Strand spaces: proving security protocols correct
Journal of Computer Security
The inductive approach to verifying cryptographic protocols
Journal of Computer Security
Athena: a novel approach to efficient automatic security protocol analysis
Journal of Computer Security
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Honest Ideals on Strand Spaces
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
Relating Strands and Multiset Rewriting for Security Protocol Analysis
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
How to Prevent Type Flaw Attacks on Security Protocols
CSFW '00 Proceedings of the 13th IEEE workshop on Computer Security Foundations
A decision procedure for the verification of security protocols with explicit destructors
Proceedings of the 11th ACM conference on Computer and communications security
Relating cryptography and formal methods: a panel
Proceedings of the 2003 ACM workshop on Formal methods in security engineering
Symbolic protocol analysis with an Abelian group operator or Diffie-Hellman exponentiation
Journal of Computer Security
A survey of algebraic properties used in cryptographic protocols
Journal of Computer Security
Rewriting Techniques in the Constraint Solver
Electronic Notes in Theoretical Computer Science (ENTCS)
On the Relative Soundness of the Free Algebra Model for Public Key Encryption
Electronic Notes in Theoretical Computer Science (ENTCS)
Symbolic protocol analysis in the union of disjoint intruder theories: Combining decision procedures
Theoretical Computer Science
Protocol analysis in Maude-NPA using unification modulo homomorphic encryption
Proceedings of the 13th international ACM SIGPLAN symposium on Principles and practices of declarative programming
Deduction with XOR constraints in security API modelling
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Deriving secrecy in key establishment protocols
ESORICS'06 Proceedings of the 11th European conference on Research in Computer Security
Soundness of removing cancellation identities in protocol analysis under Exclusive-OR
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
Diffie-Hellman without difficulty
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
| Hi-index | 0.89 |
Some formal methods for cryptographic protocol analysis represent message fields using a free term algebra, which does not permit an explicit symmetric decryption operator. Although the ability of principals and intruders to decrypt encrypted messages is represented implicitly, such models can fail to recognize some attacks. However, with an additional restriction on the protocol--EV-freedom, in which encrypted message fields must have a known structure the extension of the free algebra with decryption is unnecessary because it does not enable any new attacks. The analogous question for public key encryption is open.