Journal of Symbolic Computation
Diffie-Hellman key distribution extended to group communication
CCS '96 Proceedings of the 3rd ACM conference on Computer and communications security
A Method for Automatic Cryptographic Protocol Verification
IPDPS '00 Proceedings of the 15 IPDPS 2000 Workshops on Parallel and Distributed Processing
Round-Optimal Contributory Conference Key Agreement
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Some attacks upon authenticated group key agreement protocols
Journal of Computer Security - Special issue on CSFW14
Selecting theories and recursive protocols
CONCUR 2005 - Concurrency Theory
On the impossibility of building secure cliques-type authenticated group key agreement protocols
Journal of Computer Security - Special issue on CSFW17
Attacking Group Protocols by Refuting Incorrect Inductive Conjectures
Journal of Automated Reasoning
Tree automata with memory, visibility and structural constraints
FOSSACS'07 Proceedings of the 10th international conference on Foundations of software science and computational structures
On the automatic analysis of recursive security protocols with XOR
STACS'07 Proceedings of the 24th annual conference on Theoretical aspects of computer science
Verification of security protocols with lists: from length one to unbounded length
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Verification of security protocols with lists: From length one to unbounded length
Journal of Computer Security - Security and Trust Principles
| Hi-index | 0.00 |
Security protocols are small programs designed to ensure properties such as secrecy of messages or authentication of parties in a hostile environment. In this paper we investigate automated verification of a particular type of security protocols, called group protocols, in the presence of an eavesdropper, i.e., a passive attacker. The specificity of group protocols is that the number of participants is not bounded. Our approach consists in representing an infinite set of messages exchanged during an unbounded number of sessions, one session for each possible number of participants, as well as the infinite set of associated secrets. We use so-called visibly tree automata with memory and structural constraints (introduced recently by Comon-Lundh et al.) to represent over-approximations of these two sets. We identify restrictions on the specification of protocols which allow us to reduce the attacker capabilities guaranteeing that the above mentioned class of automata is closed under the application of the remaining attacker rules. The class of protocols respecting these restrictions is large enough to cover several existing protocols, such as the GDH family, GKE, and others.