Skip to main content
Top

2025 | OriginalPaper | Chapter

Formal Verification of Forward Secrecy and Post-Compromise Security for TreeKEM

Authors : Alex J. Washburn, Subash Shankar

Published in: Formal Methods: Foundations and Applications

Publisher: Springer Nature Switzerland

Activate our intelligent search to find suitable subject content or patents.

search-config
loading …

Abstract

The TreeKEM protocol is the preeminent implementation candidate for the Message Layer Security standard. Prior work analyzed TreeKEM by defining the Continuous Group Key Agreement security game, which facilitated proof of some security guarantees and also identified protocol deficiencies which were subsequently remedied. This work extends such applications by formalizing the Continuous Group Key Agreement security game through multiple soundness preserving abstractions. The model is parameterized by N, representing an unbounded protocol duration among N distinct participants. Once formalized, the game is encoded within Promela and essential security guarantees are verified for \(N \le 16\) via the model checker Spin. This represents a notable achievement, both in practical security terms for the TreeKEM protocol, as well as demonstrating scalability techniques for non-trivial parameter bounds when modeling a complex, concurrent protocol.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Footnotes
1
Performed on the American Museum of Natural History scientific computing cluster.
 
Literature
3.
go back to reference Bærentzen, J.A.: On left-balancing binary trees. Technical report, Technical University of Denmark, Technical report (2003) Bærentzen, J.A.: On left-balancing binary trees. Technical report, Technical University of Denmark, Technical report (2003)
5.
go back to reference Bhargavan, K., Barnes, R., Rescorla, E.: TreeKEM: asynchronous decentralized key management for large dynamic groups a protocol proposal for messaging layer security (MLS). Research report, Inria Paris (2018). https://hal.inria.fr/hal-02425247 Bhargavan, K., Barnes, R., Rescorla, E.: TreeKEM: asynchronous decentralized key management for large dynamic groups a protocol proposal for messaging layer security (MLS). Research report, Inria Paris (2018). https://​hal.​inria.​fr/​hal-02425247
7.
go back to reference Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: 1020 states and beyond. Inf. Comput. 98(2), 142–170 (1992)CrossRef Burch, J.R., Clarke, E.M., McMillan, K.L., Dill, D.L., Hwang, L.J.: Symbolic model checking: 1020 states and beyond. Inf. Comput. 98(2), 142–170 (1992)CrossRef
9.
go back to reference Cohn-Gordon, K., Cremers, C., Garratt, L.: On post-compromise security. In: 2016 IEEE 29th Computer Security Foundations Symposium (CSF), pp. 164–178. IEEE (2016) Cohn-Gordon, K., Cremers, C., Garratt, L.: On post-compromise security. In: 2016 IEEE 29th Computer Security Foundations Symposium (CSF), pp. 164–178. IEEE (2016)
11.
go back to reference Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1802–1819 (2018) Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: asynchronous group messaging with strong security guarantees. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1802–1819 (2018)
12.
go back to reference Holzmann, G.J.: The Spin Model Checker: Primer and Reference Manual. Addison-Wesley Professional, hardcover edn. (2003) Holzmann, G.J.: The Spin Model Checker: Primer and Reference Manual. Addison-Wesley Professional, hardcover edn. (2003)
13.
go back to reference Jahn, M.A., Porter, B.W., Patel, H., Zillich, A.J., Simon, S.R., Russ, A.L.: Usability assessment of secure messaging for clinical document sharing between health care providers and patients. Appl. Clin. Inform. 9(02), 467–477 (2018)CrossRef Jahn, M.A., Porter, B.W., Patel, H., Zillich, A.J., Simon, S.R., Russ, A.L.: Usability assessment of secure messaging for clinical document sharing between health care providers and patients. Appl. Clin. Inform. 9(02), 467–477 (2018)CrossRef
14.
go back to reference Omara, B., Rescorla, I., Kwon, D.: The messaging layer security (MLS) architecture. In: Proceedings of Network Working Group. Internet Engineering Task Force (2020) Omara, B., Rescorla, I., Kwon, D.: The messaging layer security (MLS) architecture. In: Proceedings of Network Working Group. Internet Engineering Task Force (2020)
16.
go back to reference Perlman, R.: An overview of PKI trust models. IEEE Netw. 13(6), 38–43 (1999)CrossRef Perlman, R.: An overview of PKI trust models. IEEE Netw. 13(6), 38–43 (1999)CrossRef
18.
go back to reference Perrin, T., Marlinspike, M.: The double ratchet algorithm. GitHub wiki 112 (2016), M. Marlinspike and T. Perrin. The double ratchet algorithm (2016) Perrin, T., Marlinspike, M.: The double ratchet algorithm. GitHub wiki 112 (2016), M. Marlinspike and T. Perrin. The double ratchet algorithm (2016)
19.
go back to reference Rescorla, E., Korver, B.: RFC3552: Guidelines for Writing RFC Text on Security Considerations (2003) Rescorla, E., Korver, B.: RFC3552: Guidelines for Writing RFC Text on Security Considerations (2003)
20.
go back to reference Rudin, H., West, C., et al.: On limits and possibilities of automated protocol analysis. In: Protocol Specification, Testing, and Verification, VII: Proceedings of the IFIP WG 6.1 Seventh International Conference on Protocol Specification, Testing, and Verification, vol. 7, p. 339. North Holland (1987) Rudin, H., West, C., et al.: On limits and possibilities of automated protocol analysis. In: Protocol Specification, Testing, and Verification, VII: Proceedings of the IFIP WG 6.1 Seventh International Conference on Protocol Specification, Testing, and Verification, vol. 7, p. 339. North Holland (1987)
21.
go back to reference Schröder, S., Huber, M., Wind, D., Rottermanner, C.: When SIGNAL hits the fan: on the usability and security of state-of-the-art secure mobile messaging. In: European Workshop on Usable Security, pp. 1–7. IEEE (2016) Schröder, S., Huber, M., Wind, D., Rottermanner, C.: When SIGNAL hits the fan: on the usability and security of state-of-the-art secure mobile messaging. In: European Workshop on Usable Security, pp. 1–7. IEEE (2016)
23.
go back to reference Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. cryptology eprint archive (2004) Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. cryptology eprint archive (2004)
24.
go back to reference Unger, N., et al.: SoK: secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232–249. IEEE (2015) Unger, N., et al.: SoK: secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232–249. IEEE (2015)
25.
go back to reference Vaziripour, E., et al.: Is that you, alice? A usability study of the authentication ceremony of secure messaging applications. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 29–47 (2017) Vaziripour, E., et al.: Is that you, alice? A usability study of the authentication ceremony of secure messaging applications. In: Thirteenth Symposium on Usable Privacy and Security (SOUPS 2017), pp. 29–47 (2017)
26.
go back to reference Washburn, A.J.: Formal Verification Applications for the TreeKEM Continuous Group Key Agreement Protocol. Master’s thesis (2022) Washburn, A.J.: Formal Verification Applications for the TreeKEM Continuous Group Key Agreement Protocol. Master’s thesis (2022)
Metadata
Title
Formal Verification of Forward Secrecy and Post-Compromise Security for TreeKEM
Authors
Alex J. Washburn
Subash Shankar
Copyright Year
2025
DOI
https://doi.org/10.1007/978-3-031-78116-2_10

Premium Partner