right tool for the job, at any development stage. We build on the existing compiler from Sapic to Tamarin, and extend it with automated translations from Sapic+ to ProVerif and DeepSec, as well as powerful, protocol-independent optimizations of the existing translation. We prove each part of these translations sound. A user can thus, with a single Sapic+ file, verify reachability and equivalence properties on the specified protocol, either using ProVerif, Tamarin or DeepSec. Moreover, the soundness of the translation allows to directly assume results proven by another tool which allows to exploit the respective strengths of each tool. We demonstrate our approach by analyzing various existing models. This includes a large case study of the 5G authentication protocols, reviously analyzed in Tamarin. Encoding this model in Sapic+ we demonstrate the effectiveness of our approach. Moreover, we study four new case studies: the LAKE and the Privacy-Pass [20] protocols, both under standardization, the SSH protocol with the agent-forwarding feature, and the recent KEMTLS [45] protocol, a post-quantum version of the main TLS key exchange.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Published elsewhere. USENIX 2022
Keywords
Formal methods Automated Verification Proverif Tamarin DeepSec Security protocol
Contact author(s)
charlie jacomme @ cispa de
History
2022-06-15: last of 2 revisions
2022-06-09: received
See all versions
Short URL
https://ia.cr/2022/741
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2022/741,
      author = {Vincent Cheval and Charlie Jacomme and Steve Kremer and Robert Künnemann},
      title = {Sapic+: protocol verifiers of the world, unite!},
      howpublished = {Cryptology {ePrint} Archive, Paper 2022/741},
      year = {2022},
      url = {https://eprint.iacr.org/2022/741}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.