Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Security properties: two agents are sufficient
Science of Computer Programming - Special issue on 12th European symposium on programming (ESOP 2003)
A Formal Theory of Key Conjuring
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Session key distribution using smart cards
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
On the automatic analysis of recursive security protocols with XOR
STACS'07 Proceedings of the 24th annual conference on Theoretical aspects of computer science
Automatic analysis of the security of XOR-based key management schemes
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Deduction with XOR constraints in security API modelling
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
On the complexity of equational horn clauses
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
The finite variant property: how to get rid of some algebraic properties
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Flat and One-Variable Clauses for Single Blind Copying Protocols: The XOR Case
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Improving Automatic Verification of Security Protocols with XOR
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
Reducing Protocol Analysis with XOR to the XOR-Free Case in the Horn Theory Based Approach
Journal of Automated Reasoning
Protocol analysis modulo combination of theories: a case study in Maude-NPA
STM'10 Proceedings of the 6th international conference on Security and trust management
Comparison of cryptographic verification tools dealing with algebraic properties
FAST'09 Proceedings of the 6th international conference on Formal Aspects in Security and Trust
Soundness of removing cancellation identities in protocol analysis under Exclusive-OR
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Security protocol verification: symbolic and computational models
POST'12 Proceedings of the First international conference on Principles of Security and Trust
A formal methodology for integral security design and verification of network protocols
Journal of Systems and Software
| Hi-index | 0.00 |
In the Horn theory based approach for cryptographic protocol analysis, cryptographic protocols and (Dolev-Yao) intruders are modeled by Horn theories and security analysis boils down to solving the derivation problem for Horn theories. This approach and the tools based on this approach, including ProVerif, have been very successful in the automatic analysis of cryptographic protocols w.r.t. an unbounded number of sessions. However, dealing with the algebraic properties of operators such as the exclusive OR (XOR) has been problematic. In particular, ProVerif cannot deal with XOR. In this paper, we show how to reduce the derivation problem for Horn theories with XOR to the XOR-free case. Our reduction works for an expressive class of Horn theories. A large class of intruder capabilities and protocols that employ the XOR operator can be modeled by these theories. Our reduction allows us to carry out protocol analysis by tools, such as ProVerif, that cannot deal with XOR, but are very efficient in the XOR-free case. We implemented our reduction and, in combination with ProVerif, applied it in the automatic analysis of several protocols that use the XOR operator. In one case, we found a new attack.