Skip to main content
Springer Nature Link
Log in

Verification of Security Protocols with a Bounded Number of Sessions Based on Resolution for Rigid Variables

  • Chapter
Formal to Practical Security

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5458))

  • 457 Accesses

Abstract

First-order logic resolution is a standard way to automate the verification of security protocols. However, it sometimes fails to produce security proofs for secure protocols because of the detection of false attacks. For the verification of a bounded number of sessions, false attacks can be avoided by introducing rigid variables. Unfortunately, this yields complicated resolution procedures. We show here that there is a simple translation of the security problem for a bounded number of sessions into first-order logic, that does not introduce false attacks. This is shown by translating clauses involving rigid variables into classical first-order clauses, while preserving satisfiability. We illustrate this approach by giving a complete and terminating strategy for a first-order logic fragment resulting from the above translation, that yields a decision procedure for a bounded number of sessions.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Allamigeon, X., Blanchet, B.: Reconstruction of Attacks against Cryptographic Protocols. In: 18th IEEE Work. on Computer Security Foundations, pp. 140–154 (2005)

    Google Scholar 

  2. Andrews, P.B.: Theorem proving via general matings. Journal of the ACM 28(2), 193–214 (1981)

    Article  MATH  Google Scholar 

  3. Bachmair, L., Ganzinger, H.: Resolution Theorem Proving. In: Handbook of Automated Reasoning, ch. 2, pp. 19–99. Elsevier/MIT Press (2001)

    Google Scholar 

  4. Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Work. on Computer Security Foundations, pp. 82–96 (2001)

    Google Scholar 

  5. Dershowitz, N., Jouannaud, J.-P.: Rewrite Systems. In: Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics (B), pp. 243–320. Elsevier/MIT Press (1990)

    Google Scholar 

  6. Cervesato, I., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: 12th IEEE Work. on Computer Security Foundations, pp. 55–69 (1999)

    Google Scholar 

  7. Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: 18th IEEE Symp. on Logic in Computer Science (LICS 2003), pp. 261–270 (2003)

    Google Scholar 

  8. Cohen, A.: Combined CPV-TLV Security Protocol Verifier. Master’s thesis, New York University (2004)

    Google Scholar 

  9. Comon-Lundh, H., Cortier, V.: Security properties: two agents are sufficient. Science of Computer Programming 50(1–3), 51–71 (2004)

    Article  MATH  Google Scholar 

  10. Comon-Lundh, H., Cortier, V., Zalinescu, E.: Deciding security properties for cryptographic protocols. Application to key cycles. ACM Transactions on Computational Logic (to appear)

    Google Scholar 

  11. Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: 18th IEEE Symp. on Logic in Computer Science (LICS 2003), pp. 271–280 (2003)

    Google Scholar 

  12. Delaune, S., Lin, H., Lynch, C.: Protocol verification via rigid/flexible resolution. In: Dershowitz, N., Voronkov, A. (eds.) LPAR 2007. LNCS(LNAI), vol. 4790, pp. 242–256. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  13. Fermüller, C.G., Leitsch, A., Hustadt, U., Tamet, T.: Resolution decision procedure. In: Handbook of Automated Reasoning, ch. 25. Elsevier and MIT Press (2001)

    Google Scholar 

  14. Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theoretical Computer Science 1-3(299), 451–475 (2003)

    Article  MATH  Google Scholar 

  15. Shmatikov, V.: Decidable analysis of cryptographic protocols with products and modular exponentiation. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 355–369. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  16. Weidenbach, C.: Towards an automatic analysis of security protocols in first-order logic. In: Ganzinger, H. (ed.) CADE 1999. LNCS, vol. 1632, pp. 314–328. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Research Center for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AIST), Japan

    Reynald Af feldt & Hubert Comon-Lundh

Authors
  1. Reynald Af feldt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Hubert Comon-Lundh
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. LORIA, Équipe Cassis, Bât. A, Campus Scientifique, BP 239, 54506, Vandoeuvre-lès-Nancy Cedex, France

    Véronique Cortier

  2. Centre de Recherche, INRIA Bordeaux – Sud-Ouest, Bât. A29, 351 Cours de la Libération, 33405, Talence, France

    Claude Kirchner

  3. Department of Philosophy, Keio University, 2-15-45 Mita, Minato-ku, 108-8345, Tokyo, Japan

    Mitsuhiro Okada

  4. 3-1 Morinosato Wakamiya Atsugi-shi, 243-0198, Kanagawa, Japan

    Hideki Sakurada

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

feldt, R.A., Comon-Lundh, H. (2009). Verification of Security Protocols with a Bounded Number of Sessions Based on Resolution for Rigid Variables. In: Cortier, V., Kirchner, C., Okada, M., Sakurada, H. (eds) Formal to Practical Security. Lecture Notes in Computer Science, vol 5458. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-02002-5_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-02002-5_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-02001-8

  • Online ISBN: 978-3-642-02002-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics