Undecidability of bounded security protocols

Using a multiset rewriting formalism with existen-tial quantiication, it is shown that protocol security remains undecidable even when rather severe restrictions are placed on protocols. In particular, even if data constructors, message depth, message width, number of distinct roles, role length, and depth of encryp-tion are bounded by constants, secrecy is an undecidable property. If protocols are further restricted to have no new data (nonces), then secrecy is dexptime-complete. Both lower bounds are obtained by encoding decision problems from existential Horn theories without function symbols into our protocol framework. The way that encryption and adversary behavior are used in the reduction sheds some light on protocol analysis.

[1]  Georg Gottlob,et al.  Complexity and expressive power of logic programming , 2001, CSUR.

[2]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[3]  Somesh Jha,et al.  Using state space exploration and a natural deduction style message derivation engine to verify security protocols , 1998, PROCOMET.

[4]  John Ulrich,et al.  Automated Analysis of Cryptographic Protocols Using Mur ' , 1997 .

[5]  J. Doug Tygar,et al.  A Model for Secure Protocols and Their Compositions , 1996, IEEE Trans. Software Eng..

[6]  A. W. Roscoe Modelling and verifying key-exchange protocols using CSP and FDR , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[7]  Serge Abiteboul,et al.  Foundations of Databases , 1994 .

[8]  Patrick Lincoln,et al.  Linear logic , 1992, SIGA.

[9]  Eitan M. Gurari,et al.  Introduction to the theory of computation , 1989 .

[10]  Neil Immerman,et al.  Relational Queries Computable in Polynomial Time , 1986, Inf. Control..

[11]  Oded Goldreich,et al.  On the security of multi-party ping-pong protocols , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[12]  Moshe Y. Vardi The complexity of relational query languages (Extended Abstract) , 1982, STOC '82.

[13]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[14]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.