Symbolic Probabilistic Analysis of Off-Line Guessing

Abstract: Abstract. We introduce a probabilistic framework for the automated analysis of security protocols. Our framework provides a general method for expressing properties of cryptographic primitives, modeling an attacker who is more powerful than conventional Dolev-Yao attackers. Within our framework, we can model equational properties of cryptographic primitives as well as property statements about their weaknesses, e.g. primitives leaking partial information about messages or the use of weak algorithms for random … Show more

“…The decidability result also took advantage of the way in which the strategy was conducted. Lastly, we used the logic to verify and estimate the probability of attacks to cryptographic protocols in the presence of an attacker with an informed way of cryptanalysis, reducing the gap between symbolic and computational models (Baudet 2005;Cortier 2006, 2005;Conchinha et al 2010Conchinha et al , 2013. These results enabled the implementation of a prototype tool for the satisfiability problem of DEQPRL that can be found in Caleiro et al (2016) but is out of the scope of this paper -for more details see Mordido (2017).…”

“…In this paper we present and study a probabilistic logic aimed at dealing with the kind of reasoning used in the verification of security protocols, namely in the analysis of so-called offline guessing attacks (Baudet 2005) in a setting where the usual Dolev-Yao intruder (Dolev and Yao 1983) is extended with some cryptanalytic power (Conchinha et al 2013;Montalto and Caleiro 2009). Typically, an attacker eavesdrops on the network and gets hold of a number of messages exchanged by the parties.…”

Probabilistic logic over equations and domain restrictions

“…The decidability result also took advantage of the way in which the strategy was conducted. Lastly, we used the logic to verify and estimate the probability of attacks to cryptographic protocols in the presence of an attacker with an informed way of cryptanalysis, reducing the gap between symbolic and computational models (Baudet 2005;Cortier 2006, 2005;Conchinha et al 2010Conchinha et al , 2013. These results enabled the implementation of a prototype tool for the satisfiability problem of DEQPRL that can be found in Caleiro et al (2016) but is out of the scope of this paper -for more details see Mordido (2017).…”

“…In this paper we present and study a probabilistic logic aimed at dealing with the kind of reasoning used in the verification of security protocols, namely in the analysis of so-called offline guessing attacks (Baudet 2005) in a setting where the usual Dolev-Yao intruder (Dolev and Yao 1983) is extended with some cryptanalytic power (Conchinha et al 2013;Montalto and Caleiro 2009). Typically, an attacker eavesdrops on the network and gets hold of a number of messages exchanged by the parties.…”

Probabilistic logic over equations and domain restrictions

An Equation-Based Classical Logic