Skip to main content
SpringerLink
Log in

Computing Knowledge in Security Protocols Under Convergent Equational Theories

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

The analysis of security protocols requires reasoning about the knowledge an attacker acquires by eavesdropping on network traffic. In formal approaches, the messages exchanged over the network are modelled by a term algebra equipped with an equational theory axiomatising the properties of the cryptographic primitives (e.g. encryption, signature). In this context, two classical notions of knowledge, deducibility and indistinguishability, yield corresponding decision problems. We propose a procedure for both problems under arbitrary convergent equational theories. Since the underlying problems are undecidable we cannot guarantee termination. Nevertheless, our procedure terminates on a wide range of equational theories. In particular, we obtain a new decidability result for a theory we encountered when studying electronic voting protocols. We also provide a prototype implementation.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theor. Comp. Sci. 387(1–2), 2–32 (2006)

    Article  MathSciNet  Google Scholar 

  2. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proc. 28th ACM Symposium on Principles of Programming Languages (POPL’01). ACM (2001)

  3. Anantharaman, S., Narendran, P., Rusinowitch, M.: Intruders with caps. In: Proc. 18th International Conference on Term Rewriting and Applications (RTA’07). LNCS, vol. 4533. Springer (2007)

  4. Armando, A., et al.: The AVISPA Tool for the automated validation of internet security protocols and applications. In: Proc. 17th Int. Conference on Computer Aided Verification (CAV’05). LNCS, vol. 3576, pp. 281–285. Springer (2005)

  5. Arnaud, M., Cortier, V., Delaune, S.: Combining algorithms for deciding knowledge in security protocols. In: Wolter, F. (ed.) Proceedings of the 6th International Symposium on Frontiers of Combining Systems (FroCoS’07). Lecture Notes in Artificial Intelligence, vol. 4720, pp. 103–117. Springer, Liverpool, UK (2007)

    Google Scholar 

  6. Backes, M., Hritcu, C., Maffei, M.: Automated verification of remote electronic voting protocols in the applied pi-calculus. In: Proc. 21st IEEE Computer Security Foundations Symposium (CSF’08) (2008)

  7. Backes, M., Maffei, M., Unruh, D.: Zero-knowledge in the applied pi-calculus and automated verification of the direct anonymous attestation protocol. In: Proc. IEEE Symposium on Security and Privacy (S&P’08). IEEE Computer Society Press (2008)

  8. Baudet, M.: Deciding security of protocols against off-line guessing attacks. In: 12th ACM Conference on Computer and Communications Security (CCS’05) (2005)

  9. Baudet, M.: YAPA (Yet Another Protocol Analyzer). http://www.lsv.ens-cachan.fr/~baudet/yapa/index.html (2008)

  10. Baudet, M., Cortier, V., Delaune, S.: YAPA: a generic tool for computing intruder knowledge. In: Proc. 20th International Conference on Rewriting Techniques and Applications (RTA’09), Lecture Notes in Computer Science, vol. 5595, pp. 148–163. Springer, Brasília, Brazil (2009)

    Google Scholar 

  11. Berrima, M., Ben Rajeb, N., Cortier, V.: Deciding knowledge in security protocols under some e-voting theories. Research Report RR-6903, INRIA (2009)

  12. Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th Computer Security Foundations Workshop (CSFW’01), pp. 82–96. IEEE Computer Society Press (2001)

  13. Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. In: Symposium on Logic in Computer Science, pp. 331–340. IEEE Computer Society Press (2005)

  14. Chevalier, Y.: Résolution de problèmes d’ accessibilité pour la compilation et la validation de protocoles cryptographiques. Ph.D. thesis, Université Henri Poincaré, Nancy, France (2003)

  15. Chevalier, Y., Kourjieh, M.: Key substitution in the symbolic analysis of cryptographic protocols. In: Proc. 27th International Conference on Foundations of Software Technology and Theoretical Computer Science (FST&TCS’07), pp. 121–132 (2007)

  16. Ciobâcă, Ş.: KiSs. http://www.lsv.ens-cachan.fr/~ciobaca/kiss (2009)

  17. Ciobâcă, Ş., Delaune, S., Kremer, S.: Computing knowledge in security protocols under convergent equational theories. In: Schmidt, R. (ed.) Proceedings of the 22nd International Conference on Automated Deduction (CADE’09). Lecture Notes in Artificial Intelligence, pp. 355–370, Springer, Montreal, Canada (2009)

    Chapter  Google Scholar 

  18. Corin, R., Doumen, J., Etalle, S.: Analysing password protocol security against off-line dictionary attacks. In: Proc. 2nd International Workshop on Security Issues with Petri Nets and Other Computational Models (WISP’04), ENTCS (2004)

  19. Cortier, V., Delaune, S.: Deciding knowledge in security protocols for monoidal equational theories. In: Proc. 14th Int. Conference on Logic for Programming, Artificial Intelligence, and Reasoning (LPAR’07). LNAI. Springer (2007)

  20. Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. J. Comput. Secur. 14(1), 1–43 (2006)

    Google Scholar 

  21. Delaune, S., Kremer, S., Ryan, M.D.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17(4), 435–487 (2009)

    Google Scholar 

  22. Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi-calculus. In: 14th European Symposium on Programming (ESOP’05). LNCS, vol. 3444, pp. 186–200. Springer (2005)

  23. Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for the equational theory of Abelian groups with distributive encryption. Inf. Comput. 205(4), 581–623 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  24. Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc. 8th ACM Conference on Computer and Communications Security (CCS’01) (2001)

  25. Okamoto, T.: Receipt-free electronic voting schemes for large scale elections. In: Proc. 5th Int. Security Protocols Workshop, LNCS, vol. 1361. Springer (1997)

  26. Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theor. Comp. Sci. 299, 451–475 (2003)

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LSV, ENS Cachan & CNRS & INRIA Saclay Île-de-France, 61, avenue du Président Wilson, 94230, Cachan, France

    Ştefan Ciobâcă, Stéphanie Delaune & Steve Kremer

Authors
  1. Ştefan Ciobâcă
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stéphanie Delaune
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Steve Kremer
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stéphanie Delaune.

Additional information

This work has been partly supported by the ANR SeSur project AVOTÉ. A preliminary version of this work was presented in [17].

Rights and permissions

Reprints and permissions

About this article

Cite this article

Ciobâcă, Ş., Delaune, S. & Kremer, S. Computing Knowledge in Security Protocols Under Convergent Equational Theories. J Autom Reasoning 48, 219–262 (2012). https://doi.org/10.1007/s10817-010-9197-7

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-010-9197-7

Keywords

Search

Navigation