Protocol analysis in Maude-NPA using unification modulo homomorphic encryption

Escobar, Santiago; Kapur, Deepak; Lynch, Christopher S.; Meadows, Catherine; Meseguer, José; Narendran, Paliath; Sasse, Ralf

doi:10.1145/2003476.2003488

Cited by 12 publications

(10 citation statements)

References 53 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…So, it is important to analyze cryptographic protocols in the homomorphism theory. Some of the algorithms and details in this direction can be seen in Anantharaman et al (2010Anantharaman et al ( , 2012; Escobar et al (2011). However, none of those results perform ACh unification because that is undecidable.…”

Section: Resultsmentioning

confidence: 99%

“…Unification modulo equational theories play a significant role in symbolic cryptographic protocol analysis Escobar et al (2007). An overview and references for some of the algorithms may be seen in Escobar et al (2011); Kapur et al (2003); Narendran et al (2015). One such equational theory is the distributive axioms: x × (y + z) = (x × y) + (x × z); (y + z) × x = (y × x) + (z × x).…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Bounded ACh unification

Eeralla

Lynch

2020

Math. Struct. Comp. Sci.

Self Cite

View full text Add to dashboard Cite

We consider the problem of the unification modulo an equational theory associativity and commutativity (ACh), which consists of a function symbol h that is homomorphic over an associative–commutative operator +. Since the unification modulo ACh theory is undecidable, we define a variant of the problem called bounded ACh unification. In this bounded version of ACh unification, we essentially bound the number of times h can be applied to a term recursively and only allow solutions that satisfy this bound. There is no bound on the number of occurrences of h in a term, and the + symbol can be applied an unlimited number of times. We give inference rules for solving the bounded version of the problem and prove that the rules are sound, complete, and terminating. We have implemented the algorithm in Maude and give experimental results. We argue that this algorithm is useful in cryptographic protocol analysis.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Bounded ACh unification

Eeralla

Lynch

2020

Math. Struct. Comp. Sci.

Self Cite

View full text Add to dashboard Cite

show abstract

“…Hence, it is sound and complete, but may not terminate. It supports cryptographic primitives defined by convergent rewrite rules plus associativity and commutativity (Escobar et al, 2007), as well as homomorphic encryption (Escobar et al, 2011), while ProVerif does not support associativity nor homomorphic encryption. It initially focused on reachability properties and was recently extended to prove some equivalences (Santiago et al, 2014), using the same idea as ProVerif (see §3.4).…”

Section: Symbolic Verificationmentioning

confidence: 99%

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

Blanchet

2016

FNT in Privacy and Security

196

View full text Add to dashboard Cite

ProVerif is an automatic symbolic protocol verifier. It supports a wide range of cryptographic primitives, defined by rewrite rules or by equations. It can prove various security properties: secrecy, authentication, and process equivalences, for an unbounded message space and an unbounded number of sessions. It takes as input a description of the protocol to verify in a dialect of the applied pi calculus, an extension of the pi calculus with cryptography. It automatically translates this protocol description into Horn clauses and determines whether the desired security properties hold by resolution on these clauses. This survey presents an overview of the research on ProVerif.

show abstract

“…But finitary algorithms for theories E ∪ B not having the finite variant property, e.g., homomorphic encryption, are also supported by Maude-NPA. In this way, we have formally analyzed protocols of the form R = ( , E ∪B, R), where E ∪B can be a cryptographic theory involving a combination of functionalities such as: (i) encryption-decryption; (ii) bounded associativity; (iii) Diffie-Hellman exponentiation; (iv) exclusive or; and (v) homomorphic encryption [178,179,181,183,412]. In general, of course, protocol analysis with an unbounded number of sessions is undecidable.…”

Section: Cryptographic Protocol Specification and Analysismentioning

confidence: 99%

Twenty years of rewriting logic

Meseguer

2012

The Journal of Logic and Algebraic Programming

Self Cite

164

View full text Add to dashboard Cite

Rewriting logic is a simple computational logic that can naturally express both concurrent computation and logical deduction with great generality. This paper provides a gentle, intuitive introduction to its main ideas, as well as a survey of the work that many researchers have carried out over the last twenty years in advancing: (i) its foundations; (ii) its semantic framework and logical framework uses; (iii) its language implementations and its formal tools; and (iv) its many applications to automated deduction, software and hardware specification and verification, security, real-time and cyber-physical systems, probabilistic systems, bioinformatics and chemical systems.

show abstract

Protocol analysis in Maude-NPA using unification modulo homomorphic encryption

Cited by 12 publications

References 53 publications

Bounded ACh unification

Bounded ACh unification

Modeling and Verifying Security Protocols with the Applied Pi Calculus and ProVerif

Twenty years of rewriting logic

Contact Info

Product

Resources

About