Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Encrypted Key Exchange: Password-Based Protocols SecureAgainst Dictionary Attacks
SP '92 Proceedings of the 1992 IEEE Symposium on Security and Privacy
Deciding Knowledge in Security Protocols under (Many More) Equational Theories
CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Automated Verification of Selected Equivalences for Security Protocols
LICS '05 Proceedings of the 20th Annual IEEE Symposium on Logic in Computer Science
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
Symbolic protocol analysis with an Abelian group operator or Diffie-Hellman exponentiation
Journal of Computer Security
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
Electronic Notes in Theoretical Computer Science (ENTCS)
Symbolic protocol analysis for monoidal equational theories
Information and Computation
YAPA: A Generic Tool for Computing Intruder Knowledge
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Computing Knowledge in Security Protocols under Convergent Equational Theories
CADE-22 Proceedings of the 22nd International Conference on Automated Deduction
Analysing Password Protocol Security Against Off-line Dictionary Attacks
Electronic Notes in Theoretical Computer Science (ENTCS)
Deciding knowledge in security protocols for monoidal equational theories
LPAR'07 Proceedings of the 14th international conference on Logic for programming, artificial intelligence and reasoning
Guessing attacks and the computational soundness of static equivalence
FOSSACS'06 Proceedings of the 9th European joint conference on Foundations of Software Science and Computation Structures
Computationally sound implementations of equational theories against passive adversaries
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
| Hi-index | 0.01 |
We consider two standard notions in formal security protocol analysis: message deducibility and static equivalence under equational theories. We present new polynomial-time algorithms for deciding both notions under subterm convergent equational theories and under a theory representing symmetric encryption with the prefix property. For these equational theories, polynomial-time algorithms for the decision problems associated to both notions are well-known (although this has not been proven for static equivalence under the prefix theory). However, our algorithms have a significantly better asymptotic complexity than existing approaches. As an application, we use our algorithm for static equivalence to discover off-line guessing attacks on the Kerberos protocol when implemented using a symmetric encryption scheme for which the prefix property holds.