Abstraction and resolution modulo AC: How to verify Diffie-Hellman-like protocols automatically

Journal of Logic and Algebraic Programming

Volumn 64, Issue 2, 2005, Pages 219-251

  Goubault Larrecq, Jean ^a   Roger, Muriel ^b   Verma, Kumar Neeraj ^c  

^a UNIVERSITÉ PARIS SACLAY   (France)

^b CEA LIST   (France)

^c TECHNICAL UNIVERSITY OF MUNICH   (Germany)

Author keywords

Abstract interpretation; Abstraction; Associativity; Clause; Commutativity; Completeness; Cryptographic protocols; Diffie Hellman; Key exchange; Resolution; Verification

Indexed keywords

ABSTRACTING; ALGORITHMS; COMPUTATIONAL METHODS; COMPUTER PROGRAMMING; MATHEMATICAL MODELS; OPTIMIZATION;

ABSTRACTION; ABSTRACTION INTERPRETATION; ASSOCIATIVITY; CLAUSE; COMMUTATIVITY; COMPLETENESS; CRYPTOGRAPHIC PROTOCOLS; DIFFIE-HELLMAN; KEY EXCHANGE; VERIFICATION;

CRYPTOGRAPHY;

EID: 20144373910     PISSN: 15678326     EISSN: None     Source Type: Journal    
DOI: 10.1016/j.jlap.2004.09.004     Document Type: Article

References (48)

