2018
DOI: 10.1007/978-3-319-99073-6_24
|View full text |Cite
|
Sign up to set email alerts
|

Efficiently Deciding Equivalence for Standard Primitives and Phases

Abstract: Privacy properties like anonymity or untraceability are now well identified, desirable goals of many security protocols. Such properties are typically stated as equivalence properties. However, automatically checking equivalence of protocols often yields efficiency issues. We propose an efficient algorithm, based on graph planning and SATsolving. It can decide equivalence for a bounded number of sessions, for protocols with standard cryptographic primitives and phases (often necessary to specify privacy proper… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1

Citation Types

0
6
0

Year Published

2018
2018
2023
2023

Publication Types

Select...
3
2
1

Relationship

2
4

Authors

Journals

citations
Cited by 7 publications
(8 citation statements)
references
References 24 publications
0
6
0
Order By: Relevance
“…For this, we have to characterise the form of the test involved in such a witness. We use for that the alternative definition of static inclusion already introduced in [18].…”
Section: Bounding the Length Of A Minimal Witnessmentioning
confidence: 99%
See 1 more Smart Citation
“…For this, we have to characterise the form of the test involved in such a witness. We use for that the alternative definition of static inclusion already introduced in [18].…”
Section: Bounding the Length Of A Minimal Witnessmentioning
confidence: 99%
“…Let φ, ψ be such that dom(φ) = dom(ψ). We write φ simple s ψ if: As established in [18] for a slightly different set of primitives, this notion of static inclusion is equivalent to the original one.…”
Section: Bounding the Length Of A Minimal Witnessmentioning
confidence: 99%
“…Since our threat model is arguably strong 16 (i.e., gNBs have to leak decrypted traffic), our findings do not say that C-RNTIs and 5G-S-TMSIs are necessarily/always not useful in masking long-term identifiers such as the IMSIs.…”
Section: ) Final Words Onmentioning
confidence: 76%
“…We define a framework called TrackDev that encompasses several distinct trackability notions. There are privacy notions close to ours, such as (non)-traceability [31], [44] or (un)linkability [19], whereby the latter was studied particularly as part of formal verification in, e.g., [10], [15], [16], [19], [5], [33]. But, as per Pfitzmann's report [39], there are many subtle differences amongst notions related to this.…”
mentioning
confidence: 76%
“…Processes P 0 and P 1 are then trace equivalent when for all traces P i tr = ⇒ (P, Φ), i ∈ {0, 1}, there exists P 1−i tr = ⇒ (P , Φ ) such that the frames Φ and Φ are statically equivalent. Automated verification of trace equivalence has been studied intensively for security protocols [7,20,21,22] and received strong tool support [17,18,23,32,33]. We refer to this problem as TRACEEQ:…”
Section: Equivalencesmentioning
confidence: 99%