Unification in the Union of Disjoint Equational Theories: Combining Decision Procedures
CADE-11 Proceedings of the 11th International Conference on Automated Deduction: Automated Deduction
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
Proceedings of the 20th international conference on Automated Deduction
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Deduction with XOR constraints in security API modelling
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
On the complexity of equational horn clauses
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach
Proceedings of the 15th ACM conference on Computer and communications security
Tree Automata for Detecting Attacks on Protocols with Algebraic Cryptographic Primitives
Electronic Notes in Theoretical Computer Science (ENTCS)
Flat and One-Variable Clauses for Single Blind Copying Protocols: The XOR Case
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Improving Automatic Verification of Security Protocols with XOR
ICFEM '09 Proceedings of the 11th International Conference on Formal Engineering Methods: Formal Methods and Software Engineering
A generic security API for symmetric key management on cryptographic devices
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Formal security analysis of PKCS#11 and proprietary extensions
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Reducing Protocol Analysis with XOR to the XOR-Free Case in the Horn Theory Based Approach
Journal of Automated Reasoning
YAPA: A Generic Tool for Computing Intruder Knowledge
ACM Transactions on Computational Logic (TOCL)
| Hi-index | 0.00 |
We describe a new algorithm for analysing security protocols that use XOR, such as key-management APIs. As a case study, we consider the IBM4758 CCA API, which is widely used in the ATM(cash machine) network. Earlier versions of the CCA API were shown to have serious flaws, and the fixes introduced by IBM in version 2.41 had not previously been formally analysed. We first investigate IBM's proposals using a model checker for security protocol analysis, uncovering some important issues about their implementation. Having identified configurations we believed to be safe, we describe the formal verification of their security. We first define a new class of protocols, containing in particular all the versions of the CCA API. We then show that secrecy after an unbounded number of sessions is decidable for this class. Implementing the decision procedure requires some improvements, since the procedure is exponential. We describe a change of representation that leads to an implementation able to verify a configuration of the API in a few seconds. As a consequence, we obtain the first security proof of the fixed IBM 4758 CCA API with unbounded sessions.