Skip to main content

Deciding Security for Protocols with Recursive Tests

  • Conference paper
Automated Deduction – CADE-23 (CADE 2011)

Part of the book series: Lecture Notes in Computer Science ((LNAI,volume 6803))

Included in the following conference series:

  • 1023 Accesses

Abstract

Security protocols aim at securing communications over public networks. Their design is notoriously difficult and error-prone. Formal methods have shown their usefulness for providing a careful security analysis in the case of standard authentication and confidentiality protocols. However, most current techniques do not apply to protocols that perform recursive computation e.g. on a list of messages received from the network.

While considering general recursive input/output actions very quickly yields undecidability, we focus on protocols that perform recursive tests on received messages but output messages that depend on the inputs in a standard way. This is in particular the case of secured routing protocols, distributed right delegation or PKI certification paths. We provide NPTIME decision procedures for protocols with recursive tests and for a bounded number of sessions. We also revisit constraint system solving, providing a complete symbolic representation of the attacker knowledge.

This work has been partially supported by the project ANR-07-SESU-002 AVOTÉ. The research leading to these results has also received funding from the European Research Council under the European Union’s Seventh Framework Programme (FP7/2007-2013) / ERC grant agreement number 258865 (ERC ProSecure project).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoretical Computer Science 387(1-2), 2–32 (2006)

    Article  MATH  MathSciNet  Google Scholar 

  2. Andel, T.R., Yasinsac, A.: Automated security analysis of ad hoc routing protocols. In: Proc. of the Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA 2007), pp. 9–26 (2007)

    Google Scholar 

  3. Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  4. Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Tobarra, M.L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proc. of the 6th ACM Workshop on Formal Methods in Security Engineering (FMSE 2008), pp. 1–10 (2008)

    Google Scholar 

  5. Arnaud, M., Cortier, V., Delaune, S.: Deciding security for protocols with recursive tests. Research Report LSV-11-05, Laboratoire Spécification et Vérification, ENS Cachan, France, p. 46 (April 2011)

    Google Scholar 

  6. Asokan, N., Ginzboorg, P.: Key agreement in ad hoc networks. Computer Communications 23(17), 1627–1637 (2000)

    Article  Google Scholar 

  7. Aura, T.: Distributed access-rights management with delegation certificates. In: Ryan, M. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 211–235. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  8. Blanchet, B.: An automatic security protocol verifier based on resolution theorem proving (invited tutorial). In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, Springer, Heidelberg (2005)

    Google Scholar 

  9. Buttyán, L., Vajda, I.: Towards Provable Security for Ad Hoc Routing Protocols. In: Proc. of the 2nd ACM workshop on Security of ad hoc and sensor networks (SASN 2004), pp. 94–105. ACM, New York (2004)

    Chapter  Google Scholar 

  10. Chridi, N., Turuani, M., Rusinowitch, M.: Decidable analysis for a class of cryptographic group protocols with unbounded lists. In: Proc. of the 22nd IEEE Computer Security Foundations Symposium (CSF 2009), pp. 277–289 (2009)

    Google Scholar 

  11. Comon-Lundh, H., Cortier, V., Zalinescu, E.: Deciding security properties for cryptographic protocols. Application to key cycles. ACM Transactions on Computational Logic (TOCL) 11(4), 496–520 (2010)

    MATH  MathSciNet  Google Scholar 

  12. Feng, T., Guo, X., Ma, J., Li, X.: UC-Secure Source Routing Protocol (2009)

    Google Scholar 

  13. Housley, R., Ford, W., Polk, W.: X.509 certificate and CRL profile. IETF standard, RFC 2459 (1998)

    Google Scholar 

  14. Hu, Y.-C., Perrig, A., Johnson, D.: Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks. Wireless Networks 11, 21–38 (2005)

    Article  Google Scholar 

  15. Küsters, R., Truderung, T.: On the Automatic Analysis of Recursive Security Protocols with XOR. In: Thomas, W., Weil, P. (eds.) STACS 2007. LNCS, vol. 4393, pp. 646–657. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  16. Küsters, R., Wilke, T.: Automata-Based Analysis of Recursive Cryptographic Protocols. In: Diekert, V., Habib, M. (eds.) STACS 2004. LNCS, vol. 2996, pp. 382–393. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  17. Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)

    Chapter  Google Scholar 

  18. Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc. of the 8th ACM Conference on Computer and Communications Security (CCS 2001), pp. 166–175 (2001)

    Google Scholar 

  19. Paulson, L.C.: Mechanized proofs for a recursive authentication protocol. In: Proc. of the 10th IEEE Computer Security Foundations Workshop, pp. 84–95. IEEE Computer Society Press, Los Alamitos (1997)

    Google Scholar 

  20. Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions is NP-complete. In: Proc. of the 14th Computer Security Foundations Workshop (CSFW 2001), pp. 174–190. IEEE Computer Society Press, Los Alamitos (2001)

    Chapter  Google Scholar 

  21. Truderung, T.: Selecting theories and recursive protocols. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 217–232. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2011 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Arnaud, M., Cortier, V., Delaune, S. (2011). Deciding Security for Protocols with Recursive Tests. In: Bjørner, N., Sofronie-Stokkermans, V. (eds) Automated Deduction – CADE-23. CADE 2011. Lecture Notes in Computer Science(), vol 6803. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22438-6_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-22438-6_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-22437-9

  • Online ISBN: 978-3-642-22438-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics