An NP decision procedure for protocol insecurity with XOR

Authors:
Yannick Chevalier;Ralf Küsters;Michaël Rusinowitch;Mathieu Turuani
Affiliations:
IRIT, 118 route de Narbonne, 31062 Toulouse Cedex 04, France and LORIA-INRIA-Université Henri Poincaré, 54506 Vandoeuvre-les-Nancy, France;Christian-Albrechts-Universität zu Kiel, Inst. f. Informatik, 24098 Kiel, Germany;LORIA-INRIA-Université Henri Poincaré, 54506 Vandoeuvre-les-Nancy, France;LORIA-INRIA-Université Henri Poincaré, 54506 Vandoeuvre-les-Nancy, France
Venue:
Theoretical Computer Science
Year:
2005

Citing 18
Cited 10

An attack on the Needham-Schroeder public-key authentication protocol

Information Processing Letters
An attack on a recursive authentication protocol. A cautionary tale

Information Processing Letters
Towards a completeness result for model checking of security protocols

Journal of Computer Security
Using encryption for authentication in large networks of computers

Communications of the ACM
Athena: a novel approach to efficient automatic security protocol analysis

Journal of Computer Security
Constraint solving for bounded-process cryptographic protocol analysis

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR

TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
On Name Generation and Set-Based Analysis in the Dolev-Yao Model

CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
On the Decidability of Cryptographic Protocols with Open-Ended Data Structures

CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
A Bound on Attacks on Authentication Protocols

TCS '02 Proceedings of the IFIP 17th World Computer Congress - TC1 Stream / 2nd IFIP International Conference on Theoretical Computer Science: Foundations of Information Technology in the Era of Networking and Mobile Computing
Automated Unbounded Verification of Security Protocols

CAV '02 Proceedings of the 14th International Conference on Computer Aided Verification
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Mechanized proofs for a recursive authentication protocol

CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Protocol Insecurity with Finite Number of Sessions is NP-Complete

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Computing Symbolic Models for Verifying Cryptographic Protocols

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Finite-state analysis of SSL 3.0

SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
An E-unification algorithm for analyzing protocols that use modular exponentiation

RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications

On the semantics of Alice&Bob specifications of security protocols

Theoretical Computer Science - Automated reasoning for security protocol analysis
Complexity of Checking Freshness of Cryptographic Protocols

ICISS '08 Proceedings of the 4th International Conference on Information Systems Security
Automatic verification of correspondences for security protocols

Journal of Computer Security
Correcting and Improving the NP Proof for Cryptographic Protocol Insecurity

ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Automated Security Protocol Analysis With the AVISPA Tool

Electronic Notes in Theoretical Computer Science (ENTCS)
Approximation-based tree regular model-checking

Nordic Journal of Computing
Bounded memory Dolev-Yao adversaries in collaborative systems

FAST'10 Proceedings of the 7th International conference on Formal aspects of security and trust
Handling algebraic properties in automatic analysis of security protocols

ICTAC'06 Proceedings of the Third international conference on Theoretical Aspects of Computing
Distributed orchestration of web services under security constraints

DPM'11 Proceedings of the 6th international conference, and 4th international conference on Data Privacy Management and Autonomous Spontaneus Security
Security protocol verification: symbolic and computational models

POST'12 Proceedings of the First international conference on Principles of Security and Trust

Quantified Score

Hi-index	5.23

Visualization

Abstract

We provide a method for deciding the insecurity of cryptographic protocols in the presence of the standard Dolev-Yao intruder (with a finite number of sessions) extended with so-called oracle rules, i.e., deduction rules that satisfy certain conditions. As an instance of this general framework, we obtain that protocol insecurity is in NP for an intruder that can exploit the properties of the exclusive or (XOR) operator. This operator is frequently used in cryptographic protocols but cannot be handled in most protocol models. An immediate consequence of our proof is that checking whether a message can be derived by an intruder (using XOR) is in PTIME. We also apply our framework to an intruder that exploits properties of certain encryption modes such as cipher block chaining (CBC).