Unlinkability and history preserving bisimilarity

Tools

Aubert, Clément and Horne, Ross and Johansen, Christian and Mauw, Sjouke (2026) Unlinkability and history preserving bisimilarity. Computers and Security. 104819. ISSN 0167-4048 (https://doi.org/10.1016/j.cose.2025.104819)

[thumbnail of 1-s2.0-S0167404825005085-main] Text. Filename: 1-s2.0-S0167404825005085-main.pdf
Accepted Author Manuscript
Restricted to Repository staff only until 1 January 2099.
Download (2MB) | Request a copy

Abstract

An ever-increasing number of critical infrastructures rely heavily on the assumption that security protocols satisfy a wealth of requirements. Hence, the importance of certifying e.g., privacy properties using methods that are better at detecting attacks can hardly be overstated. This paper scrutinises the “unlinkability” privacy property using relations equating behaviours that cannot be distinguished by attackers. Starting from the observation that some reasonable design choice can lead to formalisms missing attacks, we draw attention to a classical concurrent semantics accounting for relationship between past events, and show that there are concurrency-aware semantics that can discover attacks on all protocols we consider. More precisely, we focus on protocols where trace equivalence is known to miss attacks that are observable using branching-time equivalences. We consider the impact of three dimensions: design decisions made by the programmer specifying an unlinkability problem (style), semantics respecting choices during execution (branching-time), and semantics sensitive to concurrency (non-interleaving), and discover that reasonable styles miss attacks unless we give attackers enough power to observe choices and concurrency. Our main contribution is to draw attention to how a popular concurrent semantics – history-preserving bisimilarity – when defined for the non-interleaving applied π-calculus, can discover attacks on all protocols we consider, regardless of the choice of style. Furthermore, we can describe all such attacks using a novel modal logic that is hence suitable to formally certify attacks on privacy properties. This study highlights the threats posed by relying exclusively on tools implementing coarser semantics for protocol verification, and justifies in a very precise sense why security practitioners should account for history between past events to build reliable tools.

ORCID iDs

Aubert, Clément, Horne, Ross ORCID logoORCID: https://orcid.org/0000-0003-0162-1901, Johansen, Christian and Mauw, Sjouke;
CORE (COnnecting REpositories)