article

Decidability of context-explicit security protocols

Authors:

S. P. SureshAuthors Info & Claims

Journal of Computer Security, Volume 13, Issue 1

Pages 135 - 165

Published: 01 January 2005 Publication History

Abstract

An important problem in the analysis of security protocols is that of checking whether a protocol preserves secrecy, i.e., no secret owned by the honest agents is unintentionally revealed to the intruder. This problem has been proved to be undecidable in several settings. In particular, Durgin et al. prove the undecidability of the secrecy problem in the presence of an unbounded set of nonces, even when the message length is bounded. In this paper we prove that even in the presence of an unbounded set of nonces the secrecy problem is decidable for a reasonable subclass of protocols, which we call context-explicit protocols.

References

[1]

{1} M. Abadi and R.M. Needham, Prudent engineering practices for cryptographic protocols, IEEE Transactions on Software Engineering22 (1996), 6-15.]]

Digital Library

[2]

{2} R.M. Amadio and W. Charatonik, On name generation and set-based analysis in Dolev-Yao model, in: CONCUR 2002, Volume 2421 of Lecture Notes in Computer Science, Springer, Berlin, 2002, pp. 499-514.]]

Digital Library

[3]

{3} R.M. Amadio, D. Lugiez and V. Vanackère, On the symbolic reduction of processes with cryptographic functions, Theoretical Computer Science290(1) (2002), 695-740.]]

Digital Library

[4]

{4} R. Anderson and R.M. Needham, Programming Satan's computer, in: Computer Science Today,Volume 1000 of Lecture Notes in Computer Science, Springer, Berlin, 1995, pp. 426-441.]]

[5]

{5} B. Blanchet and A. Podelski, Verification of cryptographic protocols: tagging enforces termination, in: Proceedings of FoSSaCS'03, A.D. Gordon, ed., Volume 2620 of Lecture Notes in Computer Science, Springer, Berlin, 2003, pp. 136-152.]]

Digital Library

[6]

{6} I. Cervesato, C.A. Meadows and P.F. Syverson, Dolev-Yao is no better than Machiavelli, in: Proceedings of WITS'00, P. Degano, ed., 2000.]]

[7]

{7} J. Clark and J. Jacob, A survey of authentication protocol literature, Electronic version available at http://www.cs.york.ac.uk./~jac, 1997.]]

[8]

{8} H. Comon, V. Cortier and J.C. Mitchell, Tree automata with one memory, set constraints, and ping-pong protocols, in: Proceedings of ICALP 2001, Volume 2076 of Lecture Notes in Computer Science, Springer, Berlin, 2001.]]

Digital Library

[9]

{9} D. Dolev, S. Even and R.M. Karp, On the security of ping-pong protocols, Information and Control55 (1982), 57-68.]]

[10]

{10} D. Dolev and A. Yao, On the security of public-key protocols, IEEE Transactions on Information Theory29 (1983), 198-208.]]

Digital Library

[11]

{11} N.A. Durgin, P.D. Lincoln, J.C. Mitchell and A. Scedrov, The undecidability of bounded security protocols, in: Proceedings of the Workshop on Formal Methods and Security Protocols (FMSP'99), 1999.]]

[12]

{12} N. Heintze and D. Tygar, A model for secure protocols and their composition, IEEE Transactions on Software Engineering22(1996), 16-30.]]

Digital Library

[13]

{13} M.L. Hui and G. Lowe, Fault-preserving simplifying transformations for security protocols, Journal of Computer Security9(1,2) (2001), 3-46.]]

Digital Library

[14]

{14} G. Lowe, Breaking and fixing the Needham-Schroeder public key protocol using FDR, in: Proceedings TACAS'96, Volume 1055 of Lecture Notes in Computer Science, Springer, Berlin, 1996, pp. 147-166.]]

Digital Library

[15]

{15} G. Lowe, Towards a completeness result for model checking of security protocols, Journal of Computer Security7 (1999), 89-146.]]

Digital Library

[16]

{16} J.K. Millen and V. Shmatikov, Constraint solving for bounded-process cryptographic protocol analysis, in: ACM Conference on Computer and Communications Security, 2001, pp. 166-175.]]

Digital Library

[17]

{17} R.M. Needham and M.D. Schroeder, Using encryption for authentication in large networks of computers, Communications of the ACM21(12) (1978), 993-999.]]

Digital Library

[18]

{18} L.C. Paulson, The inductive approach to verifying cryptographic protocols, Journal of Computer Security6 (1998), 85-128.]]

Digital Library

[19]

{19} R. Ramanujam and S.P. Suresh, A decidable subclass of unbounded security protocols, in: Proceedings of WITS'03, R. Gorrieri, ed., 2003, pp. 11-20.]]

[20]

{20} R. Ramanujam and S.P. Suresh, An equivalence on terms for security protocols, in: Proceedings of AVIS'03, R. Bharadwaj, ed., 2003, pp. 45-56.]]

[21]

{21} R. Ramanujam and S.P.Suresh, Tagging makes secrecy decidable for unbounded nonces as well, in: Proceedings of 23rd FST&TCS, P.K. Pandya and J. Radhakrishnan, eds, Volume 2914 of Lecture Notes in Computer Science, Springer, Berlin, 2003, pp. 363-374.]]

[22]

{22} R. Ramanujam and S.P. Suresh, Undecidability of secrecy for security protocols, Electronic version available at http://www.imsc.res.in/~jam, 2003.]]

[23]

{23} M. Rusinowitch and M. Turuani, Protocol insecurity with finite number of sessions is NP-complete, Theoretical Computer Science, 299(2003), 451-475.]]

