On the symbolic reduction of processes with cryptographic functions

We study the reachability problem for cryptographic protocols represented as processes relying on perfect cryptographic functions. We introduce a symbolic reduction system that can handle hashing functions, symmetric keys, and public keys. Desirable properties such as secrecy or authenticity are specified by inserting logical assertions in the processes.We show that the symbolic reduction system provides a flexible decision procedure for finite processes and a reference for sound implementations. The symbolic reduction system can be regarded as a variant of syntactic unification which is compatible with certain set-membership constraints. For a significant fragment of our formalism, we argue that a dag implementation of the symbolic reduction system leads to an algorithm running in NPTIME thus matching the lower bound of the problem.In the case of iterated or finite control processes, we show that the problem is undecidable in general and in PTIME for a subclass of iterated processes that do not rely on pairing. Our technique is based on rational transductions of regular languages and it applies to a class of processes containing the ping-pong protocols presented in Dolev et al. (Inform. Comput. (55) (1982) 57).

[1]  Roberto M. Amadio,et al.  On the Reachability Problem in Cryptographic Protocols , 2000, CONCUR.

[2]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[3]  David Monniaux,et al.  Abstracting cryptographic protocols with tree automata , 1999, Sci. Comput. Program..

[4]  Michel Bidoit,et al.  A Rehabilitation of Robinson's Unification Algorithm , 1983, IFIP Congress.

[5]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[6]  Jeffrey D. Ullman,et al.  Introduction to Automata Theory, Languages and Computation , 1979 .

[7]  Christoph Weidenbach,et al.  Towards an Automatic Analysis of Security Protocols in First-Order Logic , 1999, CADE.

[8]  J. R. Büchi Regular Canonical Systems , 1964 .

[9]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[10]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[11]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Inf. Control..

[12]  Lawrence C. Paulson,et al.  Proving properties of security protocols by induction , 1997, Proceedings 10th Computer Security Foundations Workshop.

[13]  Jean Goubault-Larrecq,et al.  A Method for Automatic Cryptographic Protocol Verification , 2000, IPDPS Workshops.

[14]  Didier Caucal,et al.  On the Regular Structure of Prefix Rewriting , 1990, Theor. Comput. Sci..

[15]  Martín Abadi,et al.  Reconciling Two Views of Cryptography (The Computational Soundness of Formal Encryption)* , 2000, Journal of Cryptology.

[16]  Roberto M. Amadio,et al.  The Game of the Name in Cryptographic Tables , 1999, ASIAN.

[17]  Gavin Lowe Towards a Completeness Result for Model Checking of Security Protocols (Extended Abstract) , 1998 .

[18]  Witold Charatonik,et al.  On Name Generation and Set-Based Analysis in the Dolev-Yao Model , 2002, CONCUR.

[19]  Michaël Rusinowitch,et al.  Compiling and Verifying Security Protocols , 2000, LPAR.

[20]  Dominique Bolignano An approach to the formal verification of cryptographic protocols , 1996, CCS '96.

[21]  David A. Basin Lazy Infinite-State Analysis of Security Protocols , 1999, CQRE.

[22]  John Mitchell,et al.  Tree Automata with One Memory, Set Constraints, and Ping-Pong Protocols , 2001, ICALP.

[23]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[24]  John C. Mitchell,et al.  Automated analysis of cryptographic protocols using Mur/spl phi/ , 1997, Proceedings. 1997 IEEE Symposium on Security and Privacy (Cat. No.97CB36097).

[25]  Tobias Nipkow,et al.  Term rewriting and all that , 1998 .

[26]  Rocco De Nicola,et al.  Proof techniques for cryptographic processes , 1999, Proceedings. 14th Symposium on Logic in Computer Science (Cat. No. PR00158).

[27]  Roberto Gorrieri,et al.  A compiler for analyzing cryptographic protocols using noninterference , 2000, TSEM.

[28]  Somesh Jha,et al.  Using state space exploration and a natural deduction style message derivation engine to verify security protocols , 1998, PROCOMET.