Skip to main content
SpringerLink
Log in

Efficient representation of the attacker’s knowledge in cryptographic protocols analysis

  • Original Article
  • Published:
Formal Aspects of Computing

Abstract

This paper addresses the problem of representing the intruder’s knowledge in the formal verification of cryptographic protocols, whose main challenges are to represent the intruder’s knowledge efficiently and without artificial limitations on the structure and size of messages. The new knowledge representation strategy proposed in this paper achieves both goals and leads to practical implementation because it is incrementally computable and is easily amenable to work with various term representation languages. In addition, it handles associative and commutative term composition operators, thus going beyond the free term algebra framework. An extensive computational complexity analysis of the proposed representation strategy is included in the paper.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Abadi M, Gordon AD (1999) A calculus for cryptographic protocols: The spi calculus. Inf Comput 148(1): 1–70. doi:10.1006/inco.1998.2740

    Article  MATH  MathSciNet  Google Scholar 

  2. Amadio RM, Lugiez D (2000) On the reachability problem in cryptographic protocols. In: Proceedings of the 11th international conference on concurrency theory (CONCUR 2000), vol 1877 of Lecture Notes in Computer Science, pp 380–394, Springer, Berlin

  3. Boreale M, Buscemi MG (2002) A framework for the analysis of security protocols. In: Proceedings of the 13th International Conference on Concurrency Theory (CONCUR 2002). Lecture Notes in Computer Science, vol 2421. Springer, Berlin, pp 483–498

  4. Boreale M, De Nicola R, Pugliese R (2002) Proof techniques for cryptographic processes. SIAM J Comput 31(3): 947–986. doi:10.1137/S0097539700377864

    Article  MATH  MathSciNet  Google Scholar 

  5. Blanchet B (2001) An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE computer security foundations workshop (CSFW-14), Cape Breton. IEEE Computer Society, Washington, pp 82–96

  6. Basin D, Mödersheim S, Viganò L (2005) OFMC: a symbolic model checker for security protocols. Int J Inf Secur 4(3):181–208, Special issue on ESORICS 2003

    Google Scholar 

  7. Boreale M (2001) Symbolic trace analysis of cryptographic protocols. In: Proceedings of the 28th international colloquium on automata, languages, and programming (ICALP 2001). Lecture Notes in Computer Science, vol 2076. Springer, Berlin, pp 667–681

  8. Cibrario Bertolotti I, Durante L, Sisto R, Valenzano A (2003) Introducing commutative and associative operators in cryptographic protocol analysis. In: Proceedings of the 23rd IFIP international conference on formal techniques for networked and distributed systems (FORTE 2003). Lecture Notes in Computer Science, vol 2767. Springer, Berlin, pp 224–239

  9. Cibrario Bertolotti I, Durante L, Sisto R, Valenzano A (2003) A new knowledge representation strategy for cryptographic protocol analysis. In: Proceedings of tools and algoritms for the construction and analysis of systems (TACAS 2003). Lecture Notes in Computer Science, vol 2619. Springer, Berlin, pp 284–298

  10. Clarke EM, Jha S, Marrero W (1998) Using state space exploration and a natural deduction style message derivation engine to verify security protocols. In: Proceedings of the IFIP working conference on programming concepts and methods (PROCOMET 1998). Chapman & Hall, London, pp 87–106

  11. Clarke EM, Jha S, Marrero W (2000) Verifying security protocols with Brutus. ACM Trans Softw Eng Methods 9(4): 443–487. doi:10.1145/363516.363528

    Article  Google Scholar 

  12. Chevalier Y, Küsters R, Rusinowitch M, Turuani M (2003) An NP decision procedure for protocol insecurity with XOR. In: Proceedings of the 18th IEEE symposium on logic in computer science (LICS 2003). IEEE Computer Society Press, Washington, pp 261–170. doi:10.1109/LICS.2003.1210066

  13. Comon-Lundh H, Shmatikov V (2003) Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proceedings of the 18th IEEE symposium on logic in computer science (LICS 2003). IEEE Computer Society Press, Washington, pp 271–280. doi:10.1109/LICS.2003.1210067

  14. Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6): 644–654

    Article  MATH  MathSciNet  Google Scholar 

  15. Durante L, Sisto R, Valenzano A (2003) Automatic testing equivalence verification of spi calculus specifications. ACM Trans Softw Eng Methodology 12(2): 222–284. doi:10.1145/941566.941570

    Article  Google Scholar 

  16. Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2): 198–208

    Article  MATH  MathSciNet  Google Scholar 

  17. Fiore M, Abadi M (2001) Computing symbolic models for verifying cryptographic protocols. In: Proceedings of the 14th IEEE computer security foundations workshop (CSFW 2001). IEEE Computer Society Press, Washington, pp 160–173. doi:10.1109/CSFW.2001.930144

  18. Huima A (1999) Efficient infinite-state analysis of security protocols. In: Proceedings of the FLOC workshop on formal methods and security protocols

  19. Lowe G (1996) Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Proceedings of tools and algoritms for the construction and analysis of systems (TACAS 1996). Lecture Notes in Computer Science, vol 1055. Springer, Berlin, pp 147–166

  20. Lowe G (1997) Casper: a compiler for the analysis of security protocols. In: Proceedings of the 10th IEEE computer security foundations workshop (CSFW 1997). IEEE Computer Society Press, Washington, pp 18–30. doi:10.1109/CSFW.1997.596779

  21. Lowe G (1999) Towards a completeness result for model checking security protocols. J Comput Sec 7(2–3): 89–146

    Google Scholar 

  22. McAllester D (1993) Automatic recognition of tractability in inference relations. J ACM 40(2): 284–303. doi:10.1145/151261.151265

    Article  MATH  MathSciNet  Google Scholar 

  23. Marrero W, Clarke EM, Jha S (1997) A model checker for authentication protocols. In: Proceedings of the DIMACS workshop on design and formal verification of security protocols

  24. Meadows C, Narendran P (2002) A unification algorithm for the group Diffie–Hellman protocol. In: Proceedings of WITS’02

  25. Monniaux D (1999) Abstracting cryptographic protocols with tree automata. In: Proceedings of the 6th international static analysis symposium (SAS 1999). Lecture Notes in Computer Science, vol 1694. Springer, Berlin, pp 149–163

  26. Milner R, Parrow J, Walker D (1992) A calculus of mobile processes, parts I and II. Inf Comput 100(1): 1–77. doi:10.1016/0890-5401(92)90008-4

    Article  MATH  MathSciNet  Google Scholar 

  27. Millen JK, Shmatikov V (2001) Constraint solving for bounded-process cryptographic protocol analysis. In: Proceedings of the 8th ACM conference on computer and communications security (CCS 2001). ACM Press, New York, pp 166–175. doi:10.1145/501983.502007

  28. Millen JK, Shmatikov V (2003) Symbolic protocol analysis with products and Diffie–Hellman exponentiation. In: Proceedings of the 16th IEEE computer security foundations workshop (CSFW 2003). IEEE Computer Society Press, Washington, pp 47–61. doi:10.1109/CSFW.2003.1212704

  29. Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Sec 6: 85–128

    Google Scholar 

  30. Prawitz D (1965) Natural deduction: a proof-theoretical study. Almqvist & Wiksell, Stockholm

    MATH  Google Scholar 

  31. Rusinowitch M, Turuani M (2001) Protocol insecurity with finite number of sessions is NP-complete. In: Proceedings of the 14th IEEE computer security foundations workshop (CSFW 2001). IEEE Computer Society Press, Washington, pp 174–187. doi:10.1109/CSFW.2001.930145

  32. Schneider S (1998) Verifying authentication protocols in CSP. IEEE Trans Softw Eng 24(9): 741–758. doi:10.1109/32.713329

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. IEIIT-CNR, C.so Duca degli Abruzzi 24, 10129, Torino, Italy

    Ivan Cibrario Bertolotti, Luca Durante & Adriano Valenzano

  2. Politecnico di Torino, C.so Duca degli Abruzzi 24, 10129, Torino, Italy

    Riccardo Sisto

Authors
  1. Ivan Cibrario Bertolotti
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Luca Durante
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Riccardo Sisto
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Adriano Valenzano
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ivan Cibrario Bertolotti.

Additional information

C. B. Jones

This work was partially supported by the Italian National Council of Research, grant number CNRC00FE45, and by the Center for Multimedia Radio Communications of Politecnico di Torino.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Bertolotti, I.C., Durante, L., Sisto, R. et al. Efficient representation of the attacker’s knowledge in cryptographic protocols analysis. Form Asp Comp 20, 303–348 (2008). https://doi.org/10.1007/s00165-008-0078-3

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s00165-008-0078-3

Keywords

Search

Navigation