Abstract
This paper addresses the problem of representing the intruder’s knowledge in the formal verification of cryptographic protocols, whose main challenges are to represent the intruder’s knowledge efficiently and without artificial limitations on the structure and size of messages. The new knowledge representation strategy proposed in this paper achieves both goals and leads to practical implementation because it is incrementally computable and is easily amenable to work with various term representation languages. In addition, it handles associative and commutative term composition operators, thus going beyond the free term algebra framework. An extensive computational complexity analysis of the proposed representation strategy is included in the paper.
Similar content being viewed by others
References
Abadi M, Gordon AD (1999) A calculus for cryptographic protocols: The spi calculus. Inf Comput 148(1): 1–70. doi:10.1006/inco.1998.2740
Amadio RM, Lugiez D (2000) On the reachability problem in cryptographic protocols. In: Proceedings of the 11th international conference on concurrency theory (CONCUR 2000), vol 1877 of Lecture Notes in Computer Science, pp 380–394, Springer, Berlin
Boreale M, Buscemi MG (2002) A framework for the analysis of security protocols. In: Proceedings of the 13th International Conference on Concurrency Theory (CONCUR 2002). Lecture Notes in Computer Science, vol 2421. Springer, Berlin, pp 483–498
Boreale M, De Nicola R, Pugliese R (2002) Proof techniques for cryptographic processes. SIAM J Comput 31(3): 947–986. doi:10.1137/S0097539700377864
Blanchet B (2001) An efficient cryptographic protocol verifier based on prolog rules. In: Proceedings of the 14th IEEE computer security foundations workshop (CSFW-14), Cape Breton. IEEE Computer Society, Washington, pp 82–96
Basin D, Mödersheim S, Viganò L (2005) OFMC: a symbolic model checker for security protocols. Int J Inf Secur 4(3):181–208, Special issue on ESORICS 2003
Boreale M (2001) Symbolic trace analysis of cryptographic protocols. In: Proceedings of the 28th international colloquium on automata, languages, and programming (ICALP 2001). Lecture Notes in Computer Science, vol 2076. Springer, Berlin, pp 667–681
Cibrario Bertolotti I, Durante L, Sisto R, Valenzano A (2003) Introducing commutative and associative operators in cryptographic protocol analysis. In: Proceedings of the 23rd IFIP international conference on formal techniques for networked and distributed systems (FORTE 2003). Lecture Notes in Computer Science, vol 2767. Springer, Berlin, pp 224–239
Cibrario Bertolotti I, Durante L, Sisto R, Valenzano A (2003) A new knowledge representation strategy for cryptographic protocol analysis. In: Proceedings of tools and algoritms for the construction and analysis of systems (TACAS 2003). Lecture Notes in Computer Science, vol 2619. Springer, Berlin, pp 284–298
Clarke EM, Jha S, Marrero W (1998) Using state space exploration and a natural deduction style message derivation engine to verify security protocols. In: Proceedings of the IFIP working conference on programming concepts and methods (PROCOMET 1998). Chapman & Hall, London, pp 87–106
Clarke EM, Jha S, Marrero W (2000) Verifying security protocols with Brutus. ACM Trans Softw Eng Methods 9(4): 443–487. doi:10.1145/363516.363528
Chevalier Y, Küsters R, Rusinowitch M, Turuani M (2003) An NP decision procedure for protocol insecurity with XOR. In: Proceedings of the 18th IEEE symposium on logic in computer science (LICS 2003). IEEE Computer Society Press, Washington, pp 261–170. doi:10.1109/LICS.2003.1210066
Comon-Lundh H, Shmatikov V (2003) Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proceedings of the 18th IEEE symposium on logic in computer science (LICS 2003). IEEE Computer Society Press, Washington, pp 271–280. doi:10.1109/LICS.2003.1210067
