3,248 research outputs found
A Symbolic Intruder Model for Hash-Collision Attacks
In the recent years, several practical methods have been published to compute
collisions on some commonly used hash functions. In this paper we present a
method to take into account, at the symbolic level, that an intruder actively
attacking a protocol execution may use these collision algorithms in reasonable
time during the attack. Our decision procedure relies on the reduction of
constraint solving for an intruder exploiting the collision properties of hush
functions to constraint solving for an intruder operating on words
The Algebraic Intersection Type Unification Problem
The algebraic intersection type unification problem is an important component
in proof search related to several natural decision problems in intersection
type systems. It is unknown and remains open whether the algebraic intersection
type unification problem is decidable. We give the first nontrivial lower bound
for the problem by showing (our main result) that it is exponential time hard.
Furthermore, we show that this holds even under rank 1 solutions (substitutions
whose codomains are restricted to contain rank 1 types). In addition, we
provide a fixed-parameter intractability result for intersection type matching
(one-sided unification), which is known to be NP-complete.
We place the algebraic intersection type unification problem in the context
of unification theory. The equational theory of intersection types can be
presented as an algebraic theory with an ACI (associative, commutative, and
idempotent) operator (intersection type) combined with distributivity
properties with respect to a second operator (function type). Although the
problem is algebraically natural and interesting, it appears to occupy a
hitherto unstudied place in the theory of unification, and our investigation of
the problem suggests that new methods are required to understand the problem.
Thus, for the lower bound proof, we were not able to reduce from known results
in ACI-unification theory and use game-theoretic methods for two-player tiling
games
Implementing a Unification Algorithm for Protocol Analysis with XOR
In this paper, we propose a unification algorithm for the theory which
combines unification algorithms for E\_{\std} and E\_{\ACUN} (ACUN
properties, like XOR) but compared to the more general combination methods uses
specific properties of the equational theories for further optimizations. Our
optimizations drastically reduce the number of non-deterministic choices, in
particular those for variable identification and linear orderings. This is
important for reducing both the runtime of the unification algorithm and the
number of unifiers in the complete set of unifiers. We emphasize that obtaining
a ``small'' set of unifiers is essential for the efficiency of the constraint
solving procedure within which the unification algorithm is used. The method is
implemented in the CL-Atse tool for security protocol analysis
Compiling and securing cryptographic protocols
Protocol narrations are widely used in security as semi-formal notations to
specify conversations between roles. We define a translation from a protocol
narration to the sequences of operations to be performed by each role. Unlike
previous works, we reduce this compilation process to well-known decision
problems in formal protocol analysis. This allows one to define a natural
notion of prudent translation and to reuse many known results from the
literature in order to cover more crypto-primitives. In particular this work is
the first one to show how to compile protocols parameterised by the properties
of the available operations.Comment: A short version was submitted to IP
Nominal C-Unification
Nominal unification is an extension of first-order unification that takes
into account the \alpha-equivalence relation generated by binding operators,
following the nominal approach. We propose a sound and complete procedure for
nominal unification with commutative operators, or nominal C-unification for
short, which has been formalised in Coq. The procedure transforms nominal
C-unification problems into simpler (finite families) of fixpoint problems,
whose solutions can be generated by algebraic techniques on combinatorics of
permutations.Comment: Pre-proceedings paper presented at the 27th International Symposium
on Logic-Based Program Synthesis and Transformation (LOPSTR 2017), Namur,
Belgium, 10-12 October 2017 (arXiv:1708.07854
E-Generalization Using Grammars
We extend the notion of anti-unification to cover equational theories and
present a method based on regular tree grammars to compute a finite
representation of E-generalization sets. We present a framework to combine
Inductive Logic Programming and E-generalization that includes an extension of
Plotkin's lgg theorem to the equational case. We demonstrate the potential
power of E-generalization by three example applications: computation of
suggestions for auxiliary lemmas in equational inductive proofs, computation of
construction laws for given term sequences, and learning of screen editor
command sequences.Comment: 49 pages, 16 figures, author address given in header is meanwhile
outdated, full version of an article in the "Artificial Intelligence
Journal", appeared as technical report in 2003. An open-source C
implementation and some examples are found at the Ancillary file
Interpolation in local theory extensions
In this paper we study interpolation in local extensions of a base theory. We
identify situations in which it is possible to obtain interpolants in a
hierarchical manner, by using a prover and a procedure for generating
interpolants in the base theory as black-boxes. We present several examples of
theory extensions in which interpolants can be computed this way, and discuss
applications in verification, knowledge representation, and modular reasoning
in combinations of local theories.Comment: 31 pages, 1 figur
Lengths May Break Privacy â Or How to Check for Equivalences with Length
Security protocols have been successfully analyzed using symbolic models, where messages are represented by terms and protocols by processes. Privacy properties like anonymity or untraceability are typically expressed as equivalence between processes. While some decision procedures have been proposed for automatically deciding process equivalence, all existing approaches abstract away the information an attacker may get when observing the length of messages.
In this paper, we study process equivalence with length tests. We first show that, in the static case, almost all existing decidability results (for static equivalence) can be extended to cope with length tests.
In the active case, we prove decidability of trace equivalence with length tests, for a bounded number of sessions and for standard primitives. Our result relies on a previous decidability result from Cheval et al (without length tests). Our procedure has been implemented and we have discovered a new flaw against privacy in the biometric passport protocol
- âŠ