Skip to main content
SpringerLink
Log in

The Hitchhiker’s Guide to Decidability and Complexity of Equivalence Properties in Security Protocols

  • Chapter
  • First Online:
Logic, Language, and Security

Part of the book series: Lecture Notes in Computer Science ((LNTCS,volume 12300))

  • 718 Accesses

Abstract

Privacy-preserving security properties in cryptographic protocols are typically modelled by observational equivalences in process calculi such as the applied pi-calculus. We survey decidability and complexity results for the automated verification of such equivalences, casting existing results in a common framework which allows for a precise comparison. This unified view, beyond providing a clearer insight on the current state of the art, allowed us to identify some variations in the statements of the decision problems—sometimes resulting in different complexity results. Additionally, we prove a couple of novel or strengthened results.

The research leading to these result has received funding from the ERC under the EU’s H2020 research and innovation program (grant agreements No 645865-SPOOC), as well as from the French ANR project TECAP (ANR-17-CE39-0004-01). Itsaka Rakotonirina benefits from a Google PhD Fellowship.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 49.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 64.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Abadi, M., Blanchet, B., Fournet, C.: The applied pi calculus: mobile values, new names, and secure communication. J. ACM (JACM) 65, 1–41 (2017)

    Article  MathSciNet  Google Scholar 

  2. Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoret. Comput. Sci. 367, 2–32 (2006)

    Article  MathSciNet  Google Scholar 

  3. Abadi, M., Fournet, C.: Private authentication. Theoret. Comput. Sci. 322, 427–476 (2004)

    Article  MathSciNet  Google Scholar 

  4. Abadi, M., Gordon, A.D.: A calculus for cryptographic protocols: the spi calculus. Inf. Comput. 148, 1–70 (1999)

    Article  MathSciNet  Google Scholar 

  5. Anantharaman, S., Narendran, P., Rusinowitch, M.: Intruders with caps. In: Baader, F. (ed.) RTA 2007. LNCS, vol. 4533, pp. 20–35. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-73449-9_4

    Chapter  Google Scholar 

  6. Arapinis, M., Chothia, T., Ritter, E., Ryan, M.: Analysing unlinkability and anonymity using the applied pi calculus. In: IEEE Computer Security Foundations Symposium (CSF) (2010)

    Google Scholar 

  7. Arapinis, M., Cortier, V., Kremer, S.: When are three voters enough for privacy properties? In: Askoxylakis, I., Ioannidis, S., Katsikas, S., Meadows, C. (eds.) ESORICS 2016. LNCS, vol. 9879, pp. 241–260. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-45741-3_13

    Chapter  Google Scholar 

  8. Babel, K., Cheval, V., Kremer, S.: On the semantics of communications when verifying equivalence properties. J. Comput. Secur. 28(1), 71–127 (2020)

    Article  Google Scholar 

  9. Baelde, D., Delaune, S., Hirschi, L.: Partial order reduction for security protocols. In: International Conference on Concurrency Theory (CONCUR) (2015)

    Google Scholar 

  10. Basin, D.A., Cremers, C.: Know your enemy: compromising adversaries in protocol analysis. ACM Trans. Inf. Syst. Secur. (TISSEC) 17, 1–31 (2014)

    Article  Google Scholar 

  11. Basin, D.A., Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R., Stettler, V.: A formal analysis of 5G authentication. In: ACM Conference on Computer and Communications Security (CCS) (2018)

    Google Scholar 

  12. Baudet, M.: Sécurité des protocoles cryptographiques: aspects logiques et calculatoires. Ph.D. thesis (2007)

    Google Scholar 

  13. Baudet, M., Cortier, V., Delaune, S.: YAPA: a generic tool for computing intruder knowledge. ACM Trans. Comput. Log. (TOCL) 14, 1–32 (2013)

    Article  MathSciNet  Google Scholar 

  14. Bhargavan, K., Blanchet, B., Kobeissi, N.: Verified models and reference implementations for the TLS 1.3 standard candidate. In: IEEE Symposium on Security and Privacy, (S&P) (2017)

    Google Scholar 

  15. Blanchet, B.: Modeling and verifying security protocols with the applied pi calculus and ProVerif. In: Foundations and Trends in Privacy and Security (2016)

    Google Scholar 

  16. Blanchet, B., Abadi, M., Fournet, C.: Automated verification of selected equivalences for security protocols. J. Log. Algebraic Program. 75, 3–51 (2008)

    Article  MathSciNet  Google Scholar 

  17. Chadha, R., Cheval, V., Ciobâcă, Ş., Kremer, S.: Automated verification of equivalence properties of cryptographic protocols. ACM Trans. Comput. Log. (TOCL) 17, 1–32 (2016)

