Security Protocols, Constraint Systems, and Group Theories

  • Stéphanie Delaune
  • Steve Kremer
  • Daniel Pasaila
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7364)

Abstract

When formally analyzing security protocols it is often important to express properties in terms of an adversary’s inability to distinguish two protocols. It has been shown that this problem amounts to deciding the equivalence of two constraint systems, i.e., whether they have the same set of solutions. In this paper we study this equivalence problem when cryptographic primitives are modeled using a group equational theory, a special case of monoidal equational theories. The results strongly rely on the isomorphism between group theories and rings. This allows us to reduce the problem under study to the problem of solving systems of equations over rings. We provide several new decidability and complexity results, notably for equational theories which have applications in security protocols, such as exclusive or and Abelian groups which may additionally admit a unary, homomorphic symbol.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoretical Computer Science 387(1-2), 2–32 (2006)MathSciNetCrossRefGoogle Scholar
  2. 2.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proc. 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115. ACM Press (2001)Google Scholar
  3. 3.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Inf. Comput. 148(1), 1–70 (1999)MathSciNetMATHCrossRefGoogle Scholar
  4. 4.
    Arapinis, M., Chothia, T., Ritter, E., Ryan, M.D.: Analysing unlinkability and anonymity using the applied pi calculus. In: Proc. 23rd Computer Security Foundations Symposium (CSF 2010), pp. 107–121. IEEE Comp. Soc. Press (2010)Google Scholar
  5. 5.
    Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Tobarra, M.L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proc. 6th ACM Workshop on Formal Methods in Security Engineering (FMSE 2008), pp. 1–10. ACM Press (2008)Google Scholar
  6. 6.
    Baader, F.: Unification in commutative theories. Journal of Symbolic Computation 8(5), 479–497 (1989)MathSciNetMATHCrossRefGoogle Scholar
  7. 7.
    Baudet, M.: Deciding security of protocols against off-line guessing attacks. In: Proc. 12th Conference on Computer and Communications Security (CCS 2005), pp. 16–25. ACM Press (2005)Google Scholar
  8. 8.
    Cheval, V., Comon-Lundh, H., Delaune, S.: Automating Security Analysis: Symbolic Equivalence of Constraint Systems. In: Giesl, J., Hähnle, R. (eds.) IJCAR 2010. LNCS (LNAI), vol. 6173, pp. 412–426. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Chevalier, Y., Rusinowitch, M.: Symbolic protocol analysis in the union of disjoint intruder theories: Combining decision procedures. Theoretical Computer Science 411(10), 1261–1282 (2010)MathSciNetMATHCrossRefGoogle Scholar
  10. 10.
    Chevalier, Y., Rusinowitch, M.: Decidability of equivalence of symbolic derivations. J. Autom. Reasoning 48(2), 263–292 (2012)CrossRefGoogle Scholar
  11. 11.
    Comon-Lundh, H., Cortier, V., Zalinescu, E.: Deciding security properties of cryptographic protocols. application to key cycles. Transaction on Computational Logic 11(2) (2010)Google Scholar
  12. 12.
    Cortier, V., Delaune, S.: Decidability and combination results for two notions of knowledge in security protocols. J. of Autom. Reasoning 48(4), 441–487 (2012)CrossRefGoogle Scholar
  13. 13.
    Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security 14(1), 1–43 (2006)Google Scholar
  14. 14.
    Delaune, S.: Easy intruder deduction problems with homomorphisms. Information Processing Letters 97(6), 213–218 (2006)MathSciNetMATHCrossRefGoogle Scholar
  15. 15.
    Delaune, S., Kremer, S., Pasaila, D.: Security protocols, constraint systems, and group theories. Research Report LSV-12-06, Laboratoire Spécification et Vérification, ENS Cachan, France, 23 pages (2012)Google Scholar
  16. 16.
    Delaune, S., Kremer, S., Ryan, M.D.: Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17(4), 435–487 (2009)Google Scholar
  17. 17.
    Delaune, S., Lafourcade, P., Lugiez, D., Treinen, R.: Symbolic protocol analysis for monoidal equational theories. Inf. Comp. 206(2-4), 312–351 (2008)MathSciNetMATHCrossRefGoogle Scholar
  18. 18.
    Lafourcade, P., Lugiez, D., Treinen, R.: Intruder Deduction for AC-Like Equational Theories with Homomorphisms. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 308–322. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  19. 19.
    Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc. 8th ACM Conference on Computer and Communications Security (CCS 2001). ACM Press (2001)Google Scholar
  20. 20.
    Nutt, W.: Unification in Monoidal Theories. In: Stickel, M.E. (ed.) CADE 1990. LNCS, vol. 449, pp. 618–632. Springer, Heidelberg (1990)CrossRefGoogle Scholar
  21. 21.
    Schrijver, A.: Theory of Linear and Integer Programming. Wiley (1986)Google Scholar
  22. 22.
    Tiu, A., Dawson, J.: Automating open bisimulation checking for the spi-calculus. In: Proc. 23rd Computer Security Foundations Symposium (CSF 2010), pp. 307–321. IEEE Comp. Soc. Press (2010)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Stéphanie Delaune
    • 1
  • Steve Kremer
    • 2
  • Daniel Pasaila
    • 1
    • 3
  1. 1.LSV, CNRS & ENS Cachan & INRIA Saclay Île-de-FranceFrance
  2. 2.LORIA, INRIA Nancy Grand EstFrance
  3. 3.Google, Inc.France

Personalised recommendations