Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Logical Analysis and Verification of Cryptographic Protocols - Loria
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
16 CHAPTER 1. INTRODUCTION<br />
the ordered satisfiability problem for the intruder exploiting the collision vulnerability<br />
property <strong>of</strong> hash functions can be reduced to the ordered satisfiability<br />
problem for an intruder operating on words, that is with an associative symbol<br />
<strong>of</strong> concatenation. We show the decidability <strong>of</strong> the last problem, which is interesting<br />
in its own as it is the first decidability result that we are aware <strong>of</strong> for an<br />
intruder system for which unification is infinitary. Furthermore, it permits one<br />
to consider in other contexts an associative concatenation <strong>of</strong> messages instead<br />
<strong>of</strong> their pairing.<br />
Chapter 4: <strong>Analysis</strong> <strong>of</strong> protocols with vulnerable digital signature schemes.<br />
In chapter 4, we study two classes <strong>of</strong> cryptographic protocols: the class <strong>of</strong> protocols<br />
using digital signature schemes vulnerable to constructive exclusive ownership<br />
property, <strong>and</strong> the class <strong>of</strong> protocols using digital signature schemes vulnerable<br />
to destructive exclusive ownership property. The constructive exclusive ownership<br />
vulnerability property for a digital signature schemes permits the intruder, given<br />
a public verification key <strong>and</strong> a signed message, to compute a new pair <strong>of</strong> signature<br />
<strong>and</strong> verification keys such that the message appears to be signed with the<br />
new signature key; <strong>and</strong> the destructive exclusive ownership vulnerability property<br />
for a digital signature schemes permits the intruder, given a public verification<br />
key <strong>and</strong> a signed message, to compute a new pair <strong>of</strong> signature <strong>and</strong> verification<br />
keys, <strong>and</strong> a new message, such that the given signature appears to be the signature<br />
<strong>of</strong> the new computed message with the new signature key. We show<br />
the decidability <strong>of</strong> the insecurity problem for these two classes <strong>of</strong> cryptographic<br />
protocols, <strong>and</strong> that by reducing the insecurity problem to the reachability problem<br />
for our intruder deduction systems.<br />
Chapter 5: Decidability results for saturated deduction systems.<br />
In chapter 5, we generalise the results obtained in Chapter 4. We consider the<br />
class <strong>of</strong> cryptographic protocols where the cryptographic primitives are represented<br />
by equational theories generated by convergent rewrite systems having<br />
the finite variant property. This property has been introduced in [86], <strong>and</strong> means<br />
that one can compute all possible normal forms <strong>of</strong> the instances <strong>of</strong> a term t.<br />
First, we show the decidability <strong>of</strong> the ground reachability problem for our<br />
class <strong>of</strong> deduction systems. This decidability result is obtained by (1) reducing<br />
the reachability problem modulo an equational theory to the reachability problem<br />
modulo the empty theory, (2) computing a transitive closure <strong>of</strong> the possible<br />
deductions (using a saturation procedure), <strong>and</strong> (3) showing that the termination<br />
<strong>of</strong> this computation implies the decidability <strong>of</strong> the ground reachability problem.<br />
Next, we give a new criterion, based on counting the number <strong>of</strong> variables<br />
in a reachability problem before <strong>and</strong> after a deduction is guessed, that permits