Intruder deduction for the equational theory of Abelian groups with distributive encryption

Authors:
Pascal Lafourcade;Denis Lugiez;Ralf Treinen
Affiliations:
LIF, Université Aix-Marseille 1 & CNRS UMR 6166, 39 rue Joliot Curie, 13013 Marseille Cedex, France and LSV, ENS de Cachan & CNRS UMR 8643 & INRIA Futurs project SECSI, 61 Avenue du Pré& ...;LIF, Université Aix-Marseille 1 & CNRS UMR 6166, 39 rue Joliot Curie, 13013 Marseille Cedex, France;LSV, ENS de Cachan & CNRS UMR 8643 & INRIA Futurs project SECSI, 61 Avenue du Pré& INRIA Futurs project SECSI, 61 Avenue du Préésident Wilson, 94235 Cachan Cede, France
Venue:
Information and Computation
Year:
2007

Citing 22
Cited 9

Using one-way functions for authentication

ACM SIGCOMM Computer Communication Review
Rewrite systems

Handbook of theoretical computer science (vol. B)
Key distribution protocol for digital mobile communication systems

CRYPTO '89 Proceedings on Advances in cryptology
On the regular structure of prefix rewriting

CAAP '90 Selected papers of the conference on Fifteenth colloquium on trees in algebra and programming
Automatic recognition of tractability in inference relations

Journal of the ACM (JACM)
An attack on the Needham-Schroeder public-key authentication protocol

Information Processing Letters
Term rewriting and all that

Term rewriting and all that
A calculus for cryptographic protocols

Information and Computation
Constraint solving for bounded-process cryptographic protocol analysis

CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR

LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Protocol Insecurity with Finite Number of Sessions is NP-Complete

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
A decision procedure for the verification of security protocols with explicit destructors

Proceedings of the 11th ACM conference on Computer and communications security
Deciding Knowledge in Security Protocols under (Many More) Equational Theories

CSFW '05 Proceedings of the 18th IEEE workshop on Computer Security Foundations
Deciding security of protocols against off-line guessing attacks

Proceedings of the 12th ACM conference on Computer and communications security
Easy intruder deduction problems with homomorphisms

Information Processing Letters
Note: An undecidability result for AGh

Theoretical Computer Science
A survey of algebraic properties used in cryptographic protocols

Journal of Computer Security
Symbolic protocol analysis in presence of a homomorphism operator and exclusive or

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Combining intruder theories

ICALP'05 Proceedings of the 32nd international conference on Automata, Languages and Programming
Intruder deduction for AC-like equational theories with homomorphisms

RTA'05 Proceedings of the 16th international conference on Term Rewriting and Applications
The CL-Atse protocol analyser

RTA'06 Proceedings of the 17th international conference on Term Rewriting and Applications

Combining Algorithms for Deciding Knowledge in Security Protocols

FroCoS '07 Proceedings of the 6th international symposium on Frontiers of Combining Systems
A Proof Theoretic Analysis of Intruder Theories

RTA '09 Proceedings of the 20th International Conference on Rewriting Techniques and Applications
Computing Knowledge in Security Protocols under Convergent Equational Theories

CADE-22 Proceedings of the 22nd International Conference on Automated Deduction
Approximation-based tree regular model-checking

Nordic Journal of Computing
Unification modulo homomorphic encryption

FroCoS'09 Proceedings of the 7th international conference on Frontiers of combining systems
A DEXPTIME-complete Dolev-Yao theory with distributive encryption

MFCS'10 Proceedings of the 35th international conference on Mathematical foundations of computer science
Unification Modulo Homomorphic Encryption

Journal of Automated Reasoning
Computing Knowledge in Security Protocols Under Convergent Equational Theories

Journal of Automated Reasoning
Decidability and Combination Results for Two Notions of Knowledge in Security Protocols

Journal of Automated Reasoning

Quantified Score

Hi-index	0.00

Visualization

Abstract

Cryptographic protocols are small programs which involve a high level of concurrency and which are difficult to analyze by hand. The most successful methods to verify such protocols are based on rewriting techniques and automated deduction in order to implement or mimic the process calculus describing the execution of a protocol. We are interested in the intruder deduction problem, that is vulnerability to passive attacks in presence of equational theories which model the protocol specification and properties of the cryptographic operators. In the present paper, we consider the case where the encryption distributes over the operator of an Abelian group or over an exclusive-or operator. We prove decidability of the intruder deduction problem in both cases. We obtain a PTIME decision procedure in a restricted case, the so-called binary case. These decision procedures are based on a careful analysis of the proof system modeling the deductive power of the intruder, taking into account the algebraic properties of the equational theories under consideration. The analysis of the deduction rules interacting with the equational theory relies on the manipulation of Z-modules in the general case, and on results from prefix rewriting in the binary case.