Handling exp,× (and Timestamps) in Protocol Analysis

  • Roberto Zunino
  • Pierpaolo Degano
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3921)


We present a static analysis technique for the verification of cryptographic protocols, specified in a process calculus. Rather than assuming a specific, fixed set of cryptographic primitives, we only require them to be specified through a term rewriting system, with no restrictions. Examples are provided to support our analysis. First, we tackle forward secrecy for a Diffie-Hellman-based protocol involving exponentiation, multiplication and inversion. Then, a simplified version of Kerberos is analyzed, showing that its use of timestamps succeeds in preventing replay attacks.


Protocol Analysis Proof Obligation Cryptographic Protocol Tree Automaton Intersection Constraint 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115 (2001)Google Scholar
  2. 2.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The Spi calculus. Journal of Information and Computation 148(1), 1–70 (1999)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    AVISPA project home page,
  4. 4.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. In: 20th IEEE Symposium on Logic in Computer Science (LICS 2005) (2005)Google Scholar
  5. 5.
    Bodei, C., Degano, P., Nielson, F., Riis Nielson, H.: Static analysis for the π-calculus with application to security. Journal of Information and Computation 168(1), 68–92 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Boichut, Y.: Tree automata for security protocols (TA4SP) tool,
  7. 7.
    Cervesato, I., Durgin, N.A., Mitchell, J.C., Lincoln, P.D., Scedrov, A.: Relating strands and multiset rewriting for security protocol analysis. In: 13-th IEEE Computer Security Foundations Workshop, pp. 35–51 (2000)Google Scholar
  8. 8.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(12), 198–208 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Feuillade, G., Genet, T., Tong, V.V.T.: Reachability analysis over term rewriting systems. Journal of Automated Reasoning (2004)Google Scholar
  11. 11.
    Genet, T., Tang-Talpin, Y.T., Tong, V.V.T.: Verification of copy-protection cryptographic protocol using approximations of term rewriting systems. In: Proc. of Workshop on Issues in the Theory of Security (2003)Google Scholar
  12. 12.
    Genet, T., Klay, F.: Rewriting for cryptographic protocol verification. In: Proceeding of CADE, pp. 271–290 (2000)Google Scholar
  13. 13.
    Goubault-Larrecq, J., Roger, M., Verma, K.N.: Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically. Journal of Logic and Algebraic Programming 64(2), 219–251 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  14. 14.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science 96(1), 73–155 (1992)MathSciNetCrossRefzbMATHGoogle Scholar
  15. 15.
    Millen, J.K., Shmatikov, V.: Symbolic protocol analysis with products and Diffie-Hellman exponentiation. In: Computer Security Foundations Workshop (2003)Google Scholar
  16. 16.
    Milner, R.: Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, Cambridge (1999)Google Scholar
  17. 17.
    Monniaux, D.: Abstracting cryptographic protocols with tree automata. Science of Computer Programming 47(2–3), 177–202 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Neuman, B.C., Ts’o, T.: Kerberos: An authentication service for computer networks. IEEE Communications Magazine 32, 33–38 (1994)CrossRefGoogle Scholar
  19. 19.
    Nielson, F., Riis Nielson, H., Seidl, H.: Cryptographic analysis in cubic time. Electronic Notes in Theoretical Computer Science 62 (2002)Google Scholar
  20. 20.
    Steiner, J.G., Neuman, B.C., Shiller, J.I.: Kerberos: An authentication service for open network systems. In: Proc. of the Winter 1988 Usenix Conference, pp. 191–201 (1988)Google Scholar
  21. 21.
    Timbuk tree automata tool,
  22. 22.
    Zunino, R.: Control flow analysis for the applied π–calculus. In: Proceedings of the MEFISTO Project 2003. ENTCS, vol.  99, pp. 87–110 (2004)Google Scholar
  23. 23.
    Zunino, R., Degano, P.: Finite approximations of terms up to rewriting,

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Roberto Zunino
    • 1
  • Pierpaolo Degano
    • 1
  1. 1.Dipartimento di InformaticaUniversità di PisaItaly

Personalised recommendations