From Security Protocols to Pushdown Automata

Chrétien, Rémy; Cortier, Véronique; Delaune, Stéphanie

doi:10.1007/978-3-642-39212-2_15

Cited by 8 publications

(5 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Compared to [13], we no longer need to restrict the number of variables per transition (to one), we allow variables in key positions, and we are more flexible in the control-flow of the program (we may have arbitrary sequences of in and out actions).…”

Section: Decidability Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Typing Messages for Free in Security Protocols: The Case of Equivalence Properties

Chrétien

Cortier

Delaune

2014

CONCUR 2014 – Concurrency Theory

Self Cite

View full text Add to dashboard Cite

Privacy properties such as untraceability, vote secrecy, or anonymity are typically expressed as behavioural equivalence in a process algebra that models security protocols. In this paper, we study how to decide one particular relation, namely trace equivalence, for an unbounded number of sessions. Our first main contribution is to reduce the search space for attacks. Specifically, we show that if there is an attack then there is one that is well-typed. Our result holds for a large class of typing systems and a large class of determinate security protocols. Assuming finitely many nonces and keys, we can derive from this result that trace equivalence is decidable for an unbounded number of sessions for a class of tagged protocols, yielding one of the first decidability results for the unbounded case. As an intermediate result, we also provide a novel decision procedure in the case of a bounded number of sessions.

show abstract

Section: Decidability Resultsmentioning

confidence: 99%

“…To our knowledge, the only decidability result for an unbounded number of sessions is [13]. It is shown that trace equivalence can be reduced to the equality of languages of pushdown automata.…”

Section: Introductionmentioning

confidence: 99%

Typing Messages for Free in Security Protocols: The Case of Equivalence Properties

Chrétien

Cortier

Delaune

2014

CONCUR 2014 – Concurrency Theory

Self Cite

View full text Add to dashboard Cite

show abstract

“…This class of processes is however insufficient for most anonymity properties. Finally, decidability results for an unbounded number of sessions were proposed in [CCD15b,CCD15a], but with severe restrictions on processes and equational theories.…”

Section: Related Workmentioning

confidence: 99%

DEEPSEC: Deciding Equivalence Properties in Security Protocols Theory and Practice

Cheval

Kremer

Rakotonirina

2018

2018 IEEE Symposium on Security and Privacy (SP)

View full text Add to dashboard Cite

We study the automated verification of behavioural equivalences in the applied pi calculus, an essential problem in formal, symbolic analysis of cryptographic protocols. We establish new complexity results for static equivalence, trace equivalence and labelled bisimilarity and propose a new decision procedure for these equivalences. Our procedure is the first tool to decide trace equivalence and labelled bisimilarity exactly for a family of equational theories, namely those that can be represented by a subterm convergent destructor rewrite system. Finally, we implement the procedure in a new tool, called Deepsec and demonstrate the applicability of the tool on several case studies.

show abstract

“…[6], [9] for trace properties and [10], [11] for equivalence). However, protocols do use nonces in practice.…”

Section: Introductionmentioning

confidence: 99%

Decidability of Trace Equivalence for Protocols with Nonces

Chrétien

Cortier

Delaune

2015

2015 IEEE 28th Computer Security Foundations Symposium

View full text Add to dashboard Cite

show abstract

From Security Protocols to Pushdown Automata

Cited by 8 publications

References 17 publications

Typing Messages for Free in Security Protocols: The Case of Equivalence Properties

Typing Messages for Free in Security Protocols: The Case of Equivalence Properties

DEEPSEC: Deciding Equivalence Properties in Security Protocols Theory and Practice

Decidability of Trace Equivalence for Protocols with Nonces

Contact Info

Product

Resources

About