A Formal Definition of Protocol Indistinguishability and Its Verification Using Maude-NPA

  • Sonia Santiago
  • Santiago Escobar
  • Catherine Meadows
  • José Meseguer
Conference paper

DOI: 10.1007/978-3-319-11851-2_11

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8743)
Cite this paper as:
Santiago S., Escobar S., Meadows C., Meseguer J. (2014) A Formal Definition of Protocol Indistinguishability and Its Verification Using Maude-NPA. In: Mauw S., Jensen C.D. (eds) Security and Trust Management. STM 2014. Lecture Notes in Computer Science, vol 8743. Springer, Cham

Abstract

Intuitively, two protocols \({\mathcal P}_1\) and \({\mathcal P}_2\) are indistinguishable if an attacker cannot tell the difference between interactions with \({\mathcal P}_1\) and with \({\mathcal P}_2\). In this paper we: (i) propose an intuitive notion of indistinguishability in Maude-NPA; (ii) formalize such a notion in terms of state unreachability conditions on their synchronous product; (iii) prove theorems showing how —assuming the protocol’s algebraic theory has a finite variant (FV) decomposition– these conditions can be checked by the Maude-NPA tool; and (iv) illustrate our approach with concrete examples. This provides for the first time a framework for automatic analysis of indistinguishability modulo as wide a class of algebraic properties as FV, which includes many associative-commutative theories of interest to cryptographic protocol analysis.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  • Sonia Santiago
    • 1
  • Santiago Escobar
    • 1
  • Catherine Meadows
    • 2
  • José Meseguer
    • 3
  1. 1.DSIC-ELPUniversitat Politècnica de ValènciaSpain
  2. 2.Naval Research LaboratoryWashingtonUSA
  3. 3.University of Illinois at Urbana-ChampaignUSA

Personalised recommendations