Advertisement

Symbolic Protocol Analysis in Presence of a Homomorphism Operator and Exclusive Or

  • Stéphanie Delaune
  • Pascal Lafourcade
  • Denis Lugiez
  • Ralf Treinen
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4052)

Abstract

Security of a cryptographic protocol for a bounded number of sessions is usually expressed as a symbolic trace reachability problem. We show that symbolic trace reachability for well-defined protocols is decidable in presence of the exclusive or theory in combination with the homomorphism axiom. These theories allow us to model basic properties of important cryptographic operators.

This trace reachability problem can be expressed as a system of symbolic deducibility constraints for a certain inference system describing the capabilities of the attacker. One main step of our proof consists in reducing deducibility constraints to constraints for deducibility in one step of the inference system. This constraint system, in turn, can be expressed as a system of quadratic equations of a particular form over ℤ/2ℤ[h], the ring of polynomials in one indeterminate over the finite field ℤ/2ℤ. We show that satisfiability of such systems is decidable.

Keywords

Inference System Inference Rule Equational Theory Constraint System Cryptographic Protocol 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: Proc. of 18th Annual IEEE Symposium on Logic in Computer Science (LICS 2003), pp. 261–270. IEEE Computer Society Press, Los Alamitos (2003)CrossRefGoogle Scholar
  2. 2.
    Chevalier, Y., Rusinowitch, M.: Combining intruder theories. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 639–651. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  3. 3.
    Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proc. of 18th Annual IEEE Symposium on Logic in Computer Science LICS 2003, pp. 271–280. IEEE Computer Society Press, Los Alamitos (2003)CrossRefGoogle Scholar
  4. 4.
    Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security 14(1), 1–43 (2006)Google Scholar
  5. 5.
    Cramer, R., Gennaro, R., Schoenmakers, B.: A secure and optimally efficient multi-authority election scheme. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 103–118. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  6. 6.
    Delaune, S.: Easy intruder deduction problems with homomorphisms. Information Processing Letters 97(6), 213–218 (2006)MATHCrossRefMathSciNetGoogle Scholar
  7. 7.
    Delaune, S.: An undecidability result for AGh. Research Report LSV-06-02, LSV, ENS Cachan, France (2006)Google Scholar
  8. 8.
    Delaune, S., Jacquemard, F.: A decision procedure for the verification of security protocols with explicit destructors. In: Proc. of 11th ACM Conference on Computer and Communications Security (CCS 2004), pp. 278–287. ACM Press, New York (2004)CrossRefGoogle Scholar
  9. 9.
    Delaune, S., Lafourcade, P., Lugiez, D., Treinen, R.: Symbolic protocol analysis in presence of a homomorphism operator and exclusive or. In: Research Report LSV-05-20 (2005)Google Scholar
  10. 10.
    Dolev, D., Yao, A.: On the security of public key protocols. In: Proc. of the 22nd Symp. on Foundations of Computer Science, pp. 350–357. IEEE Computer Society Press, Los Alamitos (1981)Google Scholar
  11. 11.
    Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: Proc. Workshop on formal methods in security protocols (1999)Google Scholar
  12. 12.
    Guo, Q., Narendran, P., Wolfram, D.A.: Complexity of nilpotent unification and matching problems. Information and Computation 162(1-2), 3–23 (2000)MATHCrossRefMathSciNetGoogle Scholar
  13. 13.
    Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for AC-like equational theories with homomorphisms. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 308–322. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  14. 14.
    Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for the equational theory of exclusive-or with distributive encryption. In: Research Report LSV-05-19, ENS Cachan (2005)Google Scholar
  15. 15.
    Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc.of 8th ACM Conference on Computer and Communications Security (CCS 2001), ACM Press, New York (2001)Google Scholar
  16. 16.
    Millen, J., Shmatikov, V.: Symbolic protocol analysis with an Abelian group operator or Diffie-Hellman exponentiation. Journal of Computer Security 13(3), 515–564 (2005)Google Scholar
  17. 17.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theoretical Computer Science 1-3(299), 451–475 (2003)CrossRefMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Stéphanie Delaune
    • 1
    • 2
  • Pascal Lafourcade
    • 2
    • 3
  • Denis Lugiez
    • 3
  • Ralf Treinen
    • 2
  1. 1.Division R&DFrance Télécom 
  2. 2.LSV, CNRS UMR 8643, ENS de Cachan & INRIA Futurs project SECSI 
  3. 3.LIF, Université Aix-Marseille1 & CNRS UMR 6166 

Personalised recommendations