Narrowing terminates for encryption

Many techniques for protocol analysis use term replacement rules to express the reduction properties of symbolic encryption operations. Some approaches must solve equations in those operators, using sequences of narrowing steps. It is shown that every infinite sequence of narrowing steps for popular abstract encryption operators has a loop, and hence there is a terminating algorithm to solve such equations by searching all sequences of narrowing steps.

[1]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[2]  Natsume Matsuzaki,et al.  Key Distribution Protocol for Digital Mobile Communication Systems , 1989, CRYPTO.

[3]  Gustavus J. Simmons,et al.  Cryptanalysis and protocol failures , 1994, CACM.

[4]  James W. Gray,et al.  Using temporal logic to specify and verify cryptographic protocols , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[5]  Richard A. Kemmerer,et al.  Analyzing encryption protocols using formal verification techniques , 1989, IEEE J. Sel. Areas Commun..

[6]  Gavin Lowe,et al.  An Attack on the Needham-Schroeder Public-Key Authentication Protocol , 1995, Inf. Process. Lett..

[7]  A. W. Roscoe Modelling and verifying key-exchange protocols using CSP and FDR , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[8]  Andrew William Roscoe,et al.  Model-checking CSP , 1994 .

[9]  Gavin Lowe,et al.  Some new attacks upon security protocols , 1996, Proceedings 9th IEEE Computer Security Foundations Workshop.

[10]  Catherine A. Meadows,et al.  Using narrowing in the analysis of key management protocols , 1989, Proceedings. 1989 IEEE Symposium on Security and Privacy.

[11]  Jonathan K. Millen,et al.  The Interrogator model , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[12]  Jim Woodcock,et al.  Non-interference through Determinism , 1994, J. Comput. Secur..