Handling exp,× (and Timestamps) in Protocol Analysis

  • Roberto Zunino
  • Pierpaolo Degano
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3921)


We present a static analysis technique for the verification of cryptographic protocols, specified in a process calculus. Rather than assuming a specific, fixed set of cryptographic primitives, we only require them to be specified through a term rewriting system, with no restrictions. Examples are provided to support our analysis. First, we tackle forward secrecy for a Diffie-Hellman-based protocol involving exponentiation, multiplication and inversion. Then, a simplified version of Kerberos is analyzed, showing that its use of timestamps succeeds in preventing replay attacks.


Protocol Analysis Proof Obligation Cryptographic Protocol Tree Automaton Intersection Constraint 


  1. 1.
    Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Proceedings of the 28th ACM Symposium on Principles of Programming Languages (POPL 2001), pp. 104–115 (2001)Google Scholar
  2. 2.
    Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: The Spi calculus. Journal of Information and Computation 148(1), 1–70 (1999)MathSciNetCrossRefMATHGoogle Scholar
  3. 3.
    AVISPA project home page, http://www.avispa-project.org
  4. 4.
    Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. In: 20th IEEE Symposium on Logic in Computer Science (LICS 2005) (2005)Google Scholar
  5. 5.
    Bodei, C., Degano, P., Nielson, F., Riis Nielson, H.: Static analysis for the π-calculus with application to security. Journal of Information and Computation 168(1), 68–92 (2001)MathSciNetCrossRefMATHGoogle Scholar
  6. 6.
    Boichut, Y.: Tree automata for security protocols (TA4SP) tool, http://lifc.univ-fcomte.fr/~boichut/TA4SP/TA4SP.html
  7. 7.
    Cervesato, I., Durgin, N.A., Mitchell, J.C., Lincoln, P.D., Scedrov, A.: Relating strands and multiset rewriting for security protocol analysis. In: 13-th IEEE Computer Security Foundations Workshop, pp. 35–51 (2000)Google Scholar
  8. 8.
    Diffie, W., Hellman, M.: New directions in cryptography. IEEE Transactions on Information Theory 22(6), 644–654 (1976)MathSciNetCrossRefMATHGoogle Scholar
  9. 9.
    Dolev, D., Yao, A.C.: On the security of public key protocols. IEEE Transactions on Information Theory IT-29(12), 198–208 (1983)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Feuillade, G., Genet, T., Tong, V.V.T.: Reachability analysis over term rewriting systems. Journal of Automated Reasoning (2004)Google Scholar
  11. 11.
    Genet, T., Tang-Talpin, Y.T., Tong, V.V.T.: Verification of copy-protection cryptographic protocol using approximations of term rewriting systems. In: Proc. of Workshop on Issues in the Theory of Security (2003)Google Scholar
  12. 12.
    Genet, T., Klay, F.: Rewriting for cryptographic protocol verification. In: Proceeding of CADE, pp. 271–290 (2000)Google Scholar
  13. 13.
    Goubault-Larrecq, J., Roger, M., Verma, K.N.: Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically. Journal of Logic and Algebraic Programming 64(2), 219–251 (2005)MathSciNetCrossRefMATHGoogle Scholar
  14. 14.
    Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theoretical Computer Science 96(1), 73–155 (1992)MathSciNetCrossRefMATHGoogle Scholar
  15. 15.
    Millen, J.K., Shmatikov, V.: Symbolic protocol analysis with products and Diffie-Hellman exponentiation. In: Computer Security Foundations Workshop (2003)Google Scholar
  16. 16.
    Milner, R.: Communicating and Mobile Systems: the π-Calculus. Cambridge University Press, Cambridge (1999)Google Scholar
  17. 17.
    Monniaux, D.: Abstracting cryptographic protocols with tree automata. Science of Computer Programming 47(2–3), 177–202 (2003)MathSciNetCrossRefMATHGoogle Scholar
  18. 18.
    Neuman, B.C., Ts’o, T.: Kerberos: An authentication service for computer networks. IEEE Communications Magazine 32, 33–38 (1994)CrossRefGoogle Scholar
  19. 19.
    Nielson, F., Riis Nielson, H., Seidl, H.: Cryptographic analysis in cubic time. Electronic Notes in Theoretical Computer Science 62 (2002)Google Scholar
  20. 20.
    Steiner, J.G., Neuman, B.C., Shiller, J.I.: Kerberos: An authentication service for open network systems. In: Proc. of the Winter 1988 Usenix Conference, pp. 191–201 (1988)Google Scholar
  21. 21.
    Timbuk tree automata tool, http://www.irisa.fr/lande/genet/timbuk
  22. 22.
    Zunino, R.: Control flow analysis for the applied π–calculus. In: Proceedings of the MEFISTO Project 2003. ENTCS, vol.  99, pp. 87–110 (2004)Google Scholar
  23. 23.
    Zunino, R., Degano, P.: Finite approximations of terms up to rewriting, http://www.di.unipi.it/~zunino/papers/completion.html

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Roberto Zunino
    • 1
  • Pierpaolo Degano
    • 1
  1. 1.Dipartimento di InformaticaUniversità di PisaItaly

Personalised recommendations