10 research outputs found
A Symbolic Intruder Model for Hash-Collision Attacks
In the recent years, several practical methods have been published to compute
collisions on some commonly used hash functions. In this paper we present a
method to take into account, at the symbolic level, that an intruder actively
attacking a protocol execution may use these collision algorithms in reasonable
time during the attack. Our decision procedure relies on the reduction of
constraint solving for an intruder exploiting the collision properties of hush
functions to constraint solving for an intruder operating on words
Key Substitution in the Symbolic Analysis of Cryptographic Protocols (extended version)
Key substitution vulnerable signature schemes are signature schemes that
permit an intruder, given a public verification key and a signed message, to
compute a pair of signature and verification keys such that the message appears
to be signed with the new signature key. A digital signature scheme is said to
be vulnerable to destructive exclusive ownership property (DEO) If it is
computationaly feasible for an intruder, given a public verification key and a
pair of message and its valid signature relatively to the given public key, to
compute a pair of signature and verification keys and a new message such that
the given signature appears to be valid for the new message relatively to the
new verification key. In this paper, we prove decidability of the insecurity
problem of cryptographic protocols where the signature schemes employed in the
concrete realisation have this two properties
Automated Synthesis of a Finite Complexity Ordering for Saturation
We present in this paper a new procedure to saturate a set of clauses with
respect to a well-founded ordering on ground atoms such that A < B implies
Var(A) {\subseteq} Var(B) for every atoms A and B. This condition is satisfied
by any atom ordering compatible with a lexicographic, recursive, or multiset
path ordering on terms. Our saturation procedure is based on a priori ordered
resolution and its main novelty is the on-the-fly construction of a finite
complexity atom ordering. In contrast with the usual redundancy, we give a new
redundancy notion and we prove that during the saturation a non-redundant
inference by a priori ordered resolution is also an inference by a posteriori
ordered resolution. We also prove that if a set S of clauses is saturated with
respect to an atom ordering as described above then the problem of whether a
clause C is entailed from S is decidable
On the Decidability of (ground) Reachability Problems for Cryptographic Protocols (extended version)
Analysis of cryptographic protocols in a symbolic model is relative to a
deduction system that models the possible actions of an attacker regarding an
execution of this protocol. We present in this paper a transformation algorithm
for such deduction systems provided the equational theory has the finite
variant property. the termination of this transformation entails the
decidability of the ground reachability problems. We prove that it is necessary
to add one other condition to obtain the decidability of non-ground problems,
and provide one new such criterion