Decidability Issues for Extended Ping-Pong Protocols

We use some recent techniques from process algebra to draw several conclusions about the well-studied class of ping-pong protocols introduced by Dolev and Yao. In particular we show that all nontrivial properties, including reachability and equivalence checking wrt. the whole van Glabbeek’s spectrum, become undecidable for a very simple recursive extension of the protocol. The result holds even if no nondeterministic choice operator is allowed, but reachability is shown to be decidable in polynomial time if only two parties are participating in the protocol. We also show that the calculus is capable of an implicit description of the active intruder, including full analysis and synthesis of messages in the sense of Amadio, Lugiez, and Vanackère. We conclude by showing that reachability analysis for a replicative variant of the protocol becomes decidable.

[1]  Richard Mayr,et al.  Process rewrite systems , 1999, EXPRESS.

[2]  Witold Charatonik,et al.  On Name Generation and Set-Based Analysis in the Dolev-Yao Model , 2002, CONCUR.

[3]  Frank D. Valencia,et al.  On the expressive power of temporal concurrent constraint programming languages , 2002, PPDP '02.

[4]  Hans Hüttel,et al.  Recursion vs. Replication in Simple Cryptographic Protocols , 2004 .

[5]  Robin Milner,et al.  The Polyadic π-Calculus: a Tutorial , 1993 .

[6]  Roberto Gorrieri,et al.  Non Interference for the Analysis of Cryptographic Protocols , 2000, ICALP.

[7]  J. Richard Büchi Regular canonical systems , 1964 .

[8]  Frank D. Valencia,et al.  On the Expressiveness of Infinite Behavior and Name Scoping in Process Calculi , 2004, FoSSaCS.

[9]  Roberto M. Amadio,et al.  On the symbolic reduction of processes with cryptographic functions , 2003, Theor. Comput. Sci..

[10]  Martín Abadi,et al.  A Bisimulation Method for Cryptographic Protocols , 1998, Nord. J. Comput..

[11]  Vojtech Rehák,et al.  Extended Process Rewrite Systems: Expressiveness and Reachability , 2004, CONCUR.

[12]  Martín Abadi,et al.  Computing symbolic models for verifying cryptographic protocols , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[13]  A. N.A.DurginP.D.LincolnJ.C.Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[14]  Géraud Sénizergues,et al.  Decidability of bisimulation equivalence for equational graphs of finite out-degree , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[15]  Michele Boreale,et al.  Symbolic Trace Analysis of Cryptographic Protocols , 2001, ICALP.

[16]  Javier Esparza,et al.  Efficient Algorithms for Model Checking Pushdown Systems , 2000, CAV.

[17]  Maurizio Gabbrielli,et al.  Replication vs. Recursive Definitions in Channel Based Calculi , 2003, ICALP.

[18]  Richard M. Karp,et al.  On the Security of Ping-Pong Protocols , 1982, Inf. Control..

[19]  Faron Moller,et al.  Verification on Infinite Structures , 2001, Handbook of Process Algebra.

[20]  Michaël Rusinowitch,et al.  Protocol insecurity with a finite number of sessions, composed keys is NP-complete , 2003, Theor. Comput. Sci..

[21]  Hans Hüttel,et al.  Recursive Ping-Pong Protocols , 2003 .

[22]  Roberto M. Amadio,et al.  On the Reachability Problem in Cryptographic Protocols , 2000, CONCUR.

[23]  R. V. Glabbeek The Linear Time-Branching Time Spectrum I The Semantics of Concrete , Sequential ProcessesR , 2007 .

[24]  Javier Esparza,et al.  Reachability Analysis of Pushdown Automata: Application to Model-Checking , 1997, CONCUR.

[25]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).