Deciding security of protocols against off-line guessing attacks

We provide an effective procedure for deciding the existence of off-line guessing attacks on security protocols, for a bounded number of sessions.The procedure consists of a constraint solving algorithm for determining satisfiability and equivalence of a class of second-order E-unification problems, where the equational theory E is presented by a convergent subterm rewriting system.To the best of our knowledge, this is the first decidability result to use the generic definition of off-line guessing attacks due to Corin et al. based on static equivalence in the applied pi calculus.

[1]  Margus Veanes,et al.  On the Undecidability of Second-Order Unification , 2000, Inf. Comput..

[2]  Martín Abadi,et al.  Mobile values, new names, and secure communication , 2001, POPL '01.

[3]  Bruno Blanchet,et al.  Automatic proof of strong secrecy for security protocols , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[4]  Stéphanie Delaune,et al.  A decision procedure for the verification of security protocols with explicit destructors , 2004, CCS '04.

[5]  Jerome H. Saltzer,et al.  Protecting Poorly Chosen Secrets from Guessing Attacks , 1993, IEEE J. Sel. Areas Commun..

[6]  Martín Abadi,et al.  Deciding knowledge in security protocols under (many more) equational theories , 2005, 18th IEEE Computer Security Foundations Workshop (CSFW'05).

[7]  Yannick Chevalier,et al.  Deciding the Security of Protocols with Diffie-Hellman Exponentiation and Products in Exponents , 2003, FSTTCS.

[8]  Martín Abadi,et al.  Deciding knowledge in security protocols under equational theories , 2006, Theor. Comput. Sci..

[9]  Liang-sheng Lu,et al.  [Expression of fusion proteins in beta(2)GP I gene-transfected HEp-2 cells and its clinical application]. , 2002, Zhonghua yi xue za zhi.

[10]  Wayne Snyder,et al.  Higher-Order Unification Revisited: Complete Sets of Transformations , 1989, J. Symb. Comput..

[11]  Gavin Lowe Analysing Protocol Subject to Guessing Attacks , 2004, J. Comput. Secur..

[12]  Sandro Etalle,et al.  Guess what? Here is a new tool that finds some new guessing attacks (Extended Abstract) , 2003 .

[13]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.

[14]  Martín Abadi,et al.  Automated verification of selected equivalences for security protocols , 2005, 20th Annual IEEE Symposium on Logic in Computer Science (LICS' 05).

[15]  Sandro Etalle,et al.  Analysing Password Protocol Security Against Off-line Dictionary Attacks , 2003, WISP@ICATPN.

[16]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[17]  Claude Kirchner,et al.  Solving Equations in Abstract Algebras: A Rule-Based Survey of Unification , 1991, Computational Logic - Essays in Honor of Alan Robinson.

[18]  Vitaly Shmatikov,et al.  Symbolic protocol analysis with products and Diffie-Hellman exponentiation , 2003, 16th IEEE Computer Security Foundations Workshop, 2003. Proceedings..

[19]  Stéphanie Delaune,et al.  A theory of dictionary attacks and its complexity , 2004, Proceedings. 17th IEEE Computer Security Foundations Workshop, 2004..