Diffie W, Hellman M (1976) New directions in cryptography. IEEE Trans Inf Theory 22(6): 644–654
Durante L, Sisto R, Valenzano A (2003) Automatic testing equivalence verification of spi calculus specifications. ACM Trans Softw Eng Methodology 12(2): 222–284. doi:10.1145/941566.941570
Dolev D, Yao A (1983) On the security of public key protocols. IEEE Trans Inf Theory 29(2): 198–208
Fiore M, Abadi M (2001) Computing symbolic models for verifying cryptographic protocols. In: Proceedings of the 14th IEEE computer security foundations workshop (CSFW 2001). IEEE Computer Society Press, Washington, pp 160–173. doi:10.1109/CSFW.2001.930144
Huima A (1999) Efficient infinite-state analysis of security protocols. In: Proceedings of the FLOC workshop on formal methods and security protocols
Lowe G (1996) Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Proceedings of tools and algoritms for the construction and analysis of systems (TACAS 1996). Lecture Notes in Computer Science, vol 1055. Springer, Berlin, pp 147–166
Lowe G (1997) Casper: a compiler for the analysis of security protocols. In: Proceedings of the 10th IEEE computer security foundations workshop (CSFW 1997). IEEE Computer Society Press, Washington, pp 18–30. doi:10.1109/CSFW.1997.596779
Lowe G (1999) Towards a completeness result for model checking security protocols. J Comput Sec 7(2–3): 89–146
McAllester D (1993) Automatic recognition of tractability in inference relations. J ACM 40(2): 284–303. doi:10.1145/151261.151265
Marrero W, Clarke EM, Jha S (1997) A model checker for authentication protocols. In: Proceedings of the DIMACS workshop on design and formal verification of security protocols
Meadows C, Narendran P (2002) A unification algorithm for the group Diffie–Hellman protocol. In: Proceedings of WITS’02
Monniaux D (1999) Abstracting cryptographic protocols with tree automata. In: Proceedings of the 6th international static analysis symposium (SAS 1999). Lecture Notes in Computer Science, vol 1694. Springer, Berlin, pp 149–163
Milner R, Parrow J, Walker D (1992) A calculus of mobile processes, parts I and II. Inf Comput 100(1): 1–77. doi:10.1016/0890-5401(92)90008-4
Millen JK, Shmatikov V (2001) Constraint solving for bounded-process cryptographic protocol analysis. In: Proceedings of the 8th ACM conference on computer and communications security (CCS 2001). ACM Press, New York, pp 166–175. doi:10.1145/501983.502007
Millen JK, Shmatikov V (2003) Symbolic protocol analysis with products and Diffie–Hellman exponentiation. In: Proceedings of the 16th IEEE computer security foundations workshop (CSFW 2003). IEEE Computer Society Press, Washington, pp 47–61. doi:10.1109/CSFW.2003.1212704
Paulson LC (1998) The inductive approach to verifying cryptographic protocols. J Comput Sec 6: 85–128
Prawitz D (1965) Natural deduction: a proof-theoretical study. Almqvist & Wiksell, Stockholm
Rusinowitch M, Turuani M (2001) Protocol insecurity with finite number of sessions is NP-complete. In: Proceedings of the 14th IEEE computer security foundations workshop (CSFW 2001). IEEE Computer Society Press, Washington, pp 174–187. doi:10.1109/CSFW.2001.930145
Schneider S (1998) Verifying authentication protocols in CSP. IEEE Trans Softw Eng 24(9): 741–758. doi:10.1109/32.713329
Author information
Authors and Affiliations
Corresponding author
Additional information
C. B. Jones
This work was partially supported by the Italian National Council of Research, grant number CNRC00FE45, and by the Center for Multimedia Radio Communications of Politecnico di Torino.
Rights and permissions
About this article
Cite this article
Bertolotti, I.C., Durante, L., Sisto, R. et al. Efficient representation of the attacker’s knowledge in cryptographic protocols analysis. Form Asp Comp 20, 303–348 (2008). https://doi.org/10.1007/s00165-008-0078-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s00165-008-0078-3