YAPA: A Generic Tool for Computing Intruder Knowledge

Reasoning about the knowledge of an attacker is a necessary step in many formal analyses of security protocols. In the framework of the applied pi calculus, as in similar languages based on equational logics, knowledge is typically expressed by two relations: deducibility and static equivalence. Several decision procedures have been proposed for these relations under a variety of equational theories. However, each theory has its particular algorithm, and none has been implemented so far. We provide a generic procedure for deducibility and static equivalence that takes as input any convergent rewrite system. We show that our algorithm covers all the existing decision procedures for convergent theories. We also provide an efficient implementation, and compare it briefly with the more general tool ProVerif.

[1]  Mathieu Baudet,et al.  Sécurité des protocoles cryptographiques : aspects logiques et calculatoires. (Security of cryptographic protocols : logical and computational aspects) , 2007 .

[2]  Véronique Cortier,et al.  A survey of algebraic properties used in cryptographic protocols , 2006, J. Comput. Secur..

[3]  Martín Abadi,et al.  Guessing attacks and the computational soundness of static equivalence , 2010, J. Comput. Secur..

[4]  Martín Abadi,et al.  Deciding knowledge in security protocols under equational theories , 2006, Theor. Comput. Sci..

[5]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[6]  Mathieu Baudet,et al.  Deciding security of protocols against off-line guessing attacks , 2005, CCS '05.

[7]  Michaël Rusinowitch,et al.  Intruders with Caps , 2007, RTA.

[8]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.

[9]  Véronique Cortier,et al.  Computationally Sound Implementations of Equational Theories Against Passive Adversaries , 2005, ICALP.

[10]  Stéphanie Delaune,et al.  A decision procedure for the verification of security protocols with explicit destructors , 2004, CCS '04.

[11]  Martín Abadi,et al.  Guessing attacks and the computational soundness of static equivalence , 2006, J. Comput. Secur..

[12]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[13]  Mark Ryan,et al.  Verifying privacy-type properties of electronic voting protocols , 2009, J. Comput. Secur..

[14]  Sandro Etalle,et al.  Analysing Password Protocol Security Against Off-line Dictionary Attacks , 2003, WISP@ICATPN.

[15]  Yannick Chevalier,et al.  An NP decision procedure for protocol insecurity with XOR , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[16]  Vitaly Shmatikov,et al.  Intruder deductions, constraint solving and insecurity decision in presence of exclusive or , 2003, 18th Annual IEEE Symposium of Logic in Computer Science, 2003. Proceedings..

[17]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[18]  Véronique Cortier,et al.  Deciding Knowledge in Security Protocols for Monoidal Equational Theories , 2007, LPAR.

[19]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2008, J. Log. Algebraic Methods Program..