Handbook of theoretical computer science (vol. B)
RTA '96 Proceedings of the 7th International Conference on Rewriting Techniques and Applications
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Protocol Insecurity with Finite Number of Sessions is NP-Complete
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Symbolic protocol analysis with an Abelian group operator or Diffie-Hellman exponentiation
Journal of Computer Security
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
On the security of public key protocols
SFCS '81 Proceedings of the 22nd Annual Symposium on Foundations of Computer Science
Symbolic protocol analysis in presence of a homomorphism operator and exclusive or
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
The finite variant property: how to get rid of some algebraic properties
RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
Hierarchical combination of intruder theories
RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications
Challenges in the Automated Verification of Security Protocols
IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
Protocol Security and Algebraic Properties: Decision Results for a Bounded Number of Sessions
RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Hi-index | 0.00 |
The starting point of this work is a case study (from France Télécom) of an electronic purse protocol. The goal was to prove that the protocol is secure or that there is an attack. Modeling the protocol requires algebraic properties of a fragment of arithmetic, typically containing modular exponentiation. The usual equational theories described in papers on security protocols are too weak: the protocol cannot even be executed in these models. We consider here an equational theory which is powerful enough for the protocol to be executed, and for which unification is still decidable. Our main result is the decidability of the so-called intruder deduction problem, i.e. security in presence of a passive attacker, taking the algebraic properties into account. Our equational theory is a combination of several equational theories over non-disjoint signatures.