Strategy Logics for the Verification of Security Protocols

Lead Research Organisation: Imperial College London
Department Name: Computing

Abstract

The verification of security and voting protocols is a subject of ever increasing importance in today's networked world. The UK-based Open Rights Group has argued that a lack of testing, inadequate audit procedures, and insufficient attention given to system or process design with electronic voting leaves "elections open to error and fraud". Hence, the growing adoption of electronic voting systems requires these systems to be certified against possible malicious behaviours, including collusion and coercion from third parties.

To this end, formal methods can provide mathematically precise techniques and tools for the certification of voting protocols. Indeed, formal methods have already shown their value, for instance, in the discovery
of several attacks, including a man-in-the-middle attack on the Needham-Schroeder protocol, one of the most widely-used public-key authentication protocols, that went unnoticed for 17 years.
In this project we aim at developing techniques for the formal verification of security properties of (electronic) voting protocols based on expressive logic-based specification languages. Specifically, the project proposal aims at capturing cryptographic aspects pertaining to security, which are not readily expressible by symbolic reasoning, by extending popular logics for multi-agent systems with equational theories to represent encoding and decoding of messages. We intend to apply the resulting framework to the verification of properties such as coercion-resistance, receipt-freeness, and anonymity to a wide range of voting protocols (e.g., ThreeBallot, Selene, FOO), thus laying the foundation for their formal certification.

Publications

10 25 50
publication icon
Belardinelli F (2021) Bisimulations for verifying strategic abilities with an application to the ThreeBallot voting protocol in Information and Computation

 
Description The collaboration with prof. Dima at the Université Paris Est - Créteil, has allowed us to develop preliminary results on the strategic abilities of autonomous agents in multi-agent systems, with an application to security.
In particular, in the paper "Model Checking Strategic Abilities in Information-sharing Systems", we demonstrate how the techniques developed in this project can be applied to encode security problems that are notoriously hard to express: terrorist-fraud attacks in identity schemes.
Exploitation Route The results achieved in this project can be used by other researchers working in formal methods to prove the decidability and complexity of similar decision problems. Also, these techniques can be implemented in a model checking tool for the verification of multi-agent systems.
Sectors Digital/Communication/Information Technologies (including Software),Education,Security and Diplomacy
 
Description Collaboration with Université Paris-Est Créteil 
Organisation University of Paris-Est
Country France 
Sector Academic/University 
PI Contribution The main contribution has been through regular visits to the Laboratoire Algorithmes, Complexité et Logique, at Université Paris-Est Créteil, to develop formal methods for the verification of security protocols.
Collaborator Contribution The contribution of the project partner has been mainly in term of hospitality at the research laboratory.
Impact So far the following paper has been submitted to the 19th International Conference on Principles of Knowledge Representation and Reasoning (KR2022): F. Belardinelli, I. Boureanu, C. Dima and V. Malvone; Verifying Strategic Distributed Knowledge is Decidable. Also, a journal submission of the same paper is in preparation.
Start Year 2021