Attacks on Cryptoprocessor Transaction Sets
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Security properties: two agents are sufficient
Science of Computer Programming - Special issue on 12th European symposium on programming (ESOP 2003)
A Formal Theory of Key Conjuring
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach
Proceedings of the 15th ACM conference on Computer and communications security
Flat and One-Variable Clauses for Single Blind Copying Protocols: The XOR Case
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Using ProVerif to Analyze Protocols with Diffie-Hellman Exponentiation
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Session key distribution using smart cards
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
On the automatic analysis of recursive security protocols with XOR
STACS'07 Proceedings of the 24th annual conference on Theoretical aspects of computer science
Automatic analysis of the security of XOR-based key management schemes
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Deduction with XOR constraints in security API modelling
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
On the complexity of equational horn clauses
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
The finite variant property: how to get rid of some algebraic properties
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Extracting and verifying cryptographic models from C protocol code by symbolic execution
Proceedings of the 18th ACM conference on Computer and communications security
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Computational verification of C protocol implementations by symbolic execution
Proceedings of the 2012 ACM conference on Computer and communications security
The TAMARIN prover for the symbolic analysis of security protocols
CAV'13 Proceedings of the 25th international conference on Computer Aided Verification
KEDGEN2: A key establishment and derivation protocol for EPC Gen2 RFID systems
Journal of Network and Computer Applications
| Hi-index | 0.00 |
In the Horn theory based approach for cryptographic protocol analysis, cryptographic protocols and (Dolev---Yao) intruders are modeled by Horn theories and security analysis boils down to solving the derivation problem for Horn theories. This approach and the tools based on this approach, including ProVerif, have been very successful in the automatic analysis of cryptographic protocols. However, dealing with the algebraic properties of operators, such as the exclusive OR (XOR), which are frequently used in cryptographic protocols has been problematic. In particular, ProVerif cannot deal with XOR. In this paper, we show how to reduce the derivation problem for Horn theories with XOR to the XOR-free case. Our reduction works for an expressive class of Horn theories. A large class of intruder capabilities and protocols that employ the XOR operator can be modeled by these theories. Our reduction allows us to carry out protocol analysis using tools, such as ProVerif, that cannot deal with XOR, but are very efficient in the XOR-free case. We implemented our reduction and, in combination with ProVerif, used it for the fully automatic analysis of several protocols that employ the XOR operator. Among others, our analysis revealed a new attack on an IBM security module.