Affiliation:
1. ENS CACHAN and Research Center for Information Security, AIST
2. LORIA, CNRS, Université Henri Poincaré, and INRIA Project CASSIS
3. MSR-INRIA Joint Centre, Orsay
Abstract
There is a large amount of work dedicated to the formal verification of security protocols. In this article, we revisit and extend the NP-complete decision procedure for a bounded number of sessions. We use a, now standard, deducibility constraint formalism for modeling security protocols. Our first contribution is to give a simple set of constraint simplification rules, that allows to reduce any deducibility constraint to a set of
solved forms
, representing all solutions (within the bound on sessions).
As a consequence, we prove that deciding the existence of key cycles is NP-complete for a bounded number of sessions. The problem of key-cycles has been put forward by recent works relating computational and symbolic models. The so-called
soundness
of the symbolic model requires indeed that no key cycle (e.g., enc(k, k)) ever occurs in the execution of the protocol. Otherwise, stronger security assumptions (such as KDM-security) are required.
We show that our decision procedure can also be applied to prove again the decidability of authentication-like properties and the decidability of a significant fragment of protocols with timestamps.
Publisher
Association for Computing Machinery (ACM)
Subject
Computational Mathematics,Logic,General Computer Science,Theoretical Computer Science
Cited by
25 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献