Abstract
Security protocols aim at securing communications over public networks. Their design is notoriously difficult and error-prone. Formal methods have shown their usefulness for providing a careful security analysis in the case of standard authentication and confidentiality protocols. However, most current techniques do not apply to protocols that perform recursive computation e.g. on a list of messages received from the network.
While considering general recursive input/output actions very quickly yields undecidability, we focus on protocols that perform recursive tests on received messages but output messages that depend on the inputs in a standard way. This is in particular the case of secured routing protocols, distributed right delegation or PKI certification paths. We provide NPTIME decision procedures for protocols with recursive tests and for a bounded number of sessions. We also revisit constraint system solving, providing a complete symbolic representation of the attacker knowledge.
This work has been partially supported by the project ANR-07-SESU-002 AVOTÉ. The research leading to these results has also received funding from the European Research Council under the European Union’s Seventh Framework Programme (FP7/2007-2013) / ERC grant agreement number 258865 (ERC ProSecure project).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Abadi, M., Cortier, V.: Deciding knowledge in security protocols under equational theories. Theoretical Computer Science 387(1-2), 2–32 (2006)
Andel, T.R., Yasinsac, A.: Automated security analysis of ad hoc routing protocols. In: Proc. of the Joint Workshop on Foundations of Computer Security and Automated Reasoning for Security Protocol Analysis (FCS-ARSPA 2007), pp. 9–26 (2007)
Armando, A., Basin, D., Boichut, Y., Chevalier, Y., Compagna, L., Cuellar, J., Drielsma, P.H., Heám, P.C., Kouchnarenko, O., Mantovani, J., Mödersheim, S., von Oheimb, D., Rusinowitch, M., Santiago, J., Turuani, M., Viganò, L., Vigneron, L.: The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)
Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Tobarra, M.L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Proc. of the 6th ACM Workshop on Formal Methods in Security Engineering (FMSE 2008), pp. 1–10 (2008)
Arnaud, M., Cortier, V., Delaune, S.: Deciding security for protocols with recursive tests. Research Report LSV-11-05, Laboratoire Spécification et Vérification, ENS Cachan, France, p. 46 (April 2011)
Asokan, N., Ginzboorg, P.: Key agreement in ad hoc networks. Computer Communications 23(17), 1627–1637 (2000)
Aura, T.: Distributed access-rights management with delegation certificates. In: Ryan, M. (ed.) Secure Internet Programming. LNCS, vol. 1603, pp. 211–235. Springer, Heidelberg (1999)
Blanchet, B.: An automatic security protocol verifier based on resolution theorem proving (invited tutorial). In: Nieuwenhuis, R. (ed.) CADE 2005. LNCS (LNAI), vol. 3632, Springer, Heidelberg (2005)
Buttyán, L., Vajda, I.: Towards Provable Security for Ad Hoc Routing Protocols. In: Proc. of the 2nd ACM workshop on Security of ad hoc and sensor networks (SASN 2004), pp. 94–105. ACM, New York (2004)
Chridi, N., Turuani, M., Rusinowitch, M.: Decidable analysis for a class of cryptographic group protocols with unbounded lists. In: Proc. of the 22nd IEEE Computer Security Foundations Symposium (CSF 2009), pp. 277–289 (2009)
Comon-Lundh, H., Cortier, V., Zalinescu, E.: Deciding security properties for cryptographic protocols. Application to key cycles. ACM Transactions on Computational Logic (TOCL) 11(4), 496–520 (2010)
Feng, T., Guo, X., Ma, J., Li, X.: UC-Secure Source Routing Protocol (2009)
Housley, R., Ford, W., Polk, W.: X.509 certificate and CRL profile. IETF standard, RFC 2459 (1998)
Hu, Y.-C., Perrig, A., Johnson, D.: Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks. Wireless Networks 11, 21–38 (2005)
Küsters, R., Truderung, T.: On the Automatic Analysis of Recursive Security Protocols with XOR. In: Thomas, W., Weil, P. (eds.) STACS 2007. LNCS, vol. 4393, pp. 646–657. Springer, Heidelberg (2007)
Küsters, R., Wilke, T.: Automata-Based Analysis of Recursive Cryptographic Protocols. In: Diekert, V., Habib, M. (eds.) STACS 2004. LNCS, vol. 2996, pp. 382–393. Springer, Heidelberg (2004)
Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)
Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc. of the 8th ACM Conference on Computer and Communications Security (CCS 2001), pp. 166–175 (2001)
Paulson, L.C.: Mechanized proofs for a recursive authentication protocol. In: Proc. of the 10th IEEE Computer Security Foundations Workshop, pp. 84–95. IEEE Computer Society Press, Los Alamitos (1997)
Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions is NP-complete. In: Proc. of the 14th Computer Security Foundations Workshop (CSFW 2001), pp. 174–190. IEEE Computer Society Press, Los Alamitos (2001)
Truderung, T.: Selecting theories and recursive protocols. In: Abadi, M., de Alfaro, L. (eds.) CONCUR 2005. LNCS, vol. 3653, pp. 217–232. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Arnaud, M., Cortier, V., Delaune, S. (2011). Deciding Security for Protocols with Recursive Tests. In: Bjørner, N., Sofronie-Stokkermans, V. (eds) Automated Deduction – CADE-23. CADE 2011. Lecture Notes in Computer Science(), vol 6803. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-22438-6_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-22438-6_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-22437-9
Online ISBN: 978-3-642-22438-6
eBook Packages: Computer ScienceComputer Science (R0)