Security Protocols, Constraint Systems, and Group Theories
Abstract
When formally analyzing security protocols it is often important to express properties in terms of an adversary’s inability to distinguish two protocols. It has been shown that this problem amounts to deciding the equivalence of two constraint systems, i.e., whether they have the same set of solutions. In this paper we study this equivalence problem when cryptographic primitives are modeled using a group equational theory, a special case of monoidal equational theories. The results strongly rely on the isomorphism between group theories and rings. This allows us to reduce the problem under study to the problem of solving systems of equations over rings. We provide several new decidability and complexity results, notably for equational theories which have applications in security protocols, such as exclusive or and Abelian groups which may additionally admit a unary, homomorphic symbol.
Keywords
Abelian Group Group Theory Function Symbol Equational Theory Security ProtocolPreview
Unable to display preview. Download preview PDF.
References
- 1.Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoretical Computer Science 387(1-2), 2–32 (2006)MathSciNetCrossRefGoogle Scholar
- 2.Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proc. 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115. ACM Press (2001)Google Scholar
- 3.Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The spi calculus. Inf. Comput. 148(1), 1–70 (1999)MathSciNetMATHCrossRefGoogle Scholar
- 4.Arapinis, M., Chothia, T., Ritter, E., Ryan, M.D.: Analysing unlinkability and anonymity using the applied pi calculus. In: Proc. 23rd Computer Security Foundations Symposium (CSF 2010), pp. 107–121. IEEE Comp. Soc. Press (2010)Google Scholar
- 5.Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Tobarra, M.L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proc. 6th ACM Workshop on Formal Methods in Security Engineering (FMSE 2008), pp. 1–10. ACM Press (2008)Google Scholar
- 6.Baader, F.: Unification in commutative theories. Journal of Symbolic Computation 8(5), 479–497 (1989)MathSciNetMATHCrossRefGoogle Scholar
- 7.Baudet, M.: Deciding security of protocols against off-line guessing attacks. In: Proc. 12th Conference on Computer and Communications Security (CCS 2005), pp. 16–25. ACM Press (2005)Google Scholar
- 8.Cheval, V., Comon-Lundh, H., Delaune, S.: Automating Security Analysis: Symbolic Equivalence of Constraint Systems. In: Giesl, J., Hähnle, R. (eds.) IJCAR 2010. LNCS (LNAI), vol. 6173, pp. 412–426. Springer, Heidelberg (2010)CrossRefGoogle Scholar
- 9.Chevalier, Y., Rusinowitch, M.: Symbolic protocol analysis in the union of disjoint intruder theories: Combining decision procedures. Theoretical Computer Science 411(10), 1261–1282 (2010)MathSciNetMATHCrossRefGoogle Scholar
- 10.Chevalier, Y., Rusinowitch, M.: Decidability of equivalence of symbolic derivations. J. Autom. Reasoning 48(2), 263–292 (2012)CrossRefGoogle Scholar
- 11.Comon-Lundh, H., Cortier, V., Zalinescu, E.: Deciding security properties of cryptographic protocols. application to key cycles. Transaction on Computational Logic 11(2) (2010)Google Scholar
- 12.Cortier, V., Delaune, S.: Decidability and combination results for two notions of knowledge in security protocols. J. of Autom. Reasoning 48(4), 441–487 (2012)CrossRefGoogle Scholar
- 13.Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security 14(1), 1–43 (2006)Google Scholar
- 14.Delaune, S.: Easy intruder deduction problems with homomorphisms. Information Processing Letters 97(6), 213–218 (2006)MathSciNetMATHCrossRefGoogle Scholar
- 15.Delaune, S., Kremer, S., Pasaila, D.: Security protocols, constraint systems, and group theories. Research Report LSV-12-06, Laboratoire Spécification et Vérification, ENS Cachan, France, 23 pages (2012)Google Scholar
- 16.Delaune, S., Kremer, S., Ryan, M.D.: Verifying privacy-type properties of electronic voting protocols. Journal of Computer Security 17(4), 435–487 (2009)Google Scholar
- 17.Delaune, S., Lafourcade, P., Lugiez, D., Treinen, R.: Symbolic protocol analysis for monoidal equational theories. Inf. Comp. 206(2-4), 312–351 (2008)MathSciNetMATHCrossRefGoogle Scholar
- 18.Lafourcade, P., Lugiez, D., Treinen, R.: Intruder Deduction for AC-Like Equational Theories with Homomorphisms. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 308–322. Springer, Heidelberg (2005)CrossRefGoogle Scholar
- 19.Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc. 8th ACM Conference on Computer and Communications Security (CCS 2001). ACM Press (2001)Google Scholar
- 20.Nutt, W.: Unification in Monoidal Theories. In: Stickel, M.E. (ed.) CADE 1990. LNCS, vol. 449, pp. 618–632. Springer, Heidelberg (1990)CrossRefGoogle Scholar
- 21.Schrijver, A.: Theory of Linear and Integer Programming. Wiley (1986)Google Scholar
- 22.Tiu, A., Dawson, J.: Automating open bisimulation checking for the spi-calculus. In: Proc. 23rd Computer Security Foundations Symposium (CSF 2010), pp. 307–321. IEEE Comp. Soc. Press (2010)Google Scholar