Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents

We present an NP decision procedure for the formal analysis of protocols in presence of modular exponentiation with products allowed in exponents. The number of factors that may appear in the products is unlimited. We illustrate that our model is powerful enough to uncover known attacks on the A-GDH.2 protocol suite.

[1]  Vitaly Shmatikov,et al.  Intruder deductions, constraint solving and insecurity decision in presence of exclusive or , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[2]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[3]  Alan Robinson,et al.  Handbook of automated reasoning , 2001 .

[4]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[5]  Roberto M. Amadio,et al.  On the symbolic reduction of processes with cryptographic functions , 2001, LACPV@CAV.

[6]  Michele Boreale,et al.  Symbolic Trace Analysis of Cryptographic Protocols , 2001, ICALP.

[7]  M. Buscemi,et al.  On the Symbolic Analysis of Low-Level Cryptographic Primitives: Modular Exponentiation and the Diffie-Hellman Protocol , 2003 .

[8]  Yannick Chevalier,et al.  An NP decision procedure for protocol insecurity with XOR , 2005, Theor. Comput. Sci..

[9]  Jean-Jacques Quisquater,et al.  A security analysis of the cliques protocols suites , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[10]  Michael J. Maher,et al.  Solving Numerical Constraints , 2001, Handbook of Automated Reasoning.

[11]  Vitaly Shmatikov,et al.  Symbolic protocol analysis with products and Diffie-Hellman exponentiation , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..