skip to main content
10.1145/1455770.1455788acmconferencesArticle/Chapter ViewAbstractPublication PagesccsConference Proceedingsconference-collections
research-article

Reducing protocol analysis with XOR to the XOR-free case in the horn theory based approach

Published: 27 October 2008 Publication History

Abstract

In the Horn theory based approach for cryptographic protocol analysis, cryptographic protocols and (Dolev-Yao) intruders are modeled by Horn theories and security analysis boils down to solving the derivation problem for Horn theories. This approach and the tools based on this approach, including ProVerif, have been very successful in the automatic analysis of cryptographic protocols w.r.t. an unbounded number of sessions. However, dealing with the algebraic properties of operators such as the exclusive OR (XOR) has been problematic. In particular, ProVerif cannot deal with XOR.
In this paper, we show how to reduce the derivation problem for Horn theories with XOR to the XOR-free case. Our reduction works for an expressive class of Horn theories. A large class of intruder capabilities and protocols that employ the XOR operator can be modeled by these theories. Our reduction allows us to carry out protocol analysis by tools, such as ProVerif, that cannot deal with XOR, but are very efficient in the XOR-free case. We implemented our reduction and, in combination with ProVerif, applied it in the automatic analysis of several protocols that use the XOR operator. In one case, we found a new attack.

References

[1]
CCA Basic Services Reference and Guide: CCA Basic Services Reference and Guide, 2003. Available at http://www-306.ibm.com/security/cryptocards/pdfs/CCA_Basic_Services_241_Revised_20030918.pdf.
[2]
B. Blanchet. An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In Proc. of CSFW-14, pages 82--96. IEEE Comp. Soc. Press, 2001.
[3]
Bruno Blanchet. Automatic verification of correspondences for security protocols, 2008. Report arXiv:0802.3444v1. Available at http://arxiv.org/abs/0802.3444v1.
[4]
Bruno Blanchet, Martín Abadi, and Cédric Fournet. Automated verification of selected equivalences for security protocols. Journal of Logic and Algebraic Programming, 75(1):3--51, 2008.
[5]
Mike Bond. Attacks on cryptoprocessor transaction sets. In Proc of CHES 2001, vol. 2162 of LNCS, pages 220--234. Springer, 2001.
[6]
J.A. Bull and D.J. Otway. The authentication protocol. Technical Report DRA/CIS3/PROJ/CORBA/SC/1/CSM/436-04/03, Defence Research Agency, Malvern, UK, 1997.
[7]
Y. Chevalier, R. Küsters, M. Rusinowitch, and M. Turuani. An NP Decision Procedure for Protocol Insecurity with XOR. In Proc. of LICS 2003, pages 261--270. IEEE, Comp. Soc. Press, 2003.
[8]
J. Clulow. The design and analysis of cryptographic APIs for security devices, 2003. Master's thesis, University of Natal, Durban.
[9]
H. Comon-Lundh and V. Cortier. New Decidability Results for Fragments of First-order Logic and Application to Cryptographic Protocols. In Proc. of RTA 2003, vol. 2706 of LNCS, pages 148--164. Springer, 2003.
[10]
H. Comon-Lundh and V. Shmatikov. Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In Proc. of LICS 2003, pages 271--280. IEEE Comp. Soc. Press, 2003.
[11]
Hubert Comon-Lundh and Véronique Cortier. Security properties: two agents are sufficient. Sci. Comput. Program., 50(1-3):51--71, 2004.
[12]
Hubert Comon-Lundh and Stéphanie Delaune. The finite variant property: How to get rid of some algebraic properties. In Proc. of RTA 2005, vol. 3467 of LNCS, pages 294--307. Springer, 2005.
[13]
V. Cortier, S. Delaune, and G. Steel. A formal theory of key conjuring. In Proc. of CSF 2006, pages 79--93. IEEE Comp. Soc. Press, 2007.
[14]
V. Cortier, G. Keighren, and G. Steel. Automatic Analysis of the Security of XOR-Based Key Management Schemes. In Proc. of TACAS 2007, vol. 4424 of LNCS, pages 538--552. Springer, 2007.
[15]
R. Küsters and T. Truderung. On the Automatic Analysis of Recursive Security Protocols with XOR. In Proc. of STACS 2007, vol. 4393 of LNCS, pages 646--657. Springer, 2007.
[16]
R. Küsters and T. Truderung. Reducing Protocol Analysis with XOR to the XOR-free Case in the Horn Theory Based Approach. Implementation, 2008. Available at http://infsec.uni-trier.de/software/KuestersTruderung-XORPROVERIF-2008.zip.
[17]
R. Küsters and T. Truderung. Reducing Protocol Analysis with XOR to the XOR-free Case in the Horn Theory Based Approach. Report arXiv:0808.0634v1, 2008. Available at http://arxiv.org/abs/0808.0634v1.
[18]
V. Shoup and A. Rubin. Session key distribution using smart cards. In Proc. of EUROCRYPT 1996, vol. 1070 of LNCS, pages 321--331. Springer, 1996.
[19]
Graham Steel. Deduction with XOR constraints in security API modelling. In CADE, vol. 3632 of LNCS, pages 322--336. Springer, 2005.
[20]
K.N. Verma, H. Seidl, and T. Schwentick. On the complexity of equational Horn clauses. In Proc. of CADE 2005, vol. 3328 of LNCS, pages 337--352. Springer, 2005.

