Skip to main content
Springer Nature Link
Log in

Symbolic Protocol Analysis with Disequality Constraints Modulo Equational Theories

  • Chapter
  • First Online:
Programming Languages with Applications to Biology and Security

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 9465))

  • 1064 Accesses

Abstract

Research in the formal analysis of cryptographic protocols has produced much good work in the solving of equality constraints, developing new methods for unification, matching, and deducibility. However, considerably less attention has been paid to disequality constraints. These also arise quite naturally in cryptographic protocol analysis, in particular for analysis of indistinguishability properties. Thus methods for deciding whether or not they are satisfiable could potentially be quite useful in reducing the size of the search space by protocol analysis tools. In this paper we develop a framework for reasoning about disequality constraints centered around the paradigm of the most discriminating Dolev-Yao attacker, who is able to detect a disequality if it is satisfied in some implementation of the crypto-algebra satisfying given equality properties. We develop several strategies for handling disequalities, prove their soundness and completeness, and demonstrate the result of experimental analyses using the various strategies. Finally, we discuss how disequality checking algorithms could be incorporated within symbolic reachability protocol analysis methods.

The rights of this work are transferred to the extent transferable according to title 17 §105 U.S.C

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    It is well-known that protocols proved secure modulo equational axioms E may sometimes be attacked at the computational level. That is why the qualification that an attack is possible “when only the theory E is assumed” is important here.

References

  1. Baader, F., Schulz, K.U.: Combination techniques and decision problems for disunification. Theor. Comput. Sci. 142(2), 229–255 (1995)

    Article  MathSciNet  MATH  Google Scholar 

  2. Blanchet, B.: Using horn clauses for analyzing security protocols. In: Cortier, V., Kremer, S. (eds.) Formal Models and Techniques for Analyzing Security Protocols. Cryptology and Information Security Series, vol. 5, pp. 86–111. IOS Press, March 2011

    Google Scholar 

  3. Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. J. Log. Algebr. Program. 75(1), 3–51 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  4. Comon, H., Lescanne, P.: Equational problems and disunification. J. Symb. Comput. 7, 371–425 (1989)

    Article  MathSciNet  MATH  Google Scholar 

  5. Comon, H.: Complete axiomatizations of some quotient term algebras. In: Albert, J.L., Monien, B., Artalejo, M.R. (eds.) Automata, Languages and Programming. LNCS, vol. 510, pp. 469–480. Springer, Heidelberg (1991)

    Chapter  Google Scholar 

  6. Comon, H.: Disunification: a survey. In: Computational Logic - Essays in Honor of Alan Robinson, pp. 322–359 (1991)

    Google Scholar 

  7. Comon-Lundh, H., Delaune, S.: The finite variant property: how to get rid of some algebraic properties. In: Giesl, J. (ed.) RTA 2005. LNCS, vol. 3467, pp. 294–307. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  8. Cortier, V., Delaune, S., Lafourcade, P.: A survey of algebraic properties used in cryptographic protocols. J. Comput. Secur. 14(1), 1–43 (2006)

    Article  Google Scholar 

  9. Dolev, D., Yao, A.: On the security of public key protocols. IEEE Trans. Inf. Theory 29(2), 198–208 (1983)

    Article  MathSciNet  MATH  Google Scholar 

  10. Erbatur, S., et al.: Effective symbolic protocol analysis via equational irreducibility conditions. In: Foresti, S., Yung, M., Martinelli, F. (eds.) ESORICS 2012. LNCS, vol. 7459, pp. 73–90. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  11. Escobar, S., Hendrix, J., Meadows, C., Meseguer, J.: Diffie-Hellman cryptographic reasoning in the Maude-NRL protocol analyzer. In: Proceedings of the 2nd International Workshop on Security and Rewriting Techniques (SecReT 2007) (2007)

    Google Scholar 

  12. Escobar, S., Meadows, C., Meseguer, J.: A rewriting-based inference system for the NRL protocol analyzer and its meta-logical properties. Theor. Comput. Sci. 367(1–2), 162–202 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  13. Escobar, S., Meadows, C., Meseguer, J.: Equational cryptographic reasoning in the Maude-NRL protocol analyzer. In: Proceedings of the 1st International Workshop on Security and Rewriting Techniques (SecReT 2006). ENTCS, vol. 171, no. 4, pp. 23–36. Elsevier (2007)

