Abstract
Many decidability results are known for non-recursive cryptographic protocols, where the protocol steps can be expressed by simple rewriting rules. Recently, a tree transducer-based model was proposed for recursive protocols, where the protocol steps involve some kind of recursive computations. This model has, however, some limitations: (1) rules are assumed to have linear left-hand sides (so no equality tests can be performed), (2) only finite amount of information can be conveyed from one receive-send action to the next ones. It has been proven that, in this model, relaxing these assumptions leads to undecidability.
In this paper, we propose a formalism, called selecting theories, which extends the standard non-recursive term rewriting model and allows participants to compare and store arbitrary messages. This formalism can model recursive protocols, where participants, in each protocol step, are able to send a number of messages unbounded w.r.t. the size of the protocol. We prove that insecurity of protocols with selecting theories is decidable in nexptime.
Partially supported by the RNTL project PROUVE-03V360 and by SATIN Project of ACI Sécurité Informatique.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Amadio, R.M., Charatonik, W.: On name generation and set-based analysis in the Dolev-Yao model. In: Brim, L., Jančar, P., Křetínský, M., Kucera, A. (eds.) CONCUR 2002. LNCS, vol. 2421, pp. 499–514. Springer, Heidelberg (2002)
Ateniese, G., Steiner, M., Tsudik, G.: Authenticated group key agreement and friends. In: Proceedings of the 5th ACM Conference on Computer and Communication Serucity (CCS 1998). ACM Press, New York (1998)
Bryans, J., Schneider, S.A.: CSP, PVS, and a recursive authentication protocol. In: DIMACS Workshop on Formal Verification of Security Protocols (1997)
Bull, J.A., Otway, D.J.: The authentication protocol, Technical Report DRA/CIS3/PROJ/CORBA/SC/1/CSM/436-04/-03, Defence Research Agency, Malvern, UK (1997)
Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: Deciding the security of protocols with Diffie-Hellman exponentiation and products in exponents. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 124–135. Springer, Heidelberg (2003)
Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR, LICS (2003)
Comon, H., Shmatikov, V.: Is it possible to decide whether a cryptographic protocol is secure or not? Journal of Telecommunications and Information Technology, special issue on cryptographic protocol verification 4, 5–15 (2002)
Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and indecurity decision in presence of exclusive or, LICS (2003)
Dolev, D., Yao, A.C.: On the security of public-key protocols. IEEE Transactions on Information Theory 29, 198–208 (1983)
Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: Undecidability of bounded security protocols. In: Workshop on Formal Methods and Security Protocols (FMSP 1999) (1999)
Even, S., Goldreich, O.: On the security of multi-party ping-pong protocols, Technical Report 285, Israel Institute of Technology (1983)
Küsters, R., Wilke, T.: Automata-based analysis of recursive cryptographic protocols, Technical Report IFI 0311, CAU Kiel (2003)
Küsters, R., Wilke, T.: Automata-based analysis of recursive cryptographic protocols. In: Diekert, V., Habib, M. (eds.) STACS 2004. LNCS, vol. 2996, pp. 382–393. Springer, Heidelberg (2004)
Meadows, C.: Formal methods for cryptographic protocol analysis: Emerging issues and trends. IEEE Journal on Selected Areas in Communication 21(1), 44–54 (2003)
Paulson, L.C.: Mechanized proofs for a recursive authentication protocol. In: 10th IEE Computer Security Foundations Workshop (CSFW-10). IEEE Press, Los Alamitos (1997)
Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theor. Comput. Sci. 1-3(299), 451–475 (2003)
Truderung, T.: Regular protocols and attacks with regular knowledge. In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, pp. 377–391. Springer, Heidelberg (2005) (to appear)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Truderung, T. (2005). Selecting Theories and Recursive Protocols . In: Abadi, M., de Alfaro, L. (eds) CONCUR 2005 – Concurrency Theory. CONCUR 2005. Lecture Notes in Computer Science, vol 3653. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11539452_19
Download citation
DOI: https://doi.org/10.1007/11539452_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-28309-6
Online ISBN: 978-3-540-31934-4
eBook Packages: Computer ScienceComputer Science (R0)