Abstract
Many security protocols fundamentally depend on the algebraic properties of cryptographic operators. It is however difficult to handle these properties when formally analyzing protocols, since basic problems like the equality of terms that represent cryptographic messages are undecidable, even for relatively simple algebraic theories. We present a framework for security protocol analysis that can handle algebraic properties of cryptographic operators in a uniform and modular way. Our framework is based on two ideas: the use of modular rewriting to formalize a generalized equational deduction problem for the Dolev-Yao intruder, and the introduction of two parameters that control the complexity of the equational unification problems that arise during protocol analysis by bounding the depth of message terms and the operations that the intruder can perform when analyzing messages. We motivate the different restrictions made in our model by highlighting different ways in which undecidability arises when incorporating algebraic properties of cryptographic operators into formal protocol analysis.
This work was partially supported by the FET Open Project IST-2001-39252 and the BBW Project 02.0431, “AVISPA: Automated Validation of Internet Security Protocols and Applications”, and by the Zurich Information Security Center. This work represents the views of the authors.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. In: Díaz, J., Karhumäki, J., Lepistö, A., Sannella, D. (eds.) ICALP 2004. LNCS, vol. 3142, pp. 46–58. Springer, Heidelberg (2004)
Abadi, M., Cortier, V.: Deciding knowledge in security protocols under (many more) equational theories. In: Proceedings of CSFW 2005, pp. 62–76. IEEE Computer Society Press, Los Alamitos (2005)
Armando, A., Compagna, L.: Automatic SAT-Compilation of Protocol Insecurity Problems via Reduction to Planning. In: Peled, D.A., Vardi, M.Y. (eds.) FORTE 2002. LNCS, vol. 2529, pp. 210–225. Springer, Heidelberg (2002)
Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, Cambridge (1998)
Baader, F., Schulz, K.U.: Unification in the union of disjoint equational theories: Combining decision procedures. Journal of Symbolic Computation 21, 211–243 (1996)
Baader, F., Snyder, W.: Unification theory. In: Handbook of Automated Reasoning, vol. I, pp. 445–532. Elsevier Science, Amsterdam (2001)
Bachmair, L., Dershowitz, N.: Completion for rewriting modulo a congruence. Theoretical Computer Science 67, 173–201 (1989)
Basin, D., Mödersheim, S., Viganò, L.: Constraint Differentiation: A New Reduction Technique for Constraint-Based Analysis of Security Protocols. In: Proceedings of CCS 2003, pp. 335–344. ACM Press, New York (2003)
Basin, D., Mödersheim, S., Viganò, L.: Algebraic Intruder Deductions (Extended Version). Technical Report 485, Dep. of Computer Science, ETH Zurich (2005), Available at, http://www.infsec.ethz.ch
Basin, D., Mödersheim, S., Viganò, L.: OFMC: A symbolic model checker for security protocols. International Journal of Information Security 4(3), 181–208 (2005)
Boreale, M., Buscemi, M.G.: A framework for the analysis of security protocols. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 483–498. Springer, Heidelberg (2002)
Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP Decision Procedure for Protocol Insecurity with XOR. In: Proceedings of LICS 2003, pp. 261–270. IEEE Computer Society Press, Los Alamitos (2003)
Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 124–135. Springer, Heidelberg (2003)
Chevalier, Y., Rusinowitch, M.: Combining Intruder Theories. In: Caires, L., Italiano, G.F., Monteiro, L., Palamidessi, C., Yung, M. (eds.) ICALP 2005. LNCS, vol. 3580, pp. 639–651. Springer, Heidelberg (2005)
Comon, H., Shmatikov, V.: Is It Possible to Decide Whether a Cryptographic Protocol Is Secure Or Not? Journal of Telecommunications and Information Technology 4, 5–15 (2002)
Comon-Lundh, H., Delaune, S.: The finite variant property: How to get rid of some algebraic properties. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 294–307. Springer, Heidelberg (2005)
Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security (to appear)
Delaune, S., Jacquemard, F.: A decision procedure for the verification of security protocols with explicit destructors. In: Proceedings of CCS 2004, pp. 278–287. ACM Press, New York (2004)
Dolev, D., Yao, A.: On the Security of Public-Key Protocols. IEEE Transactions on Information Theory 2(29) (1983)
Durgin, N., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: Undecidability of Bounded Security Protocols. In: Proceedings of the FLOC 1999 Workshop on Formal Methods and Security Protocols, FMSP 1999 (1999)
IETF: The Internet Engineering Task Force, http://www.ietf.org
Jouannaud, J.-P., Kirchner, H.: Completion of a set of rules modulo a set of equations. SIAM Journal of Computing 15(4), 1155–1194 (1986)
Kapur, D., Narendran, P., Wang, L.: An E-unification algorithm for analyzing protocols that use modular exponentiation. In: Nieuwenhuis, R. (ed.) RTA 2003. LNCS, vol. 2706, pp. 165–179. Springer, Heidelberg (2003)
Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for AC-like equational theories with homomorphisms. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 308–322. Springer, Heidelberg (2005)
Lowe, G.: Casper: a Compiler for the Analysis of Security Protocols. Journal of Computer Security 6(1), 53–84 (1998)
Meseguer, J., Thati, P.: Symbolic reachability analysis using narrowing and its application to verification of cryptographic protocols. Journal of Higher-Order and Symbolic Computation (to appear)
Millen, J.K., Shmatikov, V.: Symbolic protocol analysis with products and Diffie-Hellman exponentiation. In: Proceedings of CSFW 2003, pp. 47–61. IEEE Computer Society Press, Los Alamitos (2003)
Siekmann, J., Szabó, P.: The undecidability of the D A unification problem. Journal of Symbolic Computation 54(2), 402–414 (1989)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Basin, D., Mödersheim, S., Viganò, L. (2005). Algebraic Intruder Deductions. In: Sutcliffe, G., Voronkov, A. (eds) Logic for Programming, Artificial Intelligence, and Reasoning. LPAR 2005. Lecture Notes in Computer Science(), vol 3835. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11591191_38
Download citation
DOI: https://doi.org/10.1007/11591191_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-30553-8
Online ISBN: 978-3-540-31650-3
eBook Packages: Computer ScienceComputer Science (R0)