Normal Proofs in Intruder Theories
نویسندگان
چکیده
Given an arbitrary intruder deduction capability, modeled as an inference system S and a protocol, we show how to compute an inference system b S such that the security problem for an unbounded number of sessions is equivalent to the deducibility of some message in b S. Then, assuming that S has some subformula property, we lift such a property to b S, thanks to a proof normalisation theorem. In general, for an unbounded number of sessions, this provides with a complete deduction strategy. In case of a bounded number of sessions, our theorem implies that the security problem is co-NP-complete. As an instance of our result we get a decision algorithm for the theory of blind-signatures, which, to our knowledge, was not known before.
منابع مشابه
A Isabelle definitions and theorems
This document describes proofs in Isabelle of some results relevant to the paper A Proof Theoretic Analysis of Intruder Theories. It contains proofs formulated for the system for Dolev-Yao intruders considered in Section 6, although the proofs include cut-admissibility and the existence of normal derivations, which are given in the paper for more complex theories, in Sections 3 and 4. The proof...
متن کاملIntruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
We present decidability results for the verification of cryptographic protocols in the presence of equational theories corresponding to xor and Abelian groups. Since the perfect cryptography assumption is unrealistic for cryptographic primitives with visible algebraic properties such as xor, we extend the conventional Dolev-Yao model by permitting the intruder to exploit these properties. We sh...
متن کاملElementary Deduction Problem for Locally Stable Theories with Normal Forms
We present an algorithm to decide the intruder deduction problem (IDP) for a class of locally stable theories enriched with normal forms. Our result relies on a new and efficient algorithm to solve a restricted case of higher-order associative-commutative matching, obtained by combining the Distinct Occurrences of AC-matching algorithm and a standard algorithm to solve systems of linear Diophan...
متن کاملHierarchical Combination of Intruder Theories
Recently automated deduction tools have proved to be very effective for detecting attacks on cryptographic protocols. These analysis can be improved, for finding more subtle weaknesses, by a more accurate modelling of operators employed by protocols. Several works have shown how to handle a single algebraic operator (associated with a fixed intruder theory) or how to combine several operators s...
متن کاملA Proof Theoretic Analysis of Intruder Theories
We consider the decidability problem of intruder deduction in security protocol analysis, that is, deciding whether a given message M can be deduced from a set of messages Σ, under the class of convergent equational theories, modulo associativity and commutativity (AC) of certain binary operators. The traditional formulations of intruder deduction are usually given in natural-deduction-like sys...
متن کامل