Abstract
We use some recent techniques from process algebra to draw several conclusions about the well-studied class of ping-pong protocols introduced by Dolev and Yao. In particular we show that all nontrivial properties, including reachability and equivalence checking wrt. the whole van Glabbeek’s spectrum, become undecidable for a very simple recursive extension of the protocol. The result holds even if no nondeterministic choice operator is allowed, but reachability is shown to be decidable in polynomial time if only two parties are participating in the protocol. We also show that the calculus is capable of an implicit description of the active intruder, including full analysis and synthesis of messages in the sense of Amadio, Lugiez, and Vanackère. We conclude by showing that reachability analysis for a replicative variant of the protocol becomes decidable.
Similar content being viewed by others
References
Abadi, M. and Gordon, A. (1998) A bisimulation method for cryptographic protocols, Nord. J. Comput. 5(4), 267–303.
Amadio, R. and Charatonik, W. (2002) On name generation and set-based analysis in the Dolev-Yao model, in Proceedings of the 13th International Conference on Concurrency Theory (CONCUR’02), Vol. 2421 of LNCS, pp. 499–514.
Amadio, R. and Lugiez, D. (2000) On the reachability problem in cryptographic protocols, in Proceedings of the 11th International Conference on Concurrency Theory (CONCUR’00), Vol. 1877 of LNCS, pp. 380–394.
Amadio, R., Lugiez, D. and Vanackère, V. (2002) On the symbolic reduction of processes with cryptographic functions, Theor. Comp. Sci. 290(1), 695–740.
Boreale, M. (2001) Symbolic trace analysis of cryptographic protocols, in Proceedings of the 28th Colloquium on Automata, Languages and Programming (ICALP’01), Vol. 2076 of LNCS, pp. 667–681.
Bouajjani, A., Esparza, J. and Maler, O. (1997) Reachability analysis of pushdown automata: Application to model-checking, in Proceedings of the 8th International Conference on Concurrency Theory (CONCUR’97), Vol. 1243 of LNCS, pp. 135–150.
Büchi, J. (1964) Regular canonical systems, Arch. Math. Logik u. Grundlagen-forschung 6, 91–111.
Burkart, O., Caucal, D., Moller, F. and Steffen, B. (2001) Verification on infinite structures, in J. Bergstra, A. Ponse, and S. Smolka (eds.), Handbook of Process Algebra, Elsevier Science, Chap. 9, pp. 545–623.
Busi, N., Gabbrielli, M. and Zavattaro, G. (2003) Replication vs. recursive definitions in channel based calculi, in Proceedings of the 30th International Colloquium on Automata, Languages, and Programming (ICALP’03), Vol. 2719 of LNCS, pp. 133–144.
Dolev, D. and Yao, A. (1983) On the security of public key protocols, Trans. Inf. Theory IT-29(2), 198–208.
Dolev, D., Even, S. and Karp, R. (1982) On the security of ping-pong protocols, Inf. Control 55(1–3), 57–68.
Durgin, N., Lincoln, P., Mitchell, J. and Scedrov, A. (1999) Undecidability of bounded security protocols, in N. Heintze and E. Clarke (eds.), Proceedings of Workshop on Formal Methods and Security Protocols (FMSP’99).
Esparza, J., Hansel, D., Rossmanith, P. and Schwoon, S. (2000) Efficient algorithms for model checking pushdown systems, in Proceedings of the 12th International Conference on Computer Aided Verification (CAV’00), Vol. 1855 of LNCS, pp. 232–247.
Fiore, M. and Abadi, M. (2001) Computing symbolic models for verifying cryptographic protocols, in 14th IEEE Computer Security Foundations Workshop (CSFW ’01). Washington – Brussels – Tokyo, pp. 160–173.
Focardi, R., Gorrieri, R. and Martinelli, F. (2000) Non interference for the analysis of cryptographic protocols, in Proceedings of the 27th International Colloquium on Automata, Languages and Programming (ICALP’00), Vol. 1853 of LNCS, pp. 354–372.
Giambiagi, P., Schneider, G. and Valencia, F. (2004) On the expressiveness of infinite behavior and name scoping in process calculi, in Proceedings of the 7nd International Conference on Foundations of Software Science and Computation Structures (FOSSACS’04), Vol. 2987 of LNCS, pp. 226–240.
Hüttel, H. and Srba, J. (2004a) Recursion vs. replication in simple cryptographic protocols, Technical Report RS-04-23, BRICS Research Series.
Hüttel, H. and Srba, J. (2004b) Recursive pingpong protocols, in Proceedings of the 4th International Workshop on Issues in the Theory of Security (WITS’04), pp. 129–140.
Hüttel, H. and Srba, J. (2005) Recursion vs. replication in simple cryptographic protocols, in Proceedings of the 31st Annual Conference on Current Trends in Theory and Practice of Informatics (SOFSEM’05), Vol. 3381 of LNCS, pp. 175–184.
Křetínský, M., Řehák, V. and Strejček, J. (2004) Extended process rewrite systems: Expressiveness and reachability, in Proceedings of the 15th International Conference on Concurrency Theory (CONCUR’04), Vol. 3170 of LNCS, pp. 355–370.
Mayr, R. (2000) Process rewrite systems, Inf. Comput. 156(1), 264–286.
Milner, R. (1993) The polyadic picalculus: a tutorial, in F. L. Bauer, W. Brauer, and H. Schwichtenberg (eds.), Logic and Algebra of Specification, Springer, pp. 203–246.
Nielsen, M., Palamidessi, C. and Valencia, F. (2002) On the expressive power of temporal concurrent constraint programming languages, in Proceedings of the 4th ACM SIGPLAN International Conference on Principles and Practice of Declarative Programming, pp. 156–167.
Rusinowitch, M. and Turuani, M. (2003) Protocol insecurity with a finite number of sessions and composed keys is NP-complete, TCS: Theor. Comp. Sci. 299, 451–475.
Sénizergues, G. (1998) Decidability of bisimulation equivalence for equational graphs of finite outdegree, in Proceedings of the 39th Annual Symposium on Foundations of Computer Science (FOCS’98), pp. 120–129.
van Glabbeek, R. (2001) The linear time – branching time spectrum I: The semantics of concrete, sequential processes, in J. Bergstra, A. Ponse and S. Smolka (eds.), Handbook of Process Algebra, Elsevier Science, Chapt. 1, pp. 3–99.
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Hüttel, H., Srba, J. Decidability Issues for Extended Ping-Pong Protocols. J Autom Reasoning 36, 125–147 (2006). https://doi.org/10.1007/s10817-005-9015-9
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10817-005-9015-9