Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
x CONTENTS<br />
2.1.7 Unification . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29<br />
2.1.8 Finite variant property . . . . . . . . . . . . . . . . . . . . . 30<br />
2.1.9 Narrowing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33<br />
2.1.10 Two intruder deduction systems . . . . . . . . . . . . . . . 36<br />
2.1.11 Variant <strong>of</strong> the intruder deduction system . . . . . . . . . . 41<br />
2.1.12 Constraint systems . . . . . . . . . . . . . . . . . . . . . . . 43<br />
2.1.13 Modified I-constraint systems . . . . . . . . . . . . . . . . 44<br />
2.1.14 Reachability problems . . . . . . . . . . . . . . . . . . . . . 46<br />
2.1.15 Variant <strong>of</strong> I-constraint systems . . . . . . . . . . . . . . . . 46<br />
2.2 <strong>Cryptographic</strong> protocols . . . . . . . . . . . . . . . . . . . . . . . . 48<br />
2.2.1 Specification <strong>of</strong> protocols . . . . . . . . . . . . . . . . . . . 48<br />
2.2.2 Execution <strong>of</strong> protocols . . . . . . . . . . . . . . . . . . . . . 51<br />
2.3 From cryptographic protocols to constraint systems . . . . . . . . 52<br />
2.3.1 From an execution <strong>of</strong> a protocol to a constraint system . . 52<br />
2.3.2 From insecurity problem to satisfiability <strong>of</strong> constraint systems<br />
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53<br />
2.4 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55<br />
3 <strong>Protocols</strong> with vulnerable hash functions 57<br />
3.1 Hash functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58<br />
3.1.1 Definition <strong>of</strong> hash functions . . . . . . . . . . . . . . . . . . 58<br />
3.1.2 Properties <strong>of</strong> hash functions . . . . . . . . . . . . . . . . . . 59<br />
3.1.3 Examples <strong>of</strong> hash functions . . . . . . . . . . . . . . . . . . 60<br />
3.2 Collision vulnerability property . . . . . . . . . . . . . . . . . . . . 60<br />
3.2.1 Hash functions having this property . . . . . . . . . . . . . 61<br />
3.2.2 Collision vulnerability in practice . . . . . . . . . . . . . . 61<br />
3.3 The model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62<br />
3.3.1 Mode in an equational theory . . . . . . . . . . . . . . . . . 62<br />
3.3.2 Well-moded equational theories . . . . . . . . . . . . . . . 63<br />
3.3.3 Subterm values . . . . . . . . . . . . . . . . . . . . . . . . . 63<br />
3.3.4 Intruder deduction system . . . . . . . . . . . . . . . . . . 63<br />
3.3.5 Symbolic derivation . . . . . . . . . . . . . . . . . . . . . . 66<br />
3.3.6 Ordered satisfiability problem . . . . . . . . . . . . . . . . 68<br />
3.4 Symbolic formalisation . . . . . . . . . . . . . . . . . . . . . . . . . 68<br />
3.4.1 Intruder on words with free function symbols . . . . . . . 69<br />
3.4.2 Hash-colliding intruder . . . . . . . . . . . . . . . . . . . . 71<br />
3.4.3 Properties on Ifree <strong>and</strong> Ih intruder deduction systems . . 71<br />
3.5 Decidability results . . . . . . . . . . . . . . . . . . . . . . . . . . . 76<br />
3.5.1 Decidability <strong>of</strong> ordered IAU-satisfiability problem . . . . . 76<br />
3.5.2 Decidability <strong>of</strong> ordered If <strong>and</strong> Ig satisfiability problems . 79<br />
3.5.3 Decidability <strong>of</strong> ordered Ifree satisfiability problem . . . . . 79<br />
3.5.4 Decidability <strong>of</strong> ordered Ih-satisfiability problem . . . . . . 80