Verification of Security Protocols with a Bounded Number of Sessions Based on Resolution for Rigid Variables

  • Reynald Af feldt
  • Hubert Comon-Lundh
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5458)


First-order logic resolution is a standard way to automate the verification of security protocols. However, it sometimes fails to produce security proofs for secure protocols because of the detection of false attacks. For the verification of a bounded number of sessions, false attacks can be avoided by introducing rigid variables. Unfortunately, this yields complicated resolution procedures. We show here that there is a simple translation of the security problem for a bounded number of sessions into first-order logic, that does not introduce false attacks. This is shown by translating clauses involving rigid variables into classical first-order clauses, while preserving satisfiability. We illustrate this approach by giving a complete and terminating strategy for a first-order logic fragment resulting from the above translation, that yields a decision procedure for a bounded number of sessions.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Allamigeon, X., Blanchet, B.: Reconstruction of Attacks against Cryptographic Protocols. In: 18th IEEE Work. on Computer Security Foundations, pp. 140–154 (2005)Google Scholar
  2. 2.
    Andrews, P.B.: Theorem proving via general matings. Journal of the ACM 28(2), 193–214 (1981)CrossRefMATHGoogle Scholar
  3. 3.
    Bachmair, L., Ganzinger, H.: Resolution Theorem Proving. In: Handbook of Automated Reasoning, ch. 2, pp. 19–99. Elsevier/MIT Press (2001)Google Scholar
  4. 4.
    Blanchet, B.: An Efficient Cryptographic Protocol Verifier Based on Prolog Rules. In: 14th IEEE Work. on Computer Security Foundations, pp. 82–96 (2001)Google Scholar
  5. 5.
    Dershowitz, N., Jouannaud, J.-P.: Rewrite Systems. In: Handbook of Theoretical Computer Science, Volume B: Formal Models and Semantics (B), pp. 243–320. Elsevier/MIT Press (1990)Google Scholar
  6. 6.
    Cervesato, I., Durgin, N.A., Lincoln, P.D., Mitchell, J.C., Scedrov, A.: A meta-notation for protocol analysis. In: 12th IEEE Work. on Computer Security Foundations, pp. 55–69 (1999)Google Scholar
  7. 7.
    Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An NP decision procedure for protocol insecurity with XOR. In: 18th IEEE Symp. on Logic in Computer Science (LICS 2003), pp. 261–270 (2003)Google Scholar
  8. 8.
    Cohen, A.: Combined CPV-TLV Security Protocol Verifier. Master’s thesis, New York University (2004)Google Scholar
  9. 9.
    Comon-Lundh, H., Cortier, V.: Security properties: two agents are sufficient. Science of Computer Programming 50(1–3), 51–71 (2004)CrossRefMATHGoogle Scholar
  10. 10.
    Comon-Lundh, H., Cortier, V., Zalinescu, E.: Deciding security properties for cryptographic protocols. Application to key cycles. ACM Transactions on Computational Logic (to appear)Google Scholar
  11. 11.
    Comon-Lundh, H., Shmatikov, V.: Intruder deductions, constraint solving and insecurity decision in presence of exclusive or. In: 18th IEEE Symp. on Logic in Computer Science (LICS 2003), pp. 271–280 (2003)Google Scholar
  12. 12.
    Delaune, S., Lin, H., Lynch, C.: Protocol verification via rigid/flexible resolution. In: Dershowitz, N., Voronkov, A. (eds.) LPAR 2007. LNCS(LNAI), vol. 4790, pp. 242–256. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  13. 13.
    Fermüller, C.G., Leitsch, A., Hustadt, U., Tamet, T.: Resolution decision procedure. In: Handbook of Automated Reasoning, ch. 25. Elsevier and MIT Press (2001)Google Scholar
  14. 14.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete. Theoretical Computer Science 1-3(299), 451–475 (2003)CrossRefMATHGoogle Scholar
  15. 15.
    Shmatikov, V.: Decidable analysis of cryptographic protocols with products and modular exponentiation. In: Schmidt, D. (ed.) ESOP 2004. LNCS, vol. 2986, pp. 355–369. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Weidenbach, C.: Towards an automatic analysis of security protocols in first-order logic. In: Ganzinger, H. (ed.) CADE 1999. LNCS, vol. 1632, pp. 314–328. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Reynald Af feldt
    • 1
  • Hubert Comon-Lundh
    • 1
  1. 1.Research Center for Information Security (RCIS)National Institute of Advanced Industrial Science and Technology (AIST)Japan

Personalised recommendations