Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
153 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Solving the insecurity problem for assertions (2308.13773v2)

Published 26 Aug 2023 in cs.LO and cs.CR

Abstract: In the symbolic verification of cryptographic protocols, a central problem is deciding whether a protocol admits an execution which leaks a designated secret to the malicious intruder. Rusinowitch & Turuani (2003) show that, when considering finitely many sessions, this ``insecurity problem'' is NP-complete. Central to their proof strategy is the observation that any execution of a protocol can be simulated by one where the intruder only communicates terms of bounded size. However, when we consider models where, in addition to terms, one can also communicate logical statements about terms, the analysis of the insecurity problem becomes tricky when both these inference systems are considered together. In this paper we consider the insecurity problem for protocols with logical statements that include {\em equality on terms} and {\em existential quantification}. Witnesses for existential quantifiers may be unbounded, and obtaining small witness terms while maintaining equality proofs complicates the analysis considerably. We extend techniques from Rusinowitch & Turuani (2003) to show that this problem is also in NP.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (38)
  1. The applied pi calculus: mobile values, new names, and secure communication. Journal of the ACM, 65(1):1:1–1:41, 2017.
  2. Deciding knowledge in security protocols under equational theories. Theoretical Computer Science, 367(1–2):2–32, 2006.
  3. Ben Adida. Helios: web-based open-audit voting. In 17th Conference on Security Symposium, pages 335–348, 2008.
  4. On the symbolic reduction of processes with cryptographic functions. Theoretical Computer Science, 290(1):695–740, 2003.
  5. Stateful applied pi calculus: observational equivalence and labelled bisimilarity. Journal of Logical and Algebraic Methods in Programming, 89:95–149, 2017.
  6. Automated verification of remote electronic voting protocols in the applied pi-calculus. In 21st IEEE Computer Security Foundations Symposium, pages 195–209, 2008.
  7. Zero-knowledge in the applied pi-calculus and automated verification of the Direct Anonymous Attestation protocol. In 29th IEEE Symposium on Security and Privacy, pages 202–215, 2008.
  8. A dexptime-complete Dolev-Yao theory with distributive encryption. In 35th International Symposium on Mathematical Foundations of Computer Science, volume 6281 of Lecture Notes in Computer Science, pages 102–113, 2010.
  9. Mathieu Baudet. Deciding security of protocols against off-line guessing attacks. In 12th ACM Conference on Computer and Communications Security, pages 16–25, 2005.
  10. Bruno Blanchet. An efficient cryptographic protocol verifier based on Prolog rules. In 14th IEEE Computer Security Foundations Workshop, pages 82–96, 2001.
  11. Bruno Blanchet. Modeling and verifying security protocols with the applied pi calculus and ProVerif. Foundations and Trends in Privacy and Security, 1(1):1–135, 2016.
  12. Verification of cryptographic protocols: tagging enforces termination. Theoretical Computer Science, 333(1–2):67–90, 2005.
  13. The DEEPSEC prover. In Computer Aided Verification, volume 10982 of Lecture Notes in Computer Science, pages 28–36, 2018.
  14. The hitchhiker’s guide to decidability and complexity of equivalence properties in security protocols. In Logic, Language, and Security: Essays Dedicated to Andre Scedrov on the Occasion of his 65th Birthday, volume 12300 of Lecture Notes in Computer Science, pages 127–145, 2020.
  15. An NP decision procedure for protocol insecurity with XOR. Theoretical Computer Science, 338(1–3):247–274, 2005.
  16. Intruder deductions, constraint solving and insecurity decisions in presence of exclusive or. In 18th IEEE Symposium on Logic in Computer Science, pages 271–280, 2003.
  17. A survey of algebraic properties used in cryptographic protocols. Journal of Computer Security, 14(1):1–43, 2006.
  18. A decidable class of security protocols for both reachability and equivalence properties. Journal of Automated Reasoning, 65(4):479–520, 2021.
  19. Formal models and techniques for analyzing security protocols: a tutorial. Foundations and Trends in Programming Languages, 1(3):151–267, 2014.
  20. A resolution strategy for verifying cryptographic protocols with CBC encryption and blind signatures. In 7th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming, pages 12–22, 2005.
  21. Cas J. F. Cremers. The Scyther tool: verification, falsification, and analysis of security protocols. In 20th International Conference on Computer Aided Verification, volume 5123 of Lecture Notes in Computer Science, pages 414–418, 2008.
  22. On the security of public-key protocols. IEEE Transactions on Information Theory, 29(2):198–208, 1983.
  23. Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security, 12(2):247–311, 2004.
  24. A practical secret voting scheme for large scale elections. In Advances in Cryptology – AUSCRYPT, volume 718 of Lecture Notes in Computer Science, pages 244–251, 1992.
  25. Privacy as reachability. In 35th IEEE Computer Security Foundations Symposium, pages 130–146, 2022.
  26. Efficient non-interactive proof systems for bilinear groups. In Advances in Cryptology – EUROCRYPT, volume 4965 of Lecture Notes in Computer Science, pages 415–432, 2008.
  27. A model for secure protocols and their compositions. IEEE Transactions on Software Engineering, 22(1):16–30, 1996.
  28. Automated analysis of security protocols with global state. Journal of Computer Security, 24(5):583–616, 2016.
  29. Analysis of an electronic voting protocol in the applied pi calculus. In Programming Languages and Systems – ESOP 2005, volume 3444 of Lecture Notes in Computer Science, pages 186–200, 2005.
  30. Intruder deduction for the equational theory of abelian groups with distributive encryption. Information and Computation, 205(4):581–623, 2007.
  31. Security and privacy by declarative design. In 26th IEEE Computer Security Foundations Symposium, pages 81–96, 2003.
  32. David A. McAllester. Automatic recognition of tractability in inference relations. Journal of the ACM, 40(2):284–303, 1993.
  33. The TAMARIN prover for the symbolic analysis of security protocols. In 25th International Conference on Computer Aided Verification, volume 8044 of Lecture Notes in Computer Science, pages 696–701, 2013.
  34. Constraint solving for bounded-process cryptographic protocol analysis. In 8th ACM Conference on Computer and Communications Security, pages 166–175, 2001.
  35. Existential assertions for voting protocols. In Financial Cryptography and Data Security, volume 10323 of Lecture Notes in Computer Science, pages 337–352, 2017.
  36. R. Ramanujam and S. P. Suresh. Decidability of context-explicit security protocols. Journal of Computer Security, 13(1):135–165, 2005.
  37. R. Ramanujam and S. P. Suresh. A (restricted) quantifier elimination for security protocols. Theoretical Computer Science, 367(1–2):228–256, 2006.
  38. Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theoretical Computer Science, 299(1–3):451–475, 2003.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now