Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
نویسندگان
چکیده
We present decidability results for the verification of cryptographic protocols in the presence of equational theories corresponding to xor and Abelian groups. Since the perfect cryptography assumption is unrealistic for cryptographic primitives with visible algebraic properties such as xor, we extend the conventional Dolev-Yao model by permitting the intruder to exploit these properties. We show that the ground reachability problem in NP for the extended intruder theories in the cases of xor and Abelian groups. This result follows from a normal proof theorem. Then, we show how to lift this result in the xor case: we consider a symbolic constraint system expressing the reachability (e.g., secrecy) problem for a finite number of sessions. We prove that such constraint system is decidable, relying in particular on an extension of combination algorithms for unification procedures. As a corollary, this enables automatic symbolic verification of cryptographic protocols employing xor for a fixed number of sessions.
منابع مشابه
An NP Decision Procedure for Protocol Insecurity with XOR
We provide a method for deciding the insecurity of cryptographic protocols in presence of the standard Dolev-Yao intruder (with a finite number of sessions) extended with so-called oracle rules, i.e., deduction rules that satisfy certain conditions. As an instance of this general framework, we obtain that protocol insecurity is in NP for an intruder that can exploit the properties of the exclus...
متن کاملA Decision Procedure for Solving Constraint Systems in Presence of Multiple Independent Intruders
We consider a model of multiple independent intruders that have no ability to share knowledge between each other. We use this model to analyze security in wireless ad-hoc networks, where each intruder has a local control in the network, i.e., he can read and send messages only to his direct neighbors. Another application is the mobile ambient calculus where several intruder processes are not ab...
متن کاملH . Comon − Lundh and V . Shmatikov Constraint solving
We present decidability results for the verification ofcryptographic protocols in the presence of equational the-ories corresponding to xor and Abelian groups. Since theperfect cryptography assumption is unrealistic for crypto-graphic primitives with visible algebraic properties such asxor, we extend the conventional Dolev-Yao model by per-mitting the intruder to exploit...
متن کاملA Symbolic Intruder Model for Hash-Collision Attacks
In the recent years, several practical methods have been published to compute collisions on some commonly used hash functions. Starting from two messages m1 and m2 these methods permit to compute m1 and m ′ 2 similar to the former such that they have the same image for a given hash function. In this paper we present a method to take into account, at the symbolic level, that an intruder actively...
متن کاملIntruder Deduction for the Equational Theory of Exclusive-or with Distributive Encryption *
Cryptographic protocols are small programs which involve a high level of concurrency and which are difficult to analyze by hand. The most successful methods to verify such protocols are based on rewriting techniques and automated deduction in order to implement or mimic the process calculus describing the execution of a protocol. We are interested in the intruder deduction problem, that is the ...
متن کامل