Skip to main content
SpringerLink
Log in

Decidability Issues for Extended Ping-Pong Protocols

  • Published:
Journal of Automated Reasoning Aims and scope Submit manuscript

Abstract

We use some recent techniques from process algebra to draw several conclusions about the well-studied class of ping-pong protocols introduced by Dolev and Yao. In particular we show that all nontrivial properties, including reachability and equivalence checking wrt. the whole van Glabbeek’s spectrum, become undecidable for a very simple recursive extension of the protocol. The result holds even if no nondeterministic choice operator is allowed, but reachability is shown to be decidable in polynomial time if only two parties are participating in the protocol. We also show that the calculus is capable of an implicit description of the active intruder, including full analysis and synthesis of messages in the sense of Amadio, Lugiez, and Vanackère. We conclude by showing that reachability analysis for a replicative variant of the protocol becomes decidable.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  • Abadi, M. and Gordon, A. (1998) A bisimulation method for cryptographic protocols, Nord. J. Comput. 5(4), 267–303.

    MATH  MathSciNet  Google Scholar 

  • Amadio, R. and Charatonik, W. (2002) On name generation and set-based analysis in the Dolev-Yao model, in Proceedings of the 13th International Conference on Concurrency Theory (CONCUR’02), Vol. 2421 of LNCS, pp. 499–514.

  • Amadio, R. and Lugiez, D. (2000) On the reachability problem in cryptographic protocols, in Proceedings of the 11th International Conference on Concurrency Theory (CONCUR’00), Vol. 1877 of LNCS, pp. 380–394.

  • Amadio, R., Lugiez, D. and Vanackère, V. (2002) On the symbolic reduction of processes with cryptographic functions, Theor. Comp. Sci. 290(1), 695–740.

    Article  Google Scholar 

  • Boreale, M. (2001) Symbolic trace analysis of cryptographic protocols, in Proceedings of the 28th Colloquium on Automata, Languages and Programming (ICALP’01), Vol. 2076 of LNCS, pp. 667–681.

  • Bouajjani, A., Esparza, J. and Maler, O. (1997) Reachability analysis of pushdown automata: Application to model-checking, in Proceedings of the 8th International Conference on Concurrency Theory (CONCUR’97), Vol. 1243 of LNCS, pp. 135–150.

  • Büchi, J. (1964) Regular canonical systems, Arch. Math. Logik u. Grundlagen-forschung 6, 91–111.

    Article  MATH  Google Scholar 

  • Burkart, O., Caucal, D., Moller, F. and Steffen, B. (2001) Verification on infinite structures, in J. Bergstra, A. Ponse, and S. Smolka (eds.), Handbook of Process Algebra, Elsevier Science, Chap. 9, pp. 545–623.

  • Busi, N., Gabbrielli, M. and Zavattaro, G. (2003) Replication vs. recursive definitions in channel based calculi, in Proceedings of the 30th International Colloquium on Automata, Languages, and Programming (ICALP’03), Vol. 2719 of LNCS, pp. 133–144.

  • Dolev, D. and Yao, A. (1983) On the security of public key protocols, Trans. Inf. Theory IT-29(2), 198–208.

    Article  MathSciNet  Google Scholar 

  • Dolev, D., Even, S. and Karp, R. (1982) On the security of ping-pong protocols, Inf. Control 55(1–3), 57–68.

    Article  MATH  MathSciNet  Google Scholar 

  • Durgin, N., Lincoln, P., Mitchell, J. and Scedrov, A. (1999) Undecidability of bounded security protocols, in N. Heintze and E. Clarke (eds.), Proceedings of Workshop on Formal Methods and Security Protocols (FMSP’99).

  • Esparza, J., Hansel, D., Rossmanith, P. and Schwoon, S. (2000) Efficient algorithms for model checking pushdown systems, in Proceedings of the 12th International Conference on Computer Aided Verification (CAV’00), Vol. 1855 of LNCS, pp. 232–247.

  • Fiore, M. and Abadi, M. (2001) Computing symbolic models for verifying cryptographic protocols, in 14th IEEE Computer Security Foundations Workshop (CSFW ’01). Washington – Brussels – Tokyo, pp. 160–173.

  • Focardi, R., Gorrieri, R. and Martinelli, F. (2000) Non interference for the analysis of cryptographic protocols, in Proceedings of the 27th International Colloquium on Automata, Languages and Programming (ICALP’00), Vol. 1853 of LNCS, pp. 354–372.

  • Giambiagi, P., Schneider, G. and Valencia, F. (2004) On the expressiveness of infinite behavior and name scoping in process calculi, in Proceedings of the 7nd International Conference on Foundations of Software Science and Computation Structures (FOSSACS’04), Vol. 2987 of LNCS, pp. 226–240.

  • Hüttel, H. and Srba, J. (2004a) Recursion vs. replication in simple cryptographic protocols, Technical Report RS-04-23, BRICS Research Series.

  • Hüttel, H. and Srba, J. (2004b) Recursive pingpong protocols, in Proceedings of the 4th International Workshop on Issues in the Theory of Security (WITS’04), pp. 129–140.

  • Hüttel, H. and Srba, J. (2005) Recursion vs. replication in simple cryptographic protocols, in Proceedings of the 31st Annual Conference on Current Trends in Theory and Practice of Informatics (SOFSEM’05), Vol. 3381 of LNCS, pp. 175–184.

  • Křetínský, M., Řehák, V. and Strejček, J. (2004) Extended process rewrite systems: Expressiveness and reachability, in Proceedings of the 15th International Conference on Concurrency Theory (CONCUR’04), Vol. 3170 of LNCS, pp. 355–370.

  • Mayr, R. (2000) Process rewrite systems, Inf. Comput. 156(1), 264–286.

    Google Scholar 

  • Milner, R. (1993) The polyadic picalculus: a tutorial, in F. L. Bauer, W. Brauer, and H. Schwichtenberg (eds.), Logic and Algebra of Specification, Springer, pp. 203–246.

  • Nielsen, M., Palamidessi, C. and Valencia, F. (2002) On the expressive power of temporal concurrent constraint programming languages, in Proceedings of the 4th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming, pp. 156–167.

  • Rusinowitch, M. and Turuani, M. (2003) Protocol insecurity with a finite number of sessions and composed keys is NP-complete, TCS: Theor. Comp. Sci. 299, 451–475.

    Google Scholar 

  • Sénizergues, G. (1998) Decidability of bisimulation equivalence for equational graphs of finite outdegree, in Proceedings of the 39th Annual Symposium on Foundations of Computer Science (FOCS’98), pp. 120–129.

  • van Glabbeek, R. (2001) The linear time – branching time spectrum I: The semantics of concrete, sequential processes, in J. Bergstra, A. Ponse and S. Smolka (eds.), Handbook of Process Algebra, Elsevier Science, Chapt. 1, pp. 3–99.

Download references

Author information

Authors and Affiliations

  1. Basic Research in Computer Science, Centre of the Danish National Research Foundation, Aalborg East, Denmark

    Hans Hüttel & Jiří Srba

  2. Department of Computer Science, University of Aalborg, Fredrik Bajersvej 7B, 9220, Aalborg East, Denmark

    Hans Hüttel & Jiří Srba

Authors
  1. Hans Hüttel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jiří Srba
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hans Hüttel.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Hüttel, H., Srba, J. Decidability Issues for Extended Ping-Pong Protocols. J Autom Reasoning 36, 125–147 (2006). https://doi.org/10.1007/s10817-005-9015-9

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10817-005-9015-9

Key words

Search

Navigation