From One Session to Many: Dynamic Tags for Security Protocols

  • Myrto Arapinis
  • Stéphanie Delaune
  • Steve Kremer
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5330)

Abstract

The design and verification of cryptographic protocols is a notoriously difficult task, even in abstract Dolev-Yao models. This is mainly due to several sources of unboundedness (size of messages, number of sessions, ...). In this paper, we characterize a class of protocols for which secrecy for an unbounded number of sessions is decidable. More precisely, we present a simple transformation which maps a protocol that is secure for a single protocol session (a decidable problem) to a protocol that is secure for an unbounded number of sessions.

Our result provides an effective strategy to design secure protocols: (i) design a protocol intended to be secure for one protocol session (this can be verified with existing automated tools); (ii) apply our transformation and obtain a protocol which is secure for an unbounded number of sessions. The proof of our result is closely tied to a particular constraint solving procedure by Comon-Lundh et al.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Arapinis, M., Delaune, S., Kremer, S.: From one session to many: Dynamic tags for security protocols. Research Report LSV-08-20, ENS Cachan, France, 30 pages (June 2008)Google Scholar
  2. 2.
    Arapinis, M., Duflot, M.: Bounding messages for free in security protocols. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 376–387. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  3. 3.
    Armando, A., et al.: The Avispa tool for the automated validation of internet security protocols and applications. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 281–285. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Beauquier, D., Gauche, F.: How to guarantee secrecy for cryptographic protocols. CoRR, abs/cs/0703140 (2007)Google Scholar
  5. 5.
    Bellare, M., Canetti, R., Krawczyk, H.: A modular approach to the design and analysis of authentication and key exchange protocols (extended abstract). In: Proc. 30th Annual ACM Symposium on the Theory of Computing (STOC 1998), pp. 419–428. ACM Press, New York (1998)Google Scholar
  6. 6.
    Blanchet, B., Podelski, A.: Verification of cryptographic protocols: Tagging enforces termination. In: Gordon, A.D. (ed.) FOSSACS 2003. LNCS, vol. 2620, pp. 136–152. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Clark, J., Jacob, J.: A survey of authentication protocol literature (1997)Google Scholar
  8. 8.
    Comon, H.: Résolution de contraintes et recherche d’attaques pour un nombre borné de sessions, http://www.lsv.ens-cachan.fr/~comon/CRYPTO/bounded.ps
  9. 9.
    Comon-Lundh, H., Cortier, V.: Security properties: two agents are sufficient. Science of Computer Programming 50(1-3), 51–71 (2004)MathSciNetCrossRefMATHGoogle Scholar
  10. 10.
    Cortier, V., Delaitre, J., Delaune, S.: Safely composing security protocols. In: Arvind, V., Prasad, S. (eds.) FSTTCS 2007. LNCS, vol. 4855, pp. 352–363. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  11. 11.
    Cortier, V., Delaune, S.: Safely composing security protocols. Research Report LSV-08-06, ENS Cachan, France, 39 pages (March 2008)Google Scholar
  12. 12.
    Cortier, V., Warinschi, B., Zălinescu, E.: Synthesizing secure protocols. In: Biskup, J., López, J. (eds.) ESORICS 2007. LNCS, vol. 4734, pp. 406–421. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Cortier, V., Zălinescu, E.: Deciding key cycles for security protocols. In: Hermann, M., Voronkov, A. (eds.) LPAR 2006. LNCS, vol. 4246, pp. 317–331. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  14. 14.
    Delaune, S.: Note: Constraint solving procedure, http://www.lsv.ens-cachan.fr/Publis/PAPERS/PDF/CDD-fsttcs07-addendum.pdf
  15. 15.
    Dolev, D., Even, S., Karp, R.M.: On the security of ping-pong protocols. In: Proc. Advances in Cryptology (CRYPTO 1982), pp. 177–186 (1982)Google Scholar
  16. 16.
    Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proc. of the 22nd Symposium on Foundations of Computer Science (FOCS 1981). IEEE Comp. Soc. Press, Los Alamitos (1981)Google Scholar
  17. 17.
    Durgin, N., Lincoln, P., Mitchell, J., Scedrov, A.: Undecidability of bounded security protocols. In: Proc. Workshop on Formal Methods and Security Protocols (1999)Google Scholar
  18. 18.
    Heather, J., Lowe, G., Schneider, S.: How to prevent type flaw attacks on security protocols. In: Proc. 13th Computer Security Foundations Workshop (CSFW 2001), pp. 255–268. IEEE Comp. Soc. Press, Los Alamitos (2000)CrossRefGoogle Scholar
  19. 19.
    Katz, J., Yung, M.: Scalable protocols for authenticated group key exchange. In: Boneh, D. (ed.) CRYPTO 2003. LNCS, vol. 2729, pp. 110–125. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  20. 20.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147–166. Springer, Heidelberg (1996)CrossRefGoogle Scholar
  21. 21.
    Lowe, G.: Towards a completeness result for model checking of security protocols. Journal of Computer Security 7(1) (1999)Google Scholar
  22. 22.
    Millen, J., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: Proc. 8th ACM Conference on Computer and Communications Security (CCS 2001). ACM Press, New York (2001)Google Scholar
  23. 23.
    Ramanujam, R., Suresh, S.P.: Tagging makes secrecy decidable for unbounded nonces as well. In: Pandya, P.K., Radhakrishnan, J. (eds.) FSTTCS 2003. LNCS, vol. 2914, pp. 363–374. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Ramanujam, R., Suresh, S.P.: Decidability of context-explicit security protocols. Journal of Computer Security 13(1), 135–165 (2005)CrossRefGoogle Scholar
  25. 25.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with finite number of sessions and composed keys is NP-complete. Theoretical Computer Science 299(1-3), 451–475 (2003)MathSciNetCrossRefMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Myrto Arapinis
    • 1
  • Stéphanie Delaune
    • 1
  • Steve Kremer
    • 1
  1. 1.LSV, ENS Cachan & CNRS & INRIAFrance

Personalised recommendations