Abstract
Privacy-preserving security properties in cryptographic protocols are typically modelled by observational equivalences in process calculi such as the applied pi-calculus. We survey decidability and complexity results for the automated verification of such equivalences, casting existing results in a common framework which allows for a precise comparison. This unified view, beyond providing a clearer insight on the current state of the art, allowed us to identify some variations in the statements of the decision problems—sometimes resulting in different complexity results. Additionally, we prove a couple of novel or strengthened results.
The research leading to these result has received funding from the ERC under the EU’s H2020 research and innovation program (grant agreements No 645865-SPOOC), as well as from the French ANR project TECAP (ANR-17-CE39-0004-01). Itsaka Rakotonirina benefits from a Google PhD Fellowship.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Abadi, M., Blanchet, B., Fournet, C.: The applied pi calculus: mobile values, new names, and secure communication. J. ACM (JACM) 65, 1–41 (2017)
Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoret. Comput. Sci. 367, 2–32 (2006)
Abadi, M., Fournet, C.: Private authentication. Theoret. Comput. Sci. 322, 427–476 (2004)
Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: the spi calculus. Inf. Comput. 148, 1–70 (1999)
Anantharaman, S., Narendran, P., Rusinowitch, M.: Intruders with caps. In: Baader, F. (ed.) RTA 2007. LNCS, vol. 4533, pp. 20–35. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73449-9_4
Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: IEEE Computer Security Foundations Symposium (CSF) (2010)
Arapinis, M., Cortier, V., Kremer, S.: When are three voters enough for privacy properties? In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 241–260. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_13
Babel, K., Cheval, V., Kremer, S.: On the semantics of communications when verifying equivalence properties. J. Comput. Secur. 28(1), 71–127 (2020)
Baelde, D., Delaune, S., Hirschi, L.: Partial order reduction for security protocols. In: International Conference on Concurrency Theory (CONCUR) (2015)
Basin, D.A., Cremers, C.: Know your enemy: compromising adversaries in protocol analysis. ACM Trans. Inf. Syst. Secur. (TISSEC) 17, 1–31 (2014)
Basin, D.A., Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R., Stettler, V.: A formal analysis of 5G authentication. In: ACM Conference on Computer and Communications Security (CCS) (2018)
Baudet, M.: Sécurité des protocoles cryptographiques: aspects logiques et calculatoires. Ph.D. thesis (2007)
Baudet, M., Cortier, V., Delaune, S.: YAPA: a generic tool for computing intruder knowledge. ACM Trans. Comput. Log. (TOCL) 14, 1–32 (2013)
Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: IEEE Symposium on Security and Privacy, (S&P) (2017)
Blanchet, B.: Modeling and verifying security protocols with the applied pi calculus and ProVerif. In: Foundations and Trends in Privacy and Security (2016)
Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. J. Log. Algebraic Program. 75, 3–51 (2008)
Chadha, R., Cheval, V., Ciobâcă, Ş., Kremer, S.: Automated verification of equivalence properties of cryptographic protocols. ACM Trans. Comput. Log. (TOCL) 17, 1–32 (2016)
Cheval, V.: APTE: an algorithm for proving trace equivalence. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 587–592. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_50
Cheval, V., Blanchet, B.: Proving more observational equivalences with ProVerif. In: Basin, D., Mitchell, J.C. (eds.) POST 2013. LNCS, vol. 7796, pp. 226–246. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36830-1_12
Cheval, V., Comon-Lundh, H., Delaune, S.: Trace equivalence decision: negative tests and non-determinism. In: ACM Conference on Computer and Communications Security (CCS) (2011)
Cheval, V., Cortier, V., Delaune, S.: Deciding equivalence-based properties using constraint solving. Theoret. Comput. Sci. 492, 1–39 (2013)
Cheval, V., Kremer, S., Rakotonirina, I.: DEEPSEC: deciding equivalence properties in security protocols theory and practice. In: IEEE Symposium on Security and Privacy (S&P) (2018)
Cheval, V., Kremer, S., Rakotonirina, I.: The DEEPSEC prover. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 28–36. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96142-2_4
Cheval, V., Kremer, S., Rakotonirina, I.: Exploiting symmetries when proving equivalence properties for security protocols. In: ACM Conference on Computer and Communications Security (CCS) (2019)
Cheval, V., Kremer, S., Rakotonirina, I.: The Hitchhiker’s guide to decidability and complexity of equivalence properties in security protocols (Technical report) (2020). https://hal.archives-ouvertes.fr/hal-02501577
Chrétien, R., Cortier, V., Delaune, S.: Decidability of trace equivalence for protocols with nonces. In: IEEE Computer Security Foundations Symposium (CSF) (2015)
Chrétien, R., Cortier, V., Delaune, S.: From security protocols to pushdown automata. ACM Trans. Comput. Log. (TOCL) 17, 1–45 (2015)
Ciobâcă, Ş., Delaune, S., Kremer, S.: Computing knowledge in security protocols under convergent equational theories. In: Schmidt, R.A. (ed.) CADE 2009. LNCS (LNAI), vol. 5663, pp. 355–370. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02959-2_27
Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: Asynchronous group messaging with strong security guarantees. In: ACM Conference on Computer and Communications Security (CCS) (2018)
Comon, H., Cortier, V.: Tree automata with one memory set constraints and cryptographic protocols. Theoret. Comput. Sci. 331, 143–214 (2005)
Conchinha, B., Basin, D.A., Caleiro, C.: Fast: an efficient decision procedure for deduction and static equivalence. In: International Conference on Rewriting Techniques and Applications (RTA) (2011)
Cortier, V., Dallon, A., Delaune, S.: Efficiently deciding equivalence for standard primitives and phases. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11098, pp. 491–511. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99073-6_24
Cortier, V., Grimm, N., Lallemand, J., Maffei, M.: A type system for privacy properties. In: ACM Conference on Computer and Communications Security (CCS) (2017)
Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: ACM Conference on Computer and Communications Security (CCS) (2017)
Dam, M.: On the decidability of process equivalences for the \(\pi \)-calculus. Theoret. Comput. Sci. 183, 215–228 (1997)
Delaune, S., Hirschi, L.: A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols. J. Log. Algebraic Methods Program. 87, 127–144 (2017)
Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17, 435–487 (2009)
Dolev, D., Yao, A.: On the security of public key protocols. In: Symposium on Foundations of Computer Science (FOCS) (1981)
Dolev, D., Even, S., Karp, R.M.: On the security of ping-pong protocols. Inf. Control 55, 57–68 (1982)
Durgin, N.A., Lincoln, P., Mitchell, J.C.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12, 247–311 (2004)
Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: Undecidability of bounded security protocols. In: Proceedings of Workshop on Formal Methods in Security Protocols (1999)
Filimonov, I., Horne, R., Mauw, S., Smith, Z.: Breaking unlinkability of the ICAO 9303 Standard for e-passports using bisimilarity. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 577–594. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_28
Hüttel, H.: Deciding framed bisimilarity. Electron. Notes Theoret. Comput. Sci 68, 1–18 (2003)
Hüttel, H., Srba, J.: Recursive ping-pong protocols. BRICS Report Series (2003)
Jacomme, C., Kremer, S.: An extensive formal analysis of multi-factor authentication protocols. In: IEEE Computer Security Foundations Symposium (CSF) (2018)
Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A.: Bounded memory protocols. Comput. Lang. Syst. Struct. 40(3–4), 137–154 (2014)
Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: IEEE European Symposium on Security and Privacy (EuroS&P) (2017)
Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes. I. Inf. Comput. 100, 1–40 (1992)
Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theoret. Comput. Sci. 299, 451–475 (2003)
Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Cheval, V., Kremer, S., Rakotonirina, I. (2020). The Hitchhiker’s Guide to Decidability and Complexity of Equivalence Properties in Security Protocols. In: Nigam, V., et al. Logic, Language, and Security. Lecture Notes in Computer Science(), vol 12300. Springer, Cham. https://doi.org/10.1007/978-3-030-62077-6_10
Download citation
DOI: https://doi.org/10.1007/978-3-030-62077-6_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-62076-9
Online ISBN: 978-3-030-62077-6
eBook Packages: Computer ScienceComputer Science (R0)