Mobile values, new names, and secure communication
POPL '01 Proceedings of the 28th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
Deciding knowledge in security protocols under equational theories
Theoretical Computer Science - Automated reasoning for security protocol analysis
Just fast keying in the pi calculus
ACM Transactions on Information and System Security (TISSEC)
Computational soundness of observational equivalence
Proceedings of the 15th ACM conference on Computer and communications security
A Method for Proving Observational Equivalence
CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
Analysing Unlinkability and Anonymity Using the Applied Pi Calculus
CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Trace equivalence decision: negative tests and non-determinism
Proceedings of the 18th ACM conference on Computer and communications security
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
Automated verification of equivalence properties of cryptographic protocols
ESOP'12 Proceedings of the 21st European conference on Programming Languages and Systems
Discovering Concrete Attacks on Website Authorization by Formal Analysis
CSF '12 Proceedings of the 2012 IEEE 25th Computer Security Foundations Symposium
Hi-index | 0.00 |
Security protocols have been successfully analyzed using symbolic models, where messages are represented by terms and protocols by processes. Privacy properties like anonymity or untraceability are typically expressed as equivalence between processes. While some decision procedures have been proposed for automatically deciding process equivalence, all existing approaches abstract away the information an attacker may get when observing the length of messages. In this paper, we study process equivalence with length tests. We first show that, in the static case, almost all existing decidability results (for static equivalence) can be extended to cope with length tests. In the active case, we prove decidability of trace equivalence with length tests, for a bounded number of sessions and for standard primitives. Our result relies on a previous decidability result from Cheval et al [15] (without length tests). Our procedure has been implemented and we have discovered a new flaw against privacy in the biometric passport protocol.