On Name Generation and Set-Based Analysis in the Dolev-Yao Model
We study the control reachability problem in the Dolev-Yao model of cryptographic protocols when principals are represented by tail recursive processes with generated names. We propose a conservative approximation of the problem by reduction to a non-standard collapsed operational semantics and we introduce checkable syntactic conditions entailing the equivalence of the standard and the collapsed semantics. Then we introduce a conservative and decidable set-based analysis of the collapsed operational semantics and we characterize a situation where the analysis is exact.
Keywordscryptographic protocols name generation verification set constraints
Unable to display preview. Download preview PDF.
- [ALV01]R. Amadio, D. Lugiez, and V. Vanackere. On the symbolic reduction of processes with cryptographic functions. Theoretical Computer Science (to appear). Also RR 4147, INRIA.Google Scholar
- [AC02]R. Amadio, W. Charatonik. On name generation and set-based analysis in the Dolev-Yao model. RR-INRIA 4379, January 2002.Google Scholar
- [AM01]R. Amadio, C. Meyssonnier. On the decidability of fragments of the asynchronous π-calculus. Journal of Nordic Computing (to appear). Also RRINRIA 4241.Google Scholar
- [CP97]W. Charatonik and A. Podelski. Set constraints with intersection. In Proc. 12th IEEE LICS, 1997.Google Scholar
- [CPT00]W. Charatonik, A. Podelski, and J.-M. Talbot. Paths vs. trees in set-based program analysis. In Proc. 27th Annual ACM POPL, 2000.Google Scholar
- [CCM01]H. Comon, V. Cortier, and J. Mitchell. Tree automata with one memory, set constraints, and ping-pong protocols. In Proc. ICALP, Springer Lecture Notes in Comp. Sci. 2076, 2001.Google Scholar
- [CJ97]J. Clark and J. Jacob. A survey of authentication protocol literature: Version 1.0. Available at http://www-users.cs.york.ac.uk/~jac/ papers/drareview.ps.gz, 1997.
- [DLMS99]N. Durgin, P. Lincoln, J. Mitchell, and A. Scedrov. Undecidability of bounded security protocols. In Proc. Formal methods and security protocols, FLOC Workshop, Trento, 1999.Google Scholar
- [GK00]T. Genet and F. Klay. Rewriting for cryptographic protocol verification. In Proc. CADE, Springer Lecture Notes in Comp. Sci. 1831, 2000.Google Scholar
- [Gou00]J. Goubault. A method for automatic cryptographic protocol verification. In Proc. FMPPTA, Springer-Verlag, 2000.Google Scholar
- [HJ90]N. Heintze and J. Jaffar. A decision procedure for a class of set constraints (extended abstract). In Proc. 5th IEEE LICS, 1990.Google Scholar
- [HJ94]N. Heintze and J. Jaffar. Set constraints and set-based analysis. In Proc. Workshop on Principles and Practice of Constraint Programming, Springer Lecture Notes in Comp. Sci. 874, 1994.Google Scholar
- [Mon99]D. Monniaux. Abstracting cryptographic protocols with tree automata. In Proc. Static Analysis Symposium, Springer Lect. Notes in Comp. Sci., 1999.Google Scholar
- [RT01]M. Rusinowitch and M. Turuani Protocol insecurity with finite number of sessions is NP-complete. RR INRIA 4134, March 2001.Google Scholar
- [Sto99]S. Stoller. A bound on attacks on authentication protocols. TR 526, Indiana University, CS Dept., july 1999.Google Scholar
- [Wei99]C. Weidenbach. Towards an automatic analysis of security protocols in first-order logic. In Proc. CADE 99.Springer Lect. Notes in Comp. Sci. (LNAI) 1632, 1999.Google Scholar