Home

About

Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network
FAQHELPSITE MAPCONTACT US


  Advanced Search  

 
Deciding knowledge in security protocols under equational theories
 

Summary: Deciding knowledge in security protocols
under equational theories
Mart´in Abadi1
and V´eronique Cortier2
1
Computer Science Department, University of California at Santa Cruz, USA
2
Loria, INRIA & CNRS, Nancy, France
Abstract. The analysis of security protocols requires precise formulations of
the knowledge of protocol participants and attackers. In formal approaches, this
knowledge is often treated in terms of message deducibility and indistinguisha-
bility relations. In this paper we study the decidability of these two relations. The
messages in question may employ functions (encryption, decryption, etc.) axiom-
atized in an equational theory. Our main positive results say that, for a large and
useful class of equational theories, deducibility and indistinguishability are both
decidable in polynomial time.
1 Introduction
Understanding security protocols often requires reasoning about the knowledge of le-
gitimate protocol participants and attackers. As a simple example, let us consider a
protocol in which A sends to B a message that consists of a secret s encrypted un-

  

Source: Abadi, Martín - Department of Computer Science, University of California at Santa Cruz

 

Collections: Computer Technologies and Information Sciences