Protocol insecurity with a finite number of sessions, composed keys is NP-complete

We investigate the complexity of the protocol insecurity problem for a finite number of sessions (fixed number of interleaved runs). We show that this problem is NP-complete with respect to a Dolev?Yao model of intruders. The result does not assume a limit on the size of messages and supports non-atomic symmetric encryption keys. We also prove that in order to build an attack with a fixed number of sessions the intruder needs only to forge messages of linear size, provided that they are represented as dags.

[1]  Gavin Lowe Analyzing a Library of Security Protocols using Casper and FDR , 1999 .

[2]  Gavin Lowe Casper: a compiler for the analysis of security protocols , 1998 .

[3]  Jonathan K. Millen,et al.  CAPSL: Common Authentication Protocol Specification Language , 1996, NSPW '96.

[4]  Michaël Rusinowitch,et al.  Compiling and Verifying Security Protocols , 2000, LPAR.

[5]  Alan Bundy,et al.  Proofs About Lists Using Ellipsis , 1999, LPAR.

[6]  Somesh Jha,et al.  Using state space exploration and a natural deduction style message derivation engine to verify security protocols , 1998, PROCOMET.

[7]  Oded Goldreich,et al.  On the security of multi-party ping-pong protocols , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[8]  Lawrence C. Paulson,et al.  The Inductive Approach to Verifying Cryptographic Protocols , 2021, J. Comput. Secur..

[9]  Roberto M. Amadio,et al.  On the Reachability Problem in Cryptographic Protocols , 2000, CONCUR.

[10]  John C. Mitchell,et al.  A meta-notation for protocol analysis , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[11]  Gavin Lowe,et al.  Casper: a compiler for the analysis of security protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[12]  Catherine A. Meadows,et al.  The NRL Protocol Analyzer: An Overview , 1996, J. Log. Program..

[13]  David A. Basin Lazy Infinite-State Analysis of Security Protocols , 1999, CQRE.

[14]  Danny Dolev,et al.  On the security of public key protocols , 1981, 22nd Annual Symposium on Foundations of Computer Science (sfcs 1981).

[15]  Dominique Bolignano Towards the formal verification of electronic commerce protocols , 1997, Proceedings 10th Computer Security Foundations Workshop.

[16]  John A. Clark,et al.  A survey of authentication protocol literature: Version 1.0 , 1997 .

[17]  Vitaly Shmatikov,et al.  Constraint solving for bounded-process cryptographic protocol analysis , 2001, CCS '01.

[18]  John Mitchell,et al.  Tree Automata with One Memory, Set Constraints, and Ping-Pong Protocols , 2001, ICALP.

[19]  Yannick Chevalier,et al.  A tool for lazy verification of security protocols , 2001, Proceedings 16th Annual International Conference on Automated Software Engineering (ASE 2001).

[20]  Jean Goubault-Larrecq A Method for Automatic Cryptographic Protocol Verification ( Extended , 2000 .

[21]  A. W. Roscoe Modelling and verifying key-exchange protocols using CSP and FDR , 1995, Proceedings The Eighth IEEE Computer Security Foundations Workshop.

[22]  G. Denker,et al.  CAPSL integrated protocol environment , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[23]  Yannick Chevalier,et al.  Towards Efficient Automated Verification of Security Protocols , 2001 .

[24]  J. MeseguerComputer Protocol Speci cation and Analysis in Maude , 1998 .

[25]  Steve A. Schneider Verifying authentication protocols with CSP , 1997, Proceedings 10th Computer Security Foundations Workshop.

[26]  Jean Goubault-Larrecq,et al.  A Method for Automatic Cryptographic Protocol Verification , 2000, IPDPS Workshops.

[27]  Michaël Rusinowitch,et al.  Protocol insecurity with finite number of sessions is NP-complete , 2001, Proceedings. 14th IEEE Computer Security Foundations Workshop, 2001..

[28]  Antti Huima Efficient Infinite-State Analysis of Security Protocols , 1999 .