TY - GEN
T1 - Automated unbounded verification of stateful cryptographic protocols with exclusive OR
AU - Dreier, Jannik
AU - Hirschi, Lucca
AU - Radomirovic, Sasa
AU - Sasse, Ralf
PY - 2018/8/9
Y1 - 2018/8/9
N2 - Exclusive-or (XOR) operations are common in cryptographic protocols, in particular in RFID protocols and electronic payment protocols. Although there are numerous applications, due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR. The Tamarin prover is a state-of-the-art verification tool for cryptographic protocols in the symbolic model. In this paper, we improve the underlying theory and the tool to deal with an equational theory modeling XOR operations. The XOR theory can be freely combined with all equational theories previously supported, including user-defined equational theories. This makes Tamarin the first tool to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs.
AB - Exclusive-or (XOR) operations are common in cryptographic protocols, in particular in RFID protocols and electronic payment protocols. Although there are numerous applications, due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR. The Tamarin prover is a state-of-the-art verification tool for cryptographic protocols in the symbolic model. In this paper, we improve the underlying theory and the tool to deal with an equational theory modeling XOR operations. The XOR theory can be freely combined with all equational theories previously supported, including user-defined equational theories. This makes Tamarin the first tool to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs.
KW - Cryptographic-Protocols
KW - Exclusive-OR
KW - Formal-Verification
KW - Symbolic-Model
KW - Tamarin
UR - http://www.scopus.com/inward/record.url?scp=85049789987&partnerID=8YFLogxK
U2 - 10.1109/CSF.2018.00033
DO - 10.1109/CSF.2018.00033
M3 - Conference contribution
AN - SCOPUS:85049789987
T3 - IEEE Computer Security Foundations Symposium
SP - 359
EP - 373
BT - 2018 IEEE 31st Computer Security Foundations Symposium (CSF)
PB - IEEE
T2 - 31st IEEE Computer Security Foundations Symposium 2018
Y2 - 9 July 2018 through 12 July 2018
ER -