Skip to main content
SpringerLink
Log in

Decidability and Combination Results for Two Notions of Knowledge in Security Protocols

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

In formal approaches, messages sent over a network are usually modeled by terms together with an equational theory, axiomatizing the properties of the cryptographic functions (encryption, exclusive or, ...). The analysis of cryptographic protocols requires a precise understanding of the attacker knowledge. Two standard notions are usually considered: deducibility and indistinguishability. Those notions are well-studied and several decidability results already exist to deal with a variety of equational theories. Most of the existing results are dedicated to specific equational theories and only few results, especially in the case of indistinguishability, have been obtained for equational theories with associative and commutative properties \((\textsf{AC})\). In this paper, we show that existing decidability results can be easily combined for any disjoint equational theories: if the deducibility and indistinguishability relations are decidable for two disjoint theories, they are also decidable for their union. We also propose a general setting for solving deducibility and indistinguishability for an important class (called monoidal) of equational theories involving \(\textsf{AC}\) operators. As a consequence of these two results, new decidability and complexity results can be obtained for many relevant equational theories.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi, M., Baudet, M., Warinschi, B.: Guessing attacks and the computational soundness of static equivalence. In: Proceedings of the 9th International Conference on Foundations of Software Science and Computation Structures (FOSSACS’06), pp. 398–412. Vienna, Austria (2006)

  2. Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theor. Comp. Sci. 387(1–2), 2–32 (2006)

    Article  MathSciNet  Google Scholar 

  3. Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL’01), pp. 104–115. London, UK (2001)

  4. Baader, F.: Unification in commutative theories. J. Symb. Comput. 8(5), 479–497 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  5. Baader, F.: Unification in commutative theories. Hilbert’s basis theorem, and Gröbner bases. J. ACM 40(3), 477–503 (1993)

    Article  MathSciNet  MATH  Google Scholar 

  6. Baader, F., Nutt, W.: Combination problems for commutative/monoidal theories or how algebra can help in equational unification. Appl. Algebra Eng. Commun. Comput. 7(4), 309–337 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  7. Baader, F., Schulz, K.U.: Unification in the union of disjoint equational theories: combining decision procedures. J. Symb. Comput. 21(2), 211–243 (1996)

    Article  MathSciNet  MATH  Google Scholar 

  8. Baader, F., Schulz, K.U.: Combination of constraint solvers for free and quasi-free structures. Theor. Comp. Sci. 192(1), 107–161 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  9. Baader, F., Tinelli, C.: Deciding the word problem in the union of equational theories. Inf. Comput. 178(2), 346–390 (2002)

    Article  MathSciNet  MATH  Google Scholar 

  10. Baudet, M.: Deciding security of protocols against off-line guessing attacks. In: Proc. 12th ACM Conference on Computer and Communications Security (CCS’05), pp. 16–25. Alexandria, VA, USA (2005)

  11. Baudet, M., Cortier, V., Kremer, S.: Computationally sound implementations of equational theories against passive adversaries. In: Proceedings of the 32nd International Colloquium on Automata, Languages and Programming (ICALP’05). LNCS, vol. 3580, pp. 652–663. Lisboa, Portugal (2005)

  12. Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: Deciding the security of protocols with Diffie–Hellman exponentiation and product in exponents. In: Proceedings of the 23rd Conference on Foundations of Software Technology and Theoretical Computer Science (FST&TCS’03). LNCS, vol. 2914, pp. 124–135. Mumbai, India (2003)

  13. Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: Proceedings of 18th Annual IEEE Symposium on Logic in Computer Science (LICS’03). Ottawa, Canada (2003)

  14. Chevalier, Y., Rusinowitch, M.: Combining intruder theories. In: Proceedings of the 32nd International Colloquium on Automata, Languages and Programming (ICALP’05). LNCS, vol. 3580, pp. 639–651. Lisboa, Portugal (2005)

  15. Chevalier, Y., Rusinowitch, M.: Combining Intruder Theories. Technical Report 5495, INRIA. http://www.inria.fr/rrrt/rr-5495.html (2005)

  16. Chevalier, Y., Rusinowitch, M.: Hierarchical combination of intruder theories. In: Proceedings of the 17th International Conference on Rewriting Techniques and Applications, (RTA’06). LNCS, vol. 4098, pp. 108–122. Seattle, WA (2006)

