Intruder Deduction for AC-Like Equational Theories with Homomorphisms
Cryptographic protocols are small programs which involve a high level of concurrency and which are difficult to analyze by hand. The most successful methods to verify such protocols rely on rewriting techniques and automated deduction in order to implement or mimic the process calculus describing the protocol execution.
We focus on the intruder deduction problem, that is the vulnerability to passive attacks, in presence of several variants of AC-like axioms (from AC to Abelian groups, including the theory of exclusive or) and homomorphism which are the most frequent axioms arising in cryptographic protocols. Solutions are known for the cases of exclusive or, of Abelian groups, and of homomorphism alone. In this paper we address the combination of these AC-like theories with the law of homomorphism which leads to much more complex decision problems.
We prove decidability of the intruder deduction problem in all cases considered. Our decision procedure is in EXPTIME, except for a restricted case in which we have been able to get a PTIME decision procedure using a property of one-counter and pushdown automata.
Unable to display preview. Download preview PDF.
- 3.Baader, F., Nipkow, T.: Term Rewriting and All That. Cambridge University Press, Cambridge (1998)Google Scholar
- 5.Clark, J., Jacob, J.: A survey of authentication protocol literature (1997), http://www.cs.york.ac.uk/~jac/papers/drareviewps.ps
- 6.Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: Proc. of 18th Annual IEEE Symposium on Logic in Computer Science (LICS 2003), Ottawa, Canada, pp. 271–280. IEEE Comp. Soc. Press, Los Alamitos (2003)CrossRefGoogle Scholar
- 8.Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. Research Report LSV-04-15, LSV, ENS de Cachan (September 2004), Available at http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/rapports-year-2004-list.php
- 9.Dershowitz, N., Jouannaud, J.-P.: Rewrite systems. In: van Leeuwen, J. (ed.) Handbook of Theoretical Computer Science. Formal Models and Semantics, vol. B, ch. 6, pp. 243–320. Elsevier Science Publishers and The MIT Press (1990)Google Scholar
- 10.Dolev, D., Yao, A.: On the security of public-key protocols. In: Transactions on Information Theory, vol. 29, pp. 198–208. IEEE Comp. Soc. Press, Los Alamitos (1983)Google Scholar
- 11.Jacquemard, F.: Security protocols open repository, Available at http://www.lsv.ens-cachan.fr/spore/index.html
- 13.Lafourcade, P., Lugiez, D., Treinen, R.: Intruder deduction for ac-like equational theories with homomorphisms. Research Report LSV-04-16, LSV, ENS de Cachan (November 2004), Available at http://www.lsv.ens-cachan.fr/Publis/RAPPORTS_LSV/rapports-year-2004-list.php
- 16.Narendran, P.: Solving linear equations over polynomial semirings. In: Proc. of 11th Annual Symposium on Logic in Computer Science (LICS), July 1996, pp. 466–472 (1996)Google Scholar
- 19.Turuani, M.: Personal communication (2003)Google Scholar