A resolution Strategy for Verifying Cryptographic Protocols with CBC Encryption and Blind Signatures

A resolution Strategy for Verifying Cryptographic Protocols with CBC Encryption and Blind Signatures. V. Cortier, M. Rusinowitch, and E. Zalinescu. In Proceedings of the 7th ACM-SIGPLAN International Conference on Principles and Practice of Declarative Programming (PPDP'05), pp. 12–22, ACM press, Lisboa, Portugal, July 2005.

Download

[PDF] [PS] [HTML] 

Abstract

Formal methods have proved to be very useful for analyzing cryptographic protocols. However, most existing techniques apply to the case of abstract encryption schemes and pairing. In this paper, we consider more complex, less studied cryptographic primitives like CBC encryption and blind signatures. This leads us to introduce a new fragment of Horn clauses. We show decidability of this fragment using a combination of several resolution strategies.As a consequence, we obtain a new decidability result for a class of cryptographic protocols (with an unbounded number of sessions and a bounded number of nonces) that may use for example CBC encryption and blind signatures. We apply this result to fix the Needham-Schroeder symmetric key authentication protocol, which is known to be flawed when CBC mode is used.

BibTeX

@InProceedings{CortierPPDP05,
  author = 	 {V. Cortier and M. Rusinowitch and E. Zalinescu},
  title = 	 {A resolution Strategy for Verifying Cryptographic Protocols with {CBC} Encryption and Blind Signatures},
  booktitle = {Proceedings of the 7th ACM-SIGPLAN International Conference on Principles and Practice of Declarative Programming (PPDP'05)},
  pages = 	 {12-22},
  year = 	 {2005},
  address = 	 { Lisboa, Portugal},
  month = 	 {July},
  publisher = {ACM press},
  abstract = {Formal methods have proved to be very useful for analyzing cryptographic protocols. However, most existing techniques apply to the case of abstract encryption schemes and pairing. In this paper, we consider more complex, less studied cryptographic primitives like CBC encryption and blind signatures. This leads us to introduce a new fragment of Horn clauses. We show decidability of this fragment using a combination of several resolution strategies.As a consequence, we obtain a new decidability result for a class of cryptographic protocols (with an unbounded number of sessions and a bounded number of nonces) that may use for example CBC encryption and blind signatures. We apply this result to fix the Needham-Schroeder symmetric key authentication protocol, which is known to be flawed when CBC mode is used.},
  doi =           {10.1145/1069774.1069776},
}