Digital Library

[24]

{24} S.P. Suresh, Foundations of security protocol analysis, PhD thesis, The Institute of Mathematical Sciences, Chennai, India, November 2003 (submitted to Madras University).]]

[25]

{25} T.Y.C. Woo and S.S. Lam, A lesson on authentication protocol design, Operating Systems Review28(3) (1994), 24-37.]]

Digital Library

Cited By

Fröschle S(2015)Leakiness is Decidable for Well-Founded ProtocolsProceedings of the 4th International Conference on Principles of Security and Trust - Volume 903610.1007/978-3-662-46666-7_10(176-195)Online publication date: 11-Apr-2015
https://dl.acm.org/doi/10.1007/978-3-662-46666-7_10
Wang YFan J(2013)Knowing that, knowing what, and public communicationProceedings of the Twenty-Third international joint conference on Artificial Intelligence10.5555/2540128.2540293(1147-1154)Online publication date: 3-Aug-2013
https://dl.acm.org/doi/10.5555/2540128.2540293
Chevalier CDelaune SKremer SRyan M(2013)Composition of password-based protocolsFormal Methods in System Design10.1007/s10703-013-0184-643:3(369-413)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1007/s10703-013-0184-6
Show More Cited By

Index Terms

Decidability of context-explicit security protocols
1. Security and privacy
  1. Systems security
    1. Operating systems security
2. Theory of computation
  1. Models of computation
    1. Computability

Recommendations

Verification of security protocols with lists: From length one to unbounded length
Security and Trust Principles

We present a novel, simple technique for proving secrecy properties for security protocols that manipulate lists of unbounded length, for an unbounded number of sessions. More specifically, our technique relies on the Horn clause approach used in the ...
Security Against Covert Adversaries: Efficient Protocols for Realistic Adversaries

In the setting of secure multiparty computation, a set of mutually distrustful parties wish to securely compute some joint function of their private inputs. The computation should be carried out in a secure way, meaning that no coalition of corrupted ...
Enhanced security models for network protocols.

Comments

Information & Contributors

Information

Published In

cover image Journal of Computer Security

Journal of Computer Security Volume 13, Issue 1

Special issue on WITS'03

January 2005

186 pages

ISSN:0926-227X

Issue’s Table of Contents

Publisher

IOS Press

Netherlands

Publication History

Published: 01 January 2005

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

13
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 29 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Fröschle S(2015)Leakiness is Decidable for Well-Founded ProtocolsProceedings of the 4th International Conference on Principles of Security and Trust - Volume 903610.1007/978-3-662-46666-7_10(176-195)Online publication date: 11-Apr-2015
https://dl.acm.org/doi/10.1007/978-3-662-46666-7_10
Wang YFan J(2013)Knowing that, knowing what, and public communicationProceedings of the Twenty-Third international joint conference on Artificial Intelligence10.5555/2540128.2540293(1147-1154)Online publication date: 3-Aug-2013
https://dl.acm.org/doi/10.5555/2540128.2540293
Chevalier CDelaune SKremer SRyan M(2013)Composition of password-based protocolsFormal Methods in System Design10.1007/s10703-013-0184-643:3(369-413)Online publication date: 1-Dec-2013
https://dl.acm.org/doi/10.1007/s10703-013-0184-6
Malladi S(2011)Soundness of removing cancellation identities in protocol analysis under Exclusive-ORProceedings of the 2011 international conference on Theory of Security and Applications10.1007/978-3-642-27375-9_12(205-224)Online publication date: 31-Mar-2011
https://dl.acm.org/doi/10.1007/978-3-642-27375-9_12
Comon-Lundh HCortier VZălinescu E(2010)Deciding security properties for cryptographic protocols. application to key cyclesACM Transactions on Computational Logic10.1145/1656242.165624411:2(1-42)Online publication date: 22-Jan-2010
https://dl.acm.org/doi/10.1145/1656242.1656244
Baskar ARamanujam RSuresh S(2009)A dolev-yao model for zero knowledgeProceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy10.1007/978-3-642-10622-4_11(137-146)Online publication date: 14-Dec-2009
https://dl.acm.org/doi/10.1007/978-3-642-10622-4_11
Rosa-Velardo FDe Frutos-Escrig D(2007)Name creation vs. replication in Petri net systemsProceedings of the 28th international conference on Applications and theory of Petri nets and other models of concurrency10.5555/1769053.1769079(402-422)Online publication date: 25-Jun-2007
https://dl.acm.org/doi/10.5555/1769053.1769079
Doghmi SGuttman JThayer F(2007)Searching for shapes in cryptographic protocolsProceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems10.5555/1763507.1763561(523-537)Online publication date: 24-Mar-2007
https://dl.acm.org/doi/10.5555/1763507.1763561
Bursuc SComon-Lundh HDelaune S(2007)Associative-commutative deducibility constraintsProceedings of the 24th annual conference on Theoretical aspects of computer science10.5555/1763424.1763499(634-645)Online publication date: 22-Feb-2007
https://dl.acm.org/doi/10.5555/1763424.1763499
Baskar ARamanujam RSuresh SSamet D(2007)Knowledge-based modelling of voting protocolsProceedings of the 11th conference on Theoretical aspects of rationality and knowledge10.1145/1324249.1324261(62-71)Online publication date: 25-Jun-2007
https://dl.acm.org/doi/10.1145/1324249.1324261
Show More Cited By

View Options

View options

Figures

Tables

Media

View Issue’s Table of Contents