Combining Intruder Theories
نویسندگان
چکیده
Most of the decision procedures for symbolic analysis of protocols are limited to a fixed set of algebraic operators associated with a fixed intruder theory. Examples of such sets of operators comprise XOR, multiplication/exponentiation, abstract encryption/decryption. In this report we give an algorithm for combining decision procedures for arbitrary intruder theories with disjoint sets of operators, provided that solvability of ordered intruder constraints, a slight generalization of intruder constraints, can be decided in each theory. This is the case for most of the intruder theories for which a decision procedure has been given. In particular our result allows us to decide trace-based security properties of protocols that employ any combination of the above mentionned operators with a bounded number of sessions. Key-words: Cryptographic protocols, combination of decision procedures, equational theories ∗ supported by AVISPA IST-2001-39252, ACI-SI SATIN, ACI-Jeunes Chercheurs Crypto † IRIT, Team LiLac, Université Paul Sabatier, France. email: [email protected] ‡ LORIA-INRIA-Lorraine, France. email: [email protected] Combinaison de théories d’intrus Résumé : La plupart des procédures de décision pour l’analyse symbolique de protocoles cryptographiques s’appliquent à un ensemble fixé d’opérateurs algébriques liés à une théorie équationnelle fixée. C’est le cas par exemple du OU-exclusif, du couple multiplication/exponentiation, des opérateurs de chiffrement/déchiffrement abstraits. Dans ce rapport nous donnons un algorithme permettant de combiner des procédures de décision pour des systèmes d’intrus et des théories équationnelles arbitraires tant que leurs d’opérateurs sont disjoints et que la satisfaisabilité de contraintes d’intrus étendues par des contraintes d’ordre est décidable dans chaque sous-théorie. C’est le cas pour la plupart des systèmes d’intrus qui ont été étudiés. En particulier notre résultat permet de décider les propriétés de secret et d’authentification des protocoles qui combinent toutes les opérations mentionnées ci-dessus pour un nombre borné de sessions. Mots-clés : Protocoles cryptographiques, combinaison de procédures de décision, théories équationnelles Combining Intruder Theories 3
منابع مشابه
Elementary Deduction Problem for Locally Stable Theories with Normal Forms
We present an algorithm to decide the intruder deduction problem (IDP) for a class of locally stable theories enriched with normal forms. Our result relies on a new and efficient algorithm to solve a restricted case of higher-order associative-commutative matching, obtained by combining the Distinct Occurrences of AC-matching algorithm and a standard algorithm to solve systems of linear Diophan...
متن کاملHierarchical Combination of Intruder Theories
Recently automated deduction tools have proved to be very effective for detecting attacks on cryptographic protocols. These analysis can be improved, for finding more subtle weaknesses, by a more accurate modelling of operators employed by protocols. Several works have shown how to handle a single algebraic operator (associated with a fixed intruder theory) or how to combine several operators s...
متن کاملA Proof Theoretic Analysis of Intruder Theories
We consider the decidability problem of intruder deduction in security protocol analysis, that is, deciding whether a given message M can be deduced from a set of messages Σ, under the class of convergent equational theories, modulo associativity and commutativity (AC) of certain binary operators. The traditional formulations of intruder deduction are usually given in natural-deduction-like sys...
متن کاملRelation between Unification Problem and Intruder Deduction Problem
Intruder deduction problem constitutes the first step in cryptographic protocols verification for a passive intruder. In the case of an active intruder, we know that undecidability of the unification problem implies undecidability of the secrecy problem. In this paper, we analyze the link between the unification problem and the intruder deduction problem. Through examples using equational theor...
متن کاملA Isabelle definitions and theorems
This document describes proofs in Isabelle of some results relevant to the paper A Proof Theoretic Analysis of Intruder Theories. It contains proofs formulated for the system for Dolev-Yao intruders considered in Section 6, although the proofs include cut-admissibility and the existence of normal derivations, which are given in the paper for more complex theories, in Sections 3 and 4. The proof...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2005