Theory of linear and integer programming
Theory of linear and integer programming
Unification in monoidal theories
CADE-10 Proceedings of the tenth international conference on Automated deduction
Handbook of theoretical computer science (vol. B)
Automatic recognition of tractability in inference relations
Journal of the ACM (JACM)
Handbook of logic in computer science (vol. 1)
Unification in commutative theories, Hilbert's basis theorem, and Gröbner bases
Journal of the ACM (JACM)
Cryptanalysis and protocol failures
Communications of the ACM
Unification in the union of disjoint equational theories: combining decision procedures
Journal of Symbolic Computation
An attack on a recursive authentication protocol. A cautionary tale
Information Processing Letters
An Efficient Unification Algorithm
ACM Transactions on Programming Languages and Systems (TOPLAS)
Using encryption for authentication in large networks of computers
Communications of the ACM
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
On the symbolic reduction of processes with cryptographic functions
Theoretical Computer Science
Protocol insecurity with a finite number of sessions and composed keys is NP-complete
Theoretical Computer Science
Solving linear equations over polynomial semirings
LICS '96 Proceedings of the 11th Annual IEEE Symposium on Logic in Computer Science
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Multiset rewriting and the complexity of bounded security protocols
Journal of Computer Security
A decision procedure for the verification of security protocols with explicit destructors
Proceedings of the 11th ACM conference on Computer and communications security
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
Easy intruder deduction problems with homomorphisms
Information Processing Letters
Symbolic protocol analysis with an Abelian group operator or Diffie-Hellman exponentiation
Journal of Computer Security
Note: An undecidability result for AGh
Theoretical Computer Science
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
Hierarchical combination of intruder theories
Information and Computation
On the security of public key protocols
SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
Associative-commutative deducibility constraints
STACS'07 Proceedings of the 24th annual conference on Theoretical aspects of computer science
Handling exp, χ (and timestamps) in protocol analysis
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
Symbolic protocol analysis in presence of a homomorphism operator and exclusive or
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
LPAR'05 Proceedings of the 12th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
The finite variant property: how to get rid of some algebraic properties
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Challenges in the Automated Verification of Security Protocols
IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
A Proof Theoretic Analysis of Intruder Theories
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Protocol Security and Algebraic Properties: Decision Results for a Bounded Number of Sessions
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Cap unification: application to protocol security modulo homomorphic encryption
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Deciding knowledge in security protocols for monoidal equational theories
LPAR'07 Proceedings of the 14th international conference on Logic for programming, artificial intelligence and reasoning
Efficient decision procedures for message deducibility and static equivalence
FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Decidability and Combination Results for Two Notions of Knowledge in Security Protocols
Journal of Automated Reasoning
Security protocols, constraint systems, and group theories
IJCAR'12 Proceedings of the 6th international joint conference on Automated Reasoning
POST'13 Proceedings of the Second international conference on Principles of Security and Trust
Hi-index | 0.02 |
We are interested in the design of automated procedures for analyzing the (in)security of cryptographic protocols in the Dolev-Yao model for a bounded number of sessions when we take into account some algebraic properties satisfied by the operators involved in the protocol. This leads to a more realistic model in comparison to what we get under the perfect cryptography assumption, but it implies that protocol analysis deals with terms modulo some equational theory instead of terms in a free algebra. The main goal of this paper is to setup a general approach that works for a whole class of monoidal theories which contains many of the specific cases that have been considered so far in an ad-hoc way (e.g. exclusive or, Abelian groups, exclusive or in combination with the homomorphism axiom). We follow a classical schema for cryptographic protocol analysis which proves first a locality result and then reduces the insecurity problem to a symbolic constraint solving problem. This approach strongly relies on the correspondence between a monoidal theory E and a semiring S"E which we use to deal with the symbolic constraints. We show that the well-defined symbolic constraints that are generated by reasonable protocols can be solved provided that unification in the monoidal theory satisfies some additional properties. The resolution process boils down to solving particular quadratic Diophantine equations that are reduced to linear Diophantine equations, thanks to linear algebra results and the well-definedness of the problem. Examples of theories that do not satisfy our additional properties appear to be undecidable, which suggests that our characterization is reasonably tight.