Improving techniques for proving undecidability of checking cryptographic protocols (original) (raw)
Related papers
2008
Existing undecidability proofs of checking secrecy of cryptographic protocols have the limitations of not considering protocols common in literature, which are in the form of communication sequences, since only protocols as non-matching roles are considered, and not considering an attacker who is an insider since only an outsider attacker is considered. Therefore the complexity of checking the realistic attacks, such as the attack to the public key Needham-Schroeder protocol, is unknown. The limitations have been observed independently and described similarly by Froschle in a recently published paper [1], where two open problems are posted. This paper investigates these limitations, and we present a generally applicable approach by reductions with novel features from the reachability problem of 2-counter machines, and we solve the two open problems. We also prove the undecidability of checking authentication which is the first detailed proof to the best of our knowledge. A unique fe...
Secrecy Checking of Protocols : Solution of an Open Problem
This paper proves the undecidability of an open problem on the complexity of checking secrecy of cryptographic protocols due to Durgin, Lincoln and Mitchell. The proof is by a reduction from 2-counter machines to protocols, and we prove both directions of the reduction in detail. The modeling and proof method are generally applicable and can be conveniently adapted to solve other problems about the complexity analysis of checking properties of protocols.
Decidability and Complexity Results for Security Protocols
Verification of Infinite-State Systems with Applications to Security, 2005
Abstract. Security protocols are prescribed sequences of interactio ns between entities designed to provide various security services acros s distributed systems. Security protocols are often wrong due to the extremely subtle properties they are supposed to ensure. Deciding whether or not a security protocol assures secrecy is one of the main challenge in this area. In this paper we survey
Mechanized Proofs of Security Protocols: Needham-Schroeder with Public Keys
1997
The inductive approach to verifying security protocols, previously applied to shared-key encryption , is here applied to the public key version of the Needham-Schroeder protocol. As before, mechanized proofs are performed using Isabelle/HOL. Both the original, flawed version and Lowe's improved version are studied; the properties proved highlight the distinctions between the two versions. The results are compared with previous analyses of the same protocol. The analysis reported below required only 30 hours of the author's time. The proof scripts execute in under three minutes.
On the Decidability of (ground) Reachability Problems for Cryptographic Protocols (extended version)
Analysis of cryptographic protocols in a symbolic model is relative to a deduction system that models the possible actions of an attacker regarding an execution of this protocol. We present in this paper a transformation algorithm for such deduction systems provided the equational theory has the finite variant property. the termination of this transformation entails the decidability of the ground reachability problems. We prove that it is necessary to add one other condition to obtain the decidability of non-ground problems, and provide one new such criterion.
On the Decidability of (ground) Reachability Problems for Cryptographic Protocols
2009
Analysis of cryptographic protocols in a symbolic model is relative to a deduction system that models the possible actions of an attacker regarding an execution of this protocol. We present in this paper a transformation algorithm for such deduction systems provided the equational theory has the finite variant property. the termination of this transformation entails the decidability of the ground reachability problems. We prove that it is necessary to add one other condition to obtain the decidability of non-ground problems, and provide one new such criterion.
A Semi-Decidable Procedure for Secrecy in Cryptographic Protocols
In this paper, we present a new semi-decidable procedure to analyze cryptographic protocols for the property of secrecy based on a new class of functions that we call: the Witness-Functions. A Witness-Function is a raliable function that guarantees the secrecy in any protocol proved increasing once analyzed by it. Hence, the problem of correctness becomes a problem of protocol growth. A Witness-Function operates on derivative messages in a role-based specification and introduces new derivation techniques. We give here the technical aspects of the Witness-Functions and we show how to use them in a semi-decidable procedure. Then, we analyze a variation of Needham-Schroeder protocol and we show that a Witness-Function can also help to teach about flaws. Finally, we analyze the NSL protocol and we prove that it is correct with respect to secrecy.
Computationally Sound, Automated Proofs for Security Protocols
Lecture Notes in Computer Science, 2005
Since the 1980s, two approaches have been developed for analyzing security protocols. One of the approaches relies on a computational model that considers issues of complexity and probability. This approach captures a strong notion of security, guaranteed against all probabilistic polynomial-time attacks. The other approach relies on a symbolic model of protocol executions in which cryptographic primitives are treated as black boxes. Since the seminal work of Dolev and Yao, it has been realized that this latter approach enables significantly simpler and often automated proofs. However, the guarantees that it offers have been quite unclear.
The faithfulness of abstract protocol analysis: Message authentication
2001
Dolev and Yao initiated an approach to studying cryptographic pro-tocols which abstracts from possible problems with the cryptography so as to focus on the structural aspects of the protocol. Recent work inthis framework has developed easily applicable methods to determine many security properties of protocols. A separate line of work, initi-ated by Bellare and Rogaway, analyzes the way specific cryptographic primitives are used in protocols. It gives asymptotic bounds on therisk of failures of secrecy or authentication.
Approaches to Formal Verification of Security Protocols
Computing Research Repository, 2011
In recent times, many protocols have been proposed to provide security for various information and communication systems. Such protocols must be tested for their functional correctness before they are used in practice. Application of formal methods for verification of security protocols would enhance their reliability thereby, increasing the usability of systems that employ them. Thus, formal verification of security protocols has become a key issue in computer and communications security. In this paper we present, analyze and compare some prevalent approaches towards verification of secure systems. We follow the notion of -same goal through different approaches -as we formally analyze the Needham Schroeder Public Key protocol for Lowe's attack using each of our presented approaches.