    Google Scholar 

  14. Escobar, S., Meadows, C., Meseguer, J.: Maude-NPA: cryptographic protocol analysis modulo equational properties. In: Aldini, A., Barthe, G., Gorrieri, R. (eds.) FOSAD 2007/2008/2009. LNCS, vol. 5705, pp. 1–50. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  15. Escobar, S., Sasse, R., Meseguer, J.: Folding variant narrowing and optimal variant termination. J. Log. Algebr. Program. 81(7–8), 898–928 (2012)

    Article  MathSciNet  MATH  Google Scholar 

  16. Thayer Fabrega, F.J., Herzog, J., Guttman, J.: Strand spaces: what makes a security protocol correct? J. Comput. Secur. 7, 191–230 (1999)

    Article  Google Scholar 

  17. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  18. Meseguer, J.: Conditional rewriting logic as a unified model of concurrency. Theor. Comput. Sci. 96(1), 73–155 (1992)

    Article  MathSciNet  MATH  Google Scholar 

  19. Meseguer, J.: Membership algebra as a logical framework for equational specification. In: Presicce, F.P. (ed.) Recent Trends in Algebraic Development Techniques. LNCS, vol. 1376, pp. 18–61. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  20. Mödersheim, S., Viganò, L., Basin, D.A.: Constraint differentiation: Search-space reduction for the constraint-based analysis of security protocols. J. Comput. Secur. 18(4), 575–618 (2010)

    Article  Google Scholar 

  21. Needham, R.M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM 21(12), 993–999 (1978)

    Article  MATH  Google Scholar 

  22. Santiago, S., Escobar, S., Meadows, C., Meseguer, J.: A formal definition of protocol indistinguishability and its verification using Maude-NPA. In: Mauw, S., Jensen, C.D. (eds.) STM 2014. LNCS, vol. 8743, pp. 162–177. Springer, Heidelberg (2014)

    Google Scholar 

  23. Sasse, R., Escobar, S., Meadows, C., Meseguer, J.: Protocol analysis modulo combination of theories: a case study in Maude-NPA. In: Cuellar, J., Lopez, J., Barthe, G., Pretschner, A. (eds.) STM 2010. LNCS, vol. 6710, pp. 163–178. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  24. TeReSe: Term Rewriting Systems. Cambridge University Press, Cambridge (2003)

    Google Scholar 

  25. Thati, P., Meseguer, J.: Symbolic reachability analysis using narrowing and its application verification of cryptographic protocols. J. Higher-Order Symb. Comput. 20(1–2), 123–160 (2007)

    MATH  Google Scholar 

Download references

Acknowledgements

This work has been partially supported by NSF grant CNS 13-19109, by the EU (FEDER) and the Spanish MINECO under grant TIN 2013-45732-C4-1-P, and by Spanish Generalitat Valenciana under grant PROMETEOII/2015/013.

Author information

Authors and Affiliations

  1. DSIC-ELP, Universitat Politècnica de València, Valencia, Spain

    Santiago Escobar

  2. Naval Research Laboratory, Washington, D.C., USA

    Catherine Meadows

  3. University of Illinois at Urbana-Champaign, Champaign, USA

    José Meseguer & Sonia Santiago

Authors
  1. Santiago Escobar
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Catherine Meadows
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. José Meseguer
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sonia Santiago
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Catherine Meadows .

Editor information

Editors and Affiliations

  1. Dipartimento di Informatica, Università di Pisa, Pisa, Italy

    Chiara Bodei

  2. Dipartimento di Informatica, Università di Pisa, Pisa, Italy

    Gianluigi Ferrari

  3. Università degli Studi di Trento, Povo, Italy

    Corrado Priami

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland (outside the US)

About this chapter

Cite this chapter

Escobar, S., Meadows, C., Meseguer, J., Santiago, S. (2015). Symbolic Protocol Analysis with Disequality Constraints Modulo Equational Theories. In: Bodei, C., Ferrari, G., Priami, C. (eds) Programming Languages with Applications to Biology and Security. Lecture Notes in Computer Science(), vol 9465. Springer, Cham. https://doi.org/10.1007/978-3-319-25527-9_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-25527-9_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-25526-2

  • Online ISBN: 978-3-319-25527-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics