Verification of cryptographic protocols: tagging enforces termination

In experiments with a resolution-based verification method for cryptographic protocols, we could enforce its termination by tagging, a syntactic transformation of messages that leaves attack-free executions invariant. In this paper, we generalize the experimental evidence: we prove that the verification method always terminates for tagged protocols.

[1]  Andrew D. Gordon,et al.  Authenticity by typing for security protocols , 2003 .

[2]  Bruno Blanchet,et al.  From Secrecy to Authenticity in Security Protocols , 2002, SAS.

[3]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[4]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.

[5]  Martín Abadi,et al.  Prudent Engineering Practice for Cryptographic Protocols , 1994, IEEE Trans. Software Eng..

[6]  A. W. Roscoe,et al.  Automating Data Independence , 2000, ESORICS.

[7]  Jonathan K. Millen,et al.  Proving secrecy is easy enough , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[8]  Flemming Nielson,et al.  Cryptographic Analysis in Cubic Time , 2001, Electron. Notes Theor. Comput. Sci..

[9]  Ramaswamy Ramanujam,et al.  Tagging Makes Secrecy Decidable with Unbounded Nonces as Well , 2003, FSTTCS.

[10]  Jean Goubault-Larrecq,et al.  A Method for Automatic Cryptographic Protocol Verification , 2000, IPDPS Workshops.

[11]  Gavin Lowe,et al.  Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR , 1996, Softw. Concepts Tools.

[12]  Simon S. Lam,et al.  A semantic model for authentication protocols , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  Gavin Lowe,et al.  A hierarchy of authentication specifications , 1997, Proceedings 10th Computer Security Foundations Workshop.

[14]  Maria Grazia Buscemi,et al.  A Framework for the Analysis of Security Protocols , 2002, CONCUR.

[15]  Simon S. Lamt A Semantic Model for Authentication , 1993 .

[16]  Rajeev Alur,et al.  A Temporal Logic of Nested Calls and Returns , 2004, TACAS.

[17]  Andrew William Roscoe,et al.  Proving security protocols with model checkers by data independence techniques , 1999 .

[18]  Peter J. Denning,et al.  Internet Besieged: Countering Cyberspace Scofflaws , 1997 .

[19]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[20]  Véronique Cortier,et al.  New Decidability Results for Fragments of First-Order Logic and Application to Cryptographic Protocols , 2003, RTA.

[21]  Flemming Nielson,et al.  Control-Flow Analysis in Cubic Time , 2001, ESOP.

[22]  Sandro Etalle,et al.  An Improved Constraint-Based System for the Verification of Security Protocols , 2002, SAS.

[23]  Witold Charatonik,et al.  On Name Generation and Set-Based Analysis in the Dolev-Yao Model , 2002, CONCUR.

[24]  Thomas Y. C. Woo,et al.  Authentication for distributed systems , 1997, Computer.

[25]  Owen Rees,et al.  Efficient and timely mutual authentication , 1987, OPSR.

[26]  A. W. Roscoe,et al.  Capturing parallel attacks within the data independence framework , 2002, Proceedings 15th IEEE Computer Security Foundations Workshop. CSFW-15.

[27]  F. Javier Thayer Fábrega,et al.  Strand spaces: proving security protocols correct , 1999 .

[28]  Steve A. Schneider,et al.  Towards automatic verification of authentication protocols on an unbounded network , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[29]  Bruno Blanchet,et al.  An efficient cryptographic protocol verifier based on prolog rules , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[30]  John C. Mitchell,et al.  Undecidability of bounded security protocols , 1999 .

[31]  Ernie Cohen TAPS: a first-order verifier for cryptographic protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[32]  John Mitchell,et al.  Tree Automata with One Memory, Set Constraints, and Ping-Pong Protocols , 2001, ICALP.

[33]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[34]  Martín Abadi,et al.  A logic of authentication , 1990, TOCS.

[35]  Jean Goubault-Larrecq A Method for Automatic Cryptographic Protocol Verification ( Extended , 2000 .

[36]  Christoph Weidenbach,et al.  Towards an Automatic Analysis of Security Protocols in First-Order Logic , 1999, CADE.

[37]  Gavin Lowe,et al.  How to prevent type flaw attacks on security protocols , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[38]  Joshua D. Guttman,et al.  Protocol independence through disjoint encryption , 2000, Proceedings 13th IEEE Computer Security Foundations Workshop. CSFW-13.

[39]  Giovanni Maria Sacco,et al.  Timestamps in key distribution protocols , 1981, CACM.