Interpretation Functions-Based Method to Verify Secrecy under Equational Theories
نویسندگان
چکیده
This paper gives a novel approach to verify the secrecy property of cryptographic protocols under equational theories. Indeed, by using the notion of interpretation functions, this paper presents some sufficient and practical conditions allowing to guarantee the secrecy property of cryptographic protocols under any equational theory. An interpretation function is a safe means by which an agent can estimate the security level of message components that he receives so that he can handle them correctly. Also, this paper gives a guideline on how to construct an interpretation together with an example and how to use it to analyse a cryptographic protocol. Key–Words: Secure Communications, Cryptographic protocols, Security analysis, Secrecy property.
منابع مشابه
Automatic verification of epistemic specifications under convergent equational theories
We present a methodology for the automatic verification of multi-agent systems against temporal-epistemic specifications derived from higher-level languages defined over convergent equational theories. We introduce a modality called rewriting knowledge that operates on local equalities. We discuss the conditions under which its interpretation can be approximated by a second modality that we int...
متن کاملAlternation in Equational Tree Automata Modulo XOR
Equational tree automata accept terms modulo equational theories, and have been used to model algebraic properties of cryptographic primitives in security protocols. A serious limitation is posed by the fact that alternation leads to undecidability in case of theories like ACU and that of Abelian groups, whereas for other theories like XOR, the decidability question has remained open. In this p...
متن کاملStatic Equivalence is Harder than Knowledge
There are two main ways of defining secrecy of cryptographic protocols. The first version checks if the adversary can learn the value of a secret parameter. In the second version, one checks if the adversary can notice any difference between protocol runs with different values of the secret parameter. We give a new proof that when considering more complex equational theories than partially inve...
متن کاملPattern - based Abstraction for Verifying Secrecy in Protocols 1
We present a method based on abstract interpretation for verifying secrecy properties of cryptographic protocols. Our method allows to verify secrecy properties in a general model allowing an unbounded number of sessions, an unbounded number of principals and an unbounded size of messages. As abstract domain we use sets of so-called super terms. Super terms are obtained by allowing an interpret...
متن کاملDeciding Knowledge in Security Protocols Under Equational Theories
The analysis of security protocols requires precise formulations of the knowledge of protocol participants and attackers. In formal approaches, this knowledge is often treated in terms of message deducibility and indistinguishability relations. In this paper we study the decidability of these two relations. The messages in question may employ functions (encryption, decryption, etc.) axiomatized...
متن کامل