  17. Chevalier, Y., Rusinowitch, M.: Hierarchical combination of intruder theories. Inf. Comput. 206(2–4), 352–377 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  18. Collins, D.J.: A simple presentation of a group with unsolvable word problem. Ill. J. Math. 30(2), 230–234 (1986)

    MathSciNet  MATH  Google Scholar 

  19. Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proceedings of 18th Annual IEEE Symposium on Logic in Computer Science (LICS’03). Ottawa, Canada (2003)

  20. Comon-Lundh, H., Treinen, R.: Easy intruder deductions. In: Verification: Theory & Practice. Essays Dedicated to Zohar Manna on the Occasion of His 64th Birthday. LNCS, vol. 2772, pp. 225–242 (2003)

  21. Delaune, S.: Easy intruder deduction problems with homomorphisms. Inf. Process. Lett. 97(6), 213–218 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  22. Delaune, S., Lafourcade, P., Lugiez, D., Treinen, R.: Symbolic protocol analysis for monoidal equational theories. Inf. Comput. 206(2–4), 312–351 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  23. Dershowitz, N., Jouannaud, J.-P.: Rewrite systems. In: Handbook of Theoretical Computer Science, vol. B, Chapter 6. Elsevier (1990)

  24. Kremer, S., Ryan, M.D.: Analysis of an electronic voting protocol in the applied pi-calculus’. In: Proceedings of the 14th European Symposium on Programming (ESOP’05). LNCS, vol. 3444, pp. 186–200. Edinburgh, UK (2005)

  25. Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for AC-like equational theories with homomorphisms. In: Proceedings 16th International Conference on Rewriting Techniques and Applications (RTA’05). LNCS, vol. 3467, pp. 308–322. Nara, Japan (2005)

  26. Lafourcade, P., Lugiez, D., Treinen, R.: ACUNh: unification and disunification using automata theory. In: Proc. 20th Int. Workshop on Unification (UNIF’06), pp. 6–20. Seattle, WA, USA (2006)

  27. Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for the equational theory of abelian groups with distributive encryption. Inf. Comput. 205(4), 581–623 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  28. Lakhnech, Y., Mazaré, L., Warinschi, B.: Soundness of symbolic equivalence for modular exponentiation. In: Proceedings of the 2nd Workshop on Formal and Computational Cryptography (FCC’06), pp. 19–23. Venice, Italy (2006)

  29. Lowe, G.: Breaking and fixing the Needham–Schroeder public-key protocol using FDR. In: Proceedings of the 2nd International Workshop on Tools and Algorithms for the Construction and Analysis of Systems (TACAS’96) LNCS, vol. 1055, pp. 147–166. Berlin, Germany (1996)

  30. Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proceedings of the 8th ACM Conference on Computer and Communications Security (CCS’01) (2001)

  31. Nutt, W.: Unification in monoidal theories. In: Proc. 10th Int. Conference on Automated Deduction, (CADE’90). LNCS, vol. 449, pp. 618–632. Kaiserslautern, Germany (1990)

  32. Paulson, L.C.: The inductive approach to verifying cryptographic protocols. J. Comput. Secur. 6(1–2), 85–128 (1998)

    Google Scholar 

  33. Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theor. Comp. Sci. 1–3(299), 451–475 (2003)

    Article  MathSciNet  Google Scholar 

  34. Schmidt-Schauß, M.: Unification in a combination of arbitrary disjoint equational theories. J. Symb. Comput. 8(1/2), 51–99 (1989)

    Article  MATH  Google Scholar 

  35. Schrijver, A.: Theory of Linear and Integer Programming. Wiley, New York (1986)

    MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. LORIA, CNRS, Nancy, France

    Véronique Cortier

  2. LSV, ENS de Cachan & CNRS & INRIA, 61 avenue du Président Wilson, 94235, Cachan Cedex, France

    Stéphanie Delaune

Authors
  1. Véronique Cortier
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Stéphanie Delaune
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stéphanie Delaune.

Additional information

This work has been partly supported by the ANR-07-SESU-002 project AVOTÉ.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cortier, V., Delaune, S. Decidability and Combination Results for Two Notions of Knowledge in Security Protocols. J Autom Reasoning 48, 441–487 (2012). https://doi.org/10.1007/s10817-010-9208-8

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-010-9208-8

Keywords

Search

Navigation