Results 1 
6 of
6
Deciding the security of protocols with DiffieHellman exponentiation and products in exponents
, 2003
"... ..."
Symbolic protocol analysis with products and DiffieHellman exponentiation
, 2003
"... We demonstrate that for any welldefined cryptographic protocol, the symbolic trace reachability problem in the presence of an Abelian group operator (e.g., multiplication) can be reduced to solvability of a decidable system of quadratic Diophantine equations. This result enables complete, fully aut ..."
Abstract

Cited by 36 (0 self)
 Add to MetaCart
(Show Context)
We demonstrate that for any welldefined cryptographic protocol, the symbolic trace reachability problem in the presence of an Abelian group operator (e.g., multiplication) can be reduced to solvability of a decidable system of quadratic Diophantine equations. This result enables complete, fully automated formal analysis of protocols that employ primitives such as DiffieHellman exponentiation, multiplication, andxor, with a bounded number of role instances, but without imposing any bounds on the size of terms created by the attacker. 1
Deciding the Security of Protocols with Commuting Public Key Encryption
 ENTCS
, 2005
"... Many cryptographic protocols and attacks on these protocols make use of the fact that the order in which encryption is performed does not affect the result of the encryption, i.e., encryption is commutative. However, most models for the automatic analysis of cryptographic protocols can not handle s ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
(Show Context)
Many cryptographic protocols and attacks on these protocols make use of the fact that the order in which encryption is performed does not affect the result of the encryption, i.e., encryption is commutative. However, most models for the automatic analysis of cryptographic protocols can not handle such encryption functions since in these models the message space is considered a free term algebra. In this paper, we present an NP decision procedure for the insecurity of protocols that employ RSA encryption, which is one of the most important instances of commuting public key encryption.
Symbolic Analysis of CryptoProtocols based on Modular Exponentiation
 In Proc. of MFCS ’03, LNCS 2747
, 2003
"... Abstract. Automatic methods developed so far for analysis of security protocols only model a limited set of cryptographic primitives (often, only encryption and concatenation) and abstract from lowlevel features of cryptographic algorithms. This paper is an attempt towards closing this gap. We prop ..."
Abstract

Cited by 9 (2 self)
 Add to MetaCart
(Show Context)
Abstract. Automatic methods developed so far for analysis of security protocols only model a limited set of cryptographic primitives (often, only encryption and concatenation) and abstract from lowlevel features of cryptographic algorithms. This paper is an attempt towards closing this gap. We propose a symbolic technique and a decision method for analysis of protocols based on modular exponentiation, such as DiffieHellman key exchange. We introduce a protocol description language along with its semantics. Then, we propose a notion of symbolic execution and, based on it, a verification method. We prove that the method is sound and complete with respect to the language semantics. 1
Complexity Results for Security Protocols with DiffieHellman Exponentiation and Commuting Public Key Encryption
 In Paritosh K. Pandya and Jaikumar Radhakrishnan, editors, FSTTCS, volume 2914 of Lecture Notes in Computer Science
, 2003
"... We show that the insecurity problem for protocols with modular exponentiation and arbitrary products allowed in exponents is NPcomplete. This result is based on a protocol and intruder model which is powerful enough to uncover known attacks on the Authenticated Group DiffieHellman (AGDH.2) protoc ..."
Abstract

Cited by 3 (0 self)
 Add to MetaCart
We show that the insecurity problem for protocols with modular exponentiation and arbitrary products allowed in exponents is NPcomplete. This result is based on a protocol and intruder model which is powerful enough to uncover known attacks on the Authenticated Group DiffieHellman (AGDH.2) protocol suite. To prove our results, we develop a general framework in which the DolevYao intruder is extended by generic intruder rules. This framework is also applied to obtain complexity results for protocols with commuting public key encryption.
www.elsevier.com/locate/entcs Deciding the Security of Protocols with Commuting Public Key Encryption ⋆
"... Many cryptographic protocols and attacks on these protocols make use of the fact that the order in which encryption is performed does not affect the result of the encryption, i.e., encryption is commutative. However, most models for the automatic analysis of cryptographic protocols can not handle su ..."
Abstract
 Add to MetaCart
(Show Context)
Many cryptographic protocols and attacks on these protocols make use of the fact that the order in which encryption is performed does not affect the result of the encryption, i.e., encryption is commutative. However, most models for the automatic analysis of cryptographic protocols can not handle such encryption functions since in these models the message space is considered a free term algebra. In this paper, we present an NP decision procedure for the insecurity of protocols that employ RSA encryption, which is one of the most important instances of commuting public key encryption.