1. R. Amadio, and W. Charatonik On name generation and set-based analysis in the Dolev-Yao model 13th International Conference on Concurrency Theory (CONCUR) LNCS 2421 2002 Springer-Verlag 499 514
2. L. Bachmair, and H. Ganzinger Resolution theorem proving J.A. Robinson A. Voronkov Handbook of Automated Reasoning 2001 North-Holland 19 99 (Chapter 2).
3. L. Bachmair, H. Ganzinger, and U. Waldmann Set constraints are the monadic class Proceedings Eighth Annual IEEE Symposium on Logic in Computer Science 1993 IEEE Computer Society Press 75 83
4. B. Blanchet An efficient cryptographic protocol verifier based on Prolog rules 14th IEEE Computer Security FoundationsWorkshop (CSFW-14) 2001 IEEE Computer Society Press 82 96
5. Y. Chevalier, R. Küsters, M. Rusinowitch, and M. Turuani Deciding the security of protocols with Diffie-Hellman exponentiation and products in exponents P. Pandya J. Radhakrishnan 23rd Intl. Conf. Foundations of Software Technology and Theoretical Computer Science (FST & TCS), Mumbai, India LNCS 2003. Springer-Verlag
6. Y. Chevalier, R. Küsters, M. Rusinowitch, and M. Turuani An NP decision procedure for protocol insecurity with XOR P. Kolaitis 18th Intl. Symp. Logic in Computer Science (LICS'03), Ottawa, Canada 2003. IEEE Computer Society Press
7. H. Comon, V. Cortier, and J. Mitchell Tree automata with one memory, set constraints and ping-pong protocols 28th International Conference on Automata, Languages and Programming (ICALP) LNCS 2076 2001 Springer-Verlag 682 693
8. H. Comon, M. Dauchet, R. Gilleron, F. Jacquemard, D. Lugiez, S. Tison, and M. Tommasi Tree automata techniques and applications 1997 http://www.grappa.univ-lille3.fr/tata
9. H. Comon, and V. Shmatikov Is it possible to decide whether a cryptographic protocol is secure or not? J. Goubault-Larrecq Journal of Telecommunications and Information Technology Special Issue on Models and Methods for Cryptographic Protocol Verification vol. 4 2002 Instytut Ła̧ csności (Institute of Telecommunications) Warsaw, Poland 3 13
10. H. Comon-Lundh, V. Cortier, Security properties: Two agents are sufficient, Research Report LSV-02-10, LSV, ENS Cachan, 2002, 26 p.
11. H. Comon-Lundh, and V. Cortier New decidability results for fragments of first-order logic and application to cryptographic protocols R. Nieuwenhuis 14th Intl. Conf. Rewriting Techniques and Applications (RTA), Valencia, Spain LNCS 2706 2003 Springer-Verlag 148 164
12. H. Comon-Lundh, and V. Shmatikov Intruder deductions, constraint solving and insecurity decision in presence of exclusive or P. Kolaitis 18th Intl. Symp. Logic in Computer Science (LICS'03), Ottawa, Canada 2003 IEEE Computer Society Press 271 280
13. P. Cousot, and R. Cousot Abstract interpretation and application to logic programs Journal of Logic Programming 13 2-3 1992 103 179 Correctversionat http://www.dmi.ens.fr/~cousot/COUSOTpapers/JLP92.shtml.
14. W. Diffie, and M. Hellman New directions in cryptography IEEE Trans. Inform. Theory, IT 22 6 1976 644 654
15. D. Dolev, and A.C. Yao On the security of public key protocols IEEE Trans. Inform. Theory, IT 29 2 1983 198 208
16. F. Fagès Associative-commutative unification R.E. Shostak 7th Int. Conf. on Automated Deduction (CADE), Napa Valley, California, US LNCS 170 1984 Springer-Verlag 194 208
17. C. Fermüller, A. Leitsch, U. Hustadt, and T. Tammet Resolution decision procedures J.A. Robinson A. Voronkov Handbook of Automated Reasoning, vol. II 2001 North-Holland 1791 1849 (Chapter 25)
18. T. Frühwirth, E. Shapiro, M.Y. Vardi, and E. Yardeni Logic programs as types for logic programs 6th IEEE Intl. Symp. Logic in Computer Science (LICS'91) 1991 IEEE Computer Society Press 300 309
19. T. Genet, and F. Klay Rewriting for cryptographic protocol verification 17th Int. Conf. on Automated Deduction (CADE), Pittsburgh, PA LNAI 1831 2000 Springer-Verlag 271 290
20. S. Goldwasser, and M. Bellare Lecture notes on Cryptography 1999 http://www-cse.ucsd.edu/~mihir/papers/gb.ps.gz.
21. J. Goubault-Larrecq A method for automatic cryptographic protocol verification (extended abstract) Int. Workshop on Formal Methods in Parallel Programming, Theory and Applications (FMPPTA) LNCS 1800 2000 Springer-Verlag 977 984
22. J. Goubault-Larrecq Higher-order positive set constraints 16th Int. Workshop Computer Science Logic (CSL), Edinburgh, Scotland LNCS 2471 2002 Springer-Verlag 473 489
