Abstract
Cryptographic hash functions are commonly used as modification detection codes. The goal is to provide message integrity assurance by comparing the digest of the original message with the hash of what is thought to be the intended message. This paper generalizes this idea by applying it to general expressions instead of just digests: success of an equality test between a tainted data and a trusted one can be seen as a proof of high-integrity for the first item. Secure usage of hash functions is also studied with respect to the confidentiality of digests by extending secret-sensitive noninterference of Demange and Sands.
Work partially supported by Miur’07 Project SOFT: “Security Oriented Formal Techniques”.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Jürjens, J.: Formal eavesdropping and its computational interpretation. In: Kobayashi, N., Pierce, B.C. (eds.) TACS 2001. LNCS, vol. 2215, pp. 82–94. Springer, Heidelberg (2001)
Abadi, M., Rogaway, P.: Reconciling two views of cryptography (the computational soundness of formal encryption). JCRYPTOL: Journal of Cryptology 15(2), 103–127 (2002)
Boudol, G., Castellani, I.: Noninterference for concurrent programs. In: Orejas, F., Spirakis, P.G., van Leeuwen, J. (eds.) ICALP 2001. LNCS, vol. 2076, pp. 382–395. Springer, Heidelberg (2001)
Centenaro, M., Focardi, R.: Match it or die: Proving integrity by equality (2009), http://www.dsi.unive.it/~mcentena/cf-hash-full.pdf
Centenaro, M., Focardi, R., Luccio, F.L., Steel, G.: Type-based analysis of pin processing apis. In: Backes, M., Ning, P. (eds.) ESORICS 2009. LNCS, vol. 5789, pp. 53–68. Springer, Heidelberg (2009)
Demange, D., Sands, D.: All secrets great and small. In: Castagna, G. (ed.) ESOP 2009. LNCS, vol. 5502, pp. 207–221. Springer, Heidelberg (2009)
Focardi, R., Centenaro, M.: Information flow security of multi-threaded distributed programs. In: Proceedings of the 3rd ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS), Tucson, AZ, USA, June 8, pp. 113–124. ACM Press, New York (2008)
Laud, P.: On the computational soundness of cryptographically masked flows. In: Necula, G.C., Wadler, P. (eds.) 35th Annual ACM SIGPLAN-SIGACT Symposium on Principles of Programming Languages (POPL), San Francisco, Ca, USA, January 10-12, pp. 337–348. ACM Press, New York (2008)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997)
Sabelfeld, A., Sands, D.: Declassification: Dimensions and principles. Journal of Computer Security 17(5), 517–548 (2009)
Smith, G.: A new type system for secure information flow. In: Proceedings of the 14th IEEE Computer Security Foundations Workshop (CSFW), Cape Breton, Nova Scotia, June 11-13, pp. 115–125. IEEE, Los Alamitos (2001)
Volpano, D.: Secure introduction of one-way functions. In: Proceedings of the 13th IEEE Computer Security Foundations Workshop (CSFW), Cambridge, England, July 3-5, pp. 246–254. IEEE, Los Alamitos (2000)
Volpano, D., Smith, G.: Eliminating covert flows with minimum typings. In: Proceedings of the 10th Computer Security Foundations Workshop (CSFW), Rockport, Massachusetts, USA, June 10-12, pp. 156–169. IEEE Computer Society, Los Alamitos (1997)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Centenaro, M., Focardi, R. (2010). Match It or Die: Proving Integrity by Equality. In: Armando, A., Lowe, G. (eds) Automated Reasoning for Security Protocol Analysis and Issues in the Theory of Security. ARSPA-WITS 2010. Lecture Notes in Computer Science, vol 6186. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16074-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-16074-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16073-8
Online ISBN: 978-3-642-16074-5
eBook Packages: Computer ScienceComputer Science (R0)