    Article  MathSciNet  Google Scholar 

  18. Cheval, V.: APTE: an algorithm for proving trace equivalence. In: Ábrahám, E., Havelund, K. (eds.) TACAS 2014. LNCS, vol. 8413, pp. 587–592. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-642-54862-8_50

    Chapter  Google Scholar 

  19. Cheval, V., Blanchet, B.: Proving more observational equivalences with ProVerif. In: Basin, D., Mitchell, J.C. (eds.) POST 2013. LNCS, vol. 7796, pp. 226–246. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36830-1_12

    Chapter  Google Scholar 

  20. Cheval, V., Comon-Lundh, H., Delaune, S.: Trace equivalence decision: negative tests and non-determinism. In: ACM Conference on Computer and Communications Security (CCS) (2011)

    Google Scholar 

  21. Cheval, V., Cortier, V., Delaune, S.: Deciding equivalence-based properties using constraint solving. Theoret. Comput. Sci. 492, 1–39 (2013)

    Article  MathSciNet  Google Scholar 

  22. Cheval, V., Kremer, S., Rakotonirina, I.: DEEPSEC: deciding equivalence properties in security protocols theory and practice. In: IEEE Symposium on Security and Privacy (S&P) (2018)

    Google Scholar 

  23. Cheval, V., Kremer, S., Rakotonirina, I.: The DEEPSEC prover. In: Chockler, H., Weissenbacher, G. (eds.) CAV 2018. LNCS, vol. 10982, pp. 28–36. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96142-2_4

    Chapter  Google Scholar 

  24. Cheval, V., Kremer, S., Rakotonirina, I.: Exploiting symmetries when proving equivalence properties for security protocols. In: ACM Conference on Computer and Communications Security (CCS) (2019)

    Google Scholar 

  25. Cheval, V., Kremer, S., Rakotonirina, I.: The Hitchhiker’s guide to decidability and complexity of equivalence properties in security protocols (Technical report) (2020). https://hal.archives-ouvertes.fr/hal-02501577

  26. Chrétien, R., Cortier, V., Delaune, S.: Decidability of trace equivalence for protocols with nonces. In: IEEE Computer Security Foundations Symposium (CSF) (2015)

    Google Scholar 

  27. Chrétien, R., Cortier, V., Delaune, S.: From security protocols to pushdown automata. ACM Trans. Comput. Log. (TOCL) 17, 1–45 (2015)

    Article  MathSciNet  Google Scholar 

  28. Ciobâcă, Ş., Delaune, S., Kremer, S.: Computing knowledge in security protocols under convergent equational theories. In: Schmidt, R.A. (ed.) CADE 2009. LNCS (LNAI), vol. 5663, pp. 355–370. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-02959-2_27

    Chapter  Google Scholar 

  29. Cohn-Gordon, K., Cremers, C., Garratt, L., Millican, J., Milner, K.: On ends-to-ends encryption: Asynchronous group messaging with strong security guarantees. In: ACM Conference on Computer and Communications Security (CCS) (2018)

    Google Scholar 

  30. Comon, H., Cortier, V.: Tree automata with one memory set constraints and cryptographic protocols. Theoret. Comput. Sci. 331, 143–214 (2005)

    Article  MathSciNet  Google Scholar 

  31. Conchinha, B., Basin, D.A., Caleiro, C.: Fast: an efficient decision procedure for deduction and static equivalence. In: International Conference on Rewriting Techniques and Applications (RTA) (2011)

    Google Scholar 

  32. Cortier, V., Dallon, A., Delaune, S.: Efficiently deciding equivalence for standard primitives and phases. In: Lopez, J., Zhou, J., Soriano, M. (eds.) ESORICS 2018. LNCS, vol. 11098, pp. 491–511. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99073-6_24

    Chapter  Google Scholar 

  33. Cortier, V., Grimm, N., Lallemand, J., Maffei, M.: A type system for privacy properties. In: ACM Conference on Computer and Communications Security (CCS) (2017)

    Google Scholar 

  34. Cremers, C., Horvat, M., Hoyland, J., Scott, S., van der Merwe, T.: A comprehensive symbolic analysis of TLS 1.3. In: ACM Conference on Computer and Communications Security (CCS) (2017)

    Google Scholar 

  35. Dam, M.: On the decidability of process equivalences for the \(\pi \)-calculus. Theoret. Comput. Sci. 183, 215–228 (1997)

    Article  MathSciNet  Google Scholar 

  36. Delaune, S., Hirschi, L.: A survey of symbolic methods for establishing equivalence-based properties in cryptographic protocols. J. Log. Algebraic Methods Program. 87, 127–144 (2017)