Cited By

View all
  • (2023)CryptoBap: A Binary Analysis Platform for Cryptographic ProtocolsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623090(1362-1376)Online publication date: 15-Nov-2023
  • (2022)Contingent payments from two-party signing and verification for abelian groups2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919674(195-210)Online publication date: Aug-2022
  • (2022)Contingent payments from two-party signing and verification for abelian groups2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919654(195-210)Online publication date: Aug-2022
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences
CCS '08: Proceedings of the 15th ACM conference on Computer and communications security
October 2008
590 pages
ISBN:9781595938107
DOI:10.1145/1455770
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 27 October 2008

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. algebraic properties
  2. security protocols

Qualifiers

  • Research-article

Conference

CCS08
Sponsor:

Acceptance Rates

CCS '08 Paper Acceptance Rate 51 of 280 submissions, 18%;
Overall Acceptance Rate 1,261 of 6,999 submissions, 18%

Upcoming Conference

CCS '25

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)9
  • Downloads (Last 6 weeks)1
Reflects downloads up to 17 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2023)CryptoBap: A Binary Analysis Platform for Cryptographic ProtocolsProceedings of the 2023 ACM SIGSAC Conference on Computer and Communications Security10.1145/3576915.3623090(1362-1376)Online publication date: 15-Nov-2023
  • (2022)Contingent payments from two-party signing and verification for abelian groups2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919674(195-210)Online publication date: Aug-2022
  • (2022)Contingent payments from two-party signing and verification for abelian groups2022 IEEE 35th Computer Security Foundations Symposium (CSF)10.1109/CSF54842.2022.9919654(195-210)Online publication date: Aug-2022
  • (2021)$\text{DY}^{\star}$: A Modular Symbolic Verification Framework for Executable Cryptographic Protocol Code2021 IEEE European Symposium on Security and Privacy (EuroS&P)10.1109/EuroSP51992.2021.00042(523-542)Online publication date: Sep-2021
  • (2019)Verification of stateful cryptographic protocols with exclusive ORJournal of Computer Security10.3233/JCS-191358(1-34)Online publication date: 13-Nov-2019
  • (2018)Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR2018 IEEE 31st Computer Security Foundations Symposium (CSF)10.1109/CSF.2018.00033(359-373)Online publication date: Jul-2018
  • (2018)Formal Analysis of the FIDO 1.x ProtocolFoundations and Practice of Security10.1007/978-3-319-75650-9_5(68-82)Online publication date: 17-Feb-2018
  • (2017)Satisfiability of general intruder constraints with and without a set constructorJournal of Symbolic Computation10.1016/j.jsc.2016.07.00980:P1(27-61)Online publication date: 1-May-2017
  • (2016)A Cloud-Based RFID Authentication Protocol with Insecure Communication Channels2016 IEEE Trustcom/BigDataSE/ISPA10.1109/TrustCom.2016.0081(332-339)Online publication date: Aug-2016
  • (2016)Performance Evaluations of Cryptographic Protocols Verification Tools Dealing with Algebraic PropertiesFoundations and Practice of Security10.1007/978-3-319-30303-1_9(137-155)Online publication date: 25-Feb-2016
  • Show More Cited By

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media