Overall Objectives
Scientific Foundations
Application Domains
New Results
Other Grants and Activities

Section: Scientific Foundations

Enriching the Dolev-Yao model with algebraic theories

It was slightly less clear in 2002 that the Dolev-Yao model required some definite extensions, in particular allowing for terms to be interpreted modulo some equational theory—the so-called algebraic case. (But also to propertly handle specific code chaining techniques [93] .) Typical examples of theories of interest are modular exponentiation over a fixed generator g (application: Diffie-Hellman-like protocols) [90] or that of bitwise exclusive-or [70] . The PhD theses of Roger [100] , Verma [102] , and Cortier [73] display early (and influential!) research in this area. More recent theses in SECSI are those of Delaune  [77] , Lafourcade  [94] and Bernat  [61] . Cortier's thesis—which contains much more material than we can describe—was awarded the SPECIF best PhD thesis award in 2003, and the Le Monde academic research prize in 2004. Delaune's thesis, funded by a CIFRE grant with France Télécom, was awarded the “mention thèse remarquable” by France Télécom.

Following all these bright PhD theses, the main activities and results of SECSI during the period 2003–2006 were devoted to such more accurate formal models of cryptography. This resulted in several decision procedures or impossibility results (see for instance  [72] , [77] , [94] , [61] ).

Nowadays, we continue to work in this area, for instance following an electronic purse case study from France Télécom  [63] . The main focus is however on extending the results to other security properties (see Section  3.5 ) and combining theories, such as in  [66] , [58] . Moreover, it is important to consider protocols in their context. For instance, a key distribution protocol can be used to establish a key which is then reused in another protocol. Different protocols reusing the same long-term keys or passwords may be separately secure, but insecure when executed in parallel. Some composition results guaranteeing that parallel composition preserves security properties have already been obtained in  [57] , [74] , [80] .

The thrust here is on more realism , and more automation .


Logo Inria