    Article  MathSciNet  Google Scholar 

  37. Delaune, S., Kremer, S., Ryan, M.: Verifying privacy-type properties of electronic voting protocols. J. Comput. Secur. 17, 435–487 (2009)

    Article  Google Scholar 

  38. Dolev, D., Yao, A.: On the security of public key protocols. In: Symposium on Foundations of Computer Science (FOCS) (1981)

    Google Scholar 

  39. Dolev, D., Even, S., Karp, R.M.: On the security of ping-pong protocols. Inf. Control 55, 57–68 (1982)

    Article  MathSciNet  Google Scholar 

  40. Durgin, N.A., Lincoln, P., Mitchell, J.C.: Multiset rewriting and the complexity of bounded security protocols. J. Comput. Secur. 12, 247–311 (2004)

    Article  Google Scholar 

  41. Durgin, N.A., Lincoln, P., Mitchell, J.C., Scedrov, A.: Undecidability of bounded security protocols. In: Proceedings of Workshop on Formal Methods in Security Protocols (1999)

    Google Scholar 

  42. Filimonov, I., Horne, R., Mauw, S., Smith, Z.: Breaking unlinkability of the ICAO 9303 Standard for e-passports using bisimilarity. In: Sako, K., Schneider, S., Ryan, P.Y.A. (eds.) ESORICS 2019. LNCS, vol. 11735, pp. 577–594. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-29959-0_28

    Chapter  Google Scholar 

  43. Hüttel, H.: Deciding framed bisimilarity. Electron. Notes Theoret. Comput. Sci 68, 1–18 (2003)

    Article  Google Scholar 

  44. Hüttel, H., Srba, J.: Recursive ping-pong protocols. BRICS Report Series (2003)

    Google Scholar 

  45. Jacomme, C., Kremer, S.: An extensive formal analysis of multi-factor authentication protocols. In: IEEE Computer Security Foundations Symposium (CSF) (2018)

    Google Scholar 

  46. Kanovich, M.I., Kirigin, T.B., Nigam, V., Scedrov, A.: Bounded memory protocols. Comput. Lang. Syst. Struct. 40(3–4), 137–154 (2014)

    MATH  Google Scholar 

  47. Kobeissi, N., Bhargavan, K., Blanchet, B.: Automated verification for secure messaging protocols and their implementations: a symbolic and computational approach. In: IEEE European Symposium on Security and Privacy (EuroS&P) (2017)

    Google Scholar 

  48. Milner, R., Parrow, J., Walker, D.: A calculus of mobile processes. I. Inf. Comput. 100, 1–40 (1992)

    Article  MathSciNet  Google Scholar 

  49. Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theoret. Comput. Sci. 299, 451–475 (2003)

    Article  MathSciNet  Google Scholar 

  50. Meier, S., Schmidt, B., Cremers, C., Basin, D.: The TAMARIN prover for the symbolic analysis of security protocols. In: Sharygina, N., Veith, H. (eds.) CAV 2013. LNCS, vol. 8044, pp. 696–701. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-39799-8_48

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Inria Nancy Grand-Est & LORIA, Villers-lès-Nancy, France

    Vincent Cheval, Steve Kremer & Itsaka Rakotonirina

Authors
  1. Vincent Cheval
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Steve Kremer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Itsaka Rakotonirina
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Steve Kremer .

Editor information

Editors and Affiliations

  1. fortiss GmbH, Munich, Germany

    Vivek Nigam

  2. University of Rijeka, Rijeka, Croatia

    Tajana Ban Kirigin

  3. SRI International, Menlo Park, CA, USA

    Carolyn Talcott

  4. Worcester Polytechnic Institute, Worcester, MA, USA

    Joshua Guttman

  5. Steklov Mathematical Institute of the Russian Academy of Sciences, Moscow, Russia

    Stepan Kuznetsov

  6. University of Pennsylvania, Philadelphia, PA, USA

    Boon Thau Loo

  7. Keio University, Tokyo, Japan

    Mitsuhiro Okada

Rights and permissions

Reprints and permissions

Copyright information

© 2020 Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Cheval, V., Kremer, S., Rakotonirina, I. (2020). The Hitchhiker’s Guide to Decidability and Complexity of Equivalence Properties in Security Protocols. In: Nigam, V., et al. Logic, Language, and Security. Lecture Notes in Computer Science(), vol 12300. Springer, Cham. https://doi.org/10.1007/978-3-030-62077-6_10

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-62077-6_10

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-62076-9

  • Online ISBN: 978-3-030-62077-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation