A formal definition of protocol indistinguishability and its verification using maude-NPA

Sonia Santiago; Santiago Escobar; Catherine Meadows; José Meseguer

doi:10.1007/978-3-319-11851-2_11

A formal definition of protocol indistinguishability and its verification using maude-NPA

Sonia Santiago, Santiago Escobar, Catherine Meadows, José Meseguer

Research output: Contribution to journal › Article › peer-review

Abstract

Intuitively, two protocols P1 and P2 are indistinguishable if an attacker cannot tell the difference between interactions with P1 and with P2. In this paper we: (i) propose an intuitive notion of indistinguishability in Maude-NPA; (ii) formalize such a notion in terms of state unreachability conditions on their synchronous product; (iii) prove theorems showing how —assuming the protocol’s algebraic theory has a finite variant (FV) decomposition– these conditions can be checked by the Maude-NPA tool; and (iv) illustrate our approach with concrete examples. This provides for the first time a framework for automatic analysis of indistinguishability modulo as wide a class of algebraic properties as FV, which includes many associative-commutative theories of interest to cryptographic protocol analysis.

Original language	English (US)
Pages (from-to)	162-177
Number of pages	16
Journal	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8743
DOIs	https://doi.org/10.1007/978-3-319-11851-2_11
State	Published - 2014

ASJC Scopus subject areas

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-11851-2_11

Fingerprint Dive into the research topics of 'A formal definition of protocol indistinguishability and its verification using maude-NPA'. Together they form a unique fingerprint.

Cite this

A formal definition of protocol indistinguishability and its verification using maude-NPA. / Santiago, Sonia; Escobar, Santiago; Meadows, Catherine; Meseguer, José.

In: Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), Vol. 8743, 2014, p. 162-177.

Research output: Contribution to journal › Article › peer-review

@article{a837d7db5a4947869d202a031d70fb6e,

title = "A formal definition of protocol indistinguishability and its verification using maude-NPA",

abstract = "Intuitively, two protocols P1 and P2 are indistinguishable if an attacker cannot tell the difference between interactions with P1 and with P2. In this paper we: (i) propose an intuitive notion of indistinguishability in Maude-NPA; (ii) formalize such a notion in terms of state unreachability conditions on their synchronous product; (iii) prove theorems showing how —assuming the protocol{\textquoteright}s algebraic theory has a finite variant (FV) decomposition– these conditions can be checked by the Maude-NPA tool; and (iv) illustrate our approach with concrete examples. This provides for the first time a framework for automatic analysis of indistinguishability modulo as wide a class of algebraic properties as FV, which includes many associative-commutative theories of interest to cryptographic protocol analysis.",

author = "Sonia Santiago and Santiago Escobar and Catherine Meadows and Jos{\'e} Meseguer",

year = "2014",

doi = "10.1007/978-3-319-11851-2_11",

language = "English (US)",

volume = "8743",

pages = "162--177",

journal = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

issn = "0302-9743",

publisher = "Springer Verlag",

}

TY - JOUR

T1 - A formal definition of protocol indistinguishability and its verification using maude-NPA

AU - Santiago, Sonia

AU - Escobar, Santiago

AU - Meadows, Catherine

AU - Meseguer, José

PY - 2014

Y1 - 2014

N2 - Intuitively, two protocols P1 and P2 are indistinguishable if an attacker cannot tell the difference between interactions with P1 and with P2. In this paper we: (i) propose an intuitive notion of indistinguishability in Maude-NPA; (ii) formalize such a notion in terms of state unreachability conditions on their synchronous product; (iii) prove theorems showing how —assuming the protocol’s algebraic theory has a finite variant (FV) decomposition– these conditions can be checked by the Maude-NPA tool; and (iv) illustrate our approach with concrete examples. This provides for the first time a framework for automatic analysis of indistinguishability modulo as wide a class of algebraic properties as FV, which includes many associative-commutative theories of interest to cryptographic protocol analysis.

AB - Intuitively, two protocols P1 and P2 are indistinguishable if an attacker cannot tell the difference between interactions with P1 and with P2. In this paper we: (i) propose an intuitive notion of indistinguishability in Maude-NPA; (ii) formalize such a notion in terms of state unreachability conditions on their synchronous product; (iii) prove theorems showing how —assuming the protocol’s algebraic theory has a finite variant (FV) decomposition– these conditions can be checked by the Maude-NPA tool; and (iv) illustrate our approach with concrete examples. This provides for the first time a framework for automatic analysis of indistinguishability modulo as wide a class of algebraic properties as FV, which includes many associative-commutative theories of interest to cryptographic protocol analysis.

UR - http://www.scopus.com/inward/record.url?scp=84921723088&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84921723088&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-11851-2_11

DO - 10.1007/978-3-319-11851-2_11

M3 - Article

AN - SCOPUS:84921723088

VL - 8743

SP - 162

EP - 177

JO - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

JF - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SN - 0302-9743

ER -