Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Chapter 8<br />
Conclusion <strong>and</strong> Perspectives<br />
In our society, the use <strong>of</strong> electronic applications such as e-communication, evoting,<br />
e-banking, e-commerce, etc is increasing. Among several important requirements,<br />
security figures as one crucial aspect. To guarantee security, such<br />
applications use cryptographic protocols. It is well-known that design <strong>of</strong> cryptographic<br />
protocols is not sufficient to their deployment, they need to be formally<br />
analysed. While the insecurity problem <strong>of</strong> cryptographic protocols has<br />
been shown to be undecidable in the general case [111], several restrictions led<br />
to decidable results with perfect <strong>and</strong> unperfect cryptography hypotheses.<br />
In this thesis, we have relaxed the perfect cryptography hypothesis by taking<br />
into account several algebraic properties <strong>of</strong> cryptographic primitives. Following<br />
the symbolic approach (in particular the method based on the resolution<br />
<strong>of</strong> constraint solving) to analyse cryptographic protocols, we provided decision<br />
procedures for the insecurity problem <strong>of</strong> cryptographic protocols with a<br />
bounded number <strong>of</strong> sessions.<br />
In Chapter 3, we considered the collision vulnerability property <strong>of</strong> hash functions,<br />
<strong>and</strong> we analysed the class <strong>of</strong> cryptographic protocols employing hash<br />
functions having this property. We reduced the insecurity problem <strong>of</strong> our class<br />
<strong>of</strong> cryptographic protocols to the ordered satisfiability problem for the intruder<br />
exploiting the collision vulnerability property <strong>of</strong> hash functions. We provided<br />
sufficient arguments that allowed us to conjecture that, following [74], the ordered<br />
satisfiability problem for the intruder exploiting the collision vulnerability<br />
property <strong>of</strong> hash functions can be reduced to the ordered satisfiability problem<br />
for an intruder operating on words. We then proved the decidability <strong>of</strong> the<br />
last problem. A natural extension <strong>of</strong> this work would be to prove the above<br />
conjecture.<br />
In Chapter 4, we considered the destructive exclusive ownership vulnerability<br />
<strong>and</strong> the constructive exclusive ownership vulnerability properties for digital signature<br />
schemes, <strong>and</strong> we showed the decidability <strong>of</strong> the insecurity problem for the two<br />
classes <strong>of</strong> cryptographic protocols using signature schemes having respectively<br />
197