23. J. Goubault-Larrecq, Vérification de protocoles cryptographiques: la logique à la rescousse!, in: J. Goubault-Larrecq (Ed.), Actes du 1er workshop international sur la sécurité des communications sur Internet (SECI'02), INRIA, collection didactique, 2002, pp. 119-152.
24. J. Goubault-Larrecq, Résolution ordonnée avec sélection et classes décidables de la logique du premier ordre, Lecture notes for the course "dém onstration automatique et vérification de protocoles cryptographiques" (with Hubert Comon-Lundh), DEA "programmation", 2003, 70 p, Available from: http://www.lsv.ens-cachan.fr/~goubault/SOresol.ps.
25. J. Goubault-Larrecq, Une fois qu'on n'a pas trouvé de preuve, comment le faire comprendre à un assistant de preuve? in: V. Ménissier-Morain (Ed.), Actes des 12èmes Journées Francophones des Langages Applicatifs (JFLA'04), INRIA, collection didactique, 2004.
26. J. Goubault-Larrecq, K.N. Verma, Alternating two-way AC-tree automata, Research Report LSV-02-11, LSV, 2002, Available from: http://www.lsv.ens-cachan. fr/Publis/RAPPORTS_LSV/rr-lsv-2002-11.rr.ps.
27. W.H. Joyner Jr. Resolution strategies as decision procedures J. ACM 23 3 1976 398 417
28. D. Kapur, P. Narendran, and L. Wang An E-unification algorithm for analyzing protocols that use modular exponentiation R. Nieuwenhuis 14th Intl. Conf. Rewriting Techniques and Applications (RTA), Valencia, Spain LNCS 2706 2003 Springer-Verlag 165 179
29. G. Lowe An attack on the Needham-Schroeder public-key authentication protocol Inform. Process. Lett. 56 3 1996 131 133
30. C. Meadows The NRL protocol analyzer: An overview J. Logic Program. 26 2 1996 113 131
31. J. Millen, and G. Denker CAPSL and MuCAPSL J. Goubault-Larrecq Journal of Telecommunications and Information Technology Special Issue on Models and Methods for Cryptographic Protocol Verification 4 2002 Instytut Ła̧ csności (Institute of Telecommunications) Warsaw, Poland 499 514
32. D. Monniaux Abstracting cryptographic protocols with tree automata 6th International Static Analysis Symposium (SAS'99) LNCS 1694 1999 Springer-Verlag 149 163
33. R.M. Needham, and M.D. Schroeder Using encryption for authentication in large networks of computers Commun. ACM 21 12 1978 993 999
34. O. Pereira, J.-J. Quisquater, A security analysis of the cliques protocols suites, in: 14th IEEE Computer Security Foundations Workshop, 2001, pp. 73-81.
35. G. Plotkin Building in equational theories Mach. Intell. 7 1972 73 90
36. A. Riazanov, A. Voronkov, Vampire 1.1 (system description), in: R. Goré, A. Leitsch, T. Nipkow (Eds.), 1st Intl. Joint Conf. Automated Reasoning (IJCAR), Siena, Italy, LNAI, 2083, Springer-Verlag, 2001, pp. 376-380.
37. J.A. Robinson A. Voronkov Handbook of Automated Reasoning 2001 North-Holland
38. M. Roger, Raffinements de la résolution et vérification de protocoles cryptographiques, PhD thesis, ENS de Cachan, 2003.
39. H. Seidl Haskell overloading is DEXPTIME-complete Inform. Process. Lett. 52 2 1994 57 60
40. P. Selinger Models for an adversary-centric protocol logic J. Goubault-Larrecq 1st Workshop on Logical Aspects of Cryptographic Protocol Verification (LACPV) Electronic Notes in Theoretical Computer Science 55 1 2001 73 87
41. M. Steiner, G. Tsudik, and M. Waidner Key agreement in dynamic peer groups IEEE Trans. Parallel Distrib. Syst. 11 8 2000 769 780
42. M.E. Stickel A unification algorithm for associative-commutative functions J. ACM 28 1981 423 434
43. K.N. Verma, Automates d'arbres bidirectionnels modulo théories équationnelles, PhD thesis, École Normale Supérieure de Cachan, 2003.
44. K.N. Verma On closure under complementation of equational tree automata for theories extending AC 10th Intl. Conf. Logic for Programming, Artificial Intelligence, and Reasoning (LPAR), Almaty, Kazakhstan LNCS 2850 2003 Springer-Verlag 183 197
45. K.N. Verma Two-way equational tree automata for AC-like theories: Decidability and closure properties R. Nieuwenhuis 14th Intl. Conf. Rewriting Techniques and Applications (RTA), Valencia, Spain LNCS 2706 2003 Springer-Verlag 180 196
46. A. Voronkov Algorithms, datastructures, and other issues in efficient automated deduction R. Goré A. Leitsch T. Nipkow 1st Intl. Joint Conf. Automated Reasoning (IJCAR), Siena, Italy LNAI 2083 2001 Springer-Verlag 13 28
47. C. Weidenbach Towards an automatic analysis of security protocols H. Ganzin 16th Int. Conf. on Automated Deduction (CADE) LNAI 1632 1999 Springer-Verlag 378 382
48. C. Weidenbach Combining superposition, sorts and splitting J.A. Robinson A. Voronkov Handbook of Automated Reasoning, vol. II 2001 North-Holland 1965 2013 Chapter 27