Logging-independent Message Anonymity in the Relational Method

Pasquale Noce 📧

August 26, 2021

This is a development version of this entry. It might change over time and is not stable. Please refer to release versions for citations.

Abstract

In the context of formal cryptographic protocol verification, logging-independent message anonymity is the property for a given message to remain anonymous despite the attacker's capability of mapping messages of that sort to agents based on some intrinsic feature of such messages, rather than by logging the messages exchanged by legitimate agents as with logging-dependent message anonymity. This paper illustrates how logging-independent message anonymity can be formalized according to the relational method for formal protocol verification by considering a real-world protocol, namely the Restricted Identification one by the BSI. This sample model is used to verify that the pseudonymous identifiers output by user identification tokens remain anonymous under the expected conditions.

License

BSD License

Topics

Session Logging_Independent_Anonymity