Complexity of Checking Freshness of Cryptographic Protocols

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5352)


Freshness is a central security issue for cryptographic protocols and is the security goal violated by replay attacks. This paper is the first to formally define freshness goal and its attacks based on role instances and the attacker’s involvement, and is the first work to investigate the complexity of checking freshness. We discuss and prove a series of complexity results of checking freshness goals in several different scenarios, where the attacker’s behavior is restricted differently, with different bounds on the number of role instances in a run.


Cryptographic protocols freshness replay attack challenge response model checker undecidability NP-completeness Athena 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Dolev, D., Yao, A.C.C.: On the security of public key protocols. IEEE Transactions on Information Theory 29(2), 198–207 (1983)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Durgin, N.A., Lincoln, P., Mitchell, J.C.: Multiset rewriting and the complexity of bounded security protocols. Journal of Computer Security 12(2), 247–311 (2004)CrossRefGoogle Scholar
  3. 3.
    Ramanujam, R., Suresh, S.P.: Undecidability of secrecy for security protocols (manuscript) (July 2003)Google Scholar
  4. 4.
    Rusinowitch, M., Turuani, M.: Protocol insecurity with a finite number of sessions, composed keys is NP-complete.. Theor. Comput. Sci. 1-3(299), 451–475 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Tiplea, F.L., Enea, C., Bîrjoveanu, C.V.: Decidability and complexity results for security protocols. Technical Report TR 05-02, “Al.I.Cuza” University of Iaşi, Faculty of Computer Science (2005)Google Scholar
  6. 6.
    Millen, J.K., Shmatikov, V.: Constraint solving for bounded-process cryptographic protocol analysis. In: ACM Conference on Computer and Communications Security, pp. 166–175 (2001)Google Scholar
  7. 7.
    Liang, Z., Verma, R.M.: Secrecy Checking of Protocols: Solution of an Open Problem. In: Automated Reasoning for Security Protocol Analysis (ARSPA 2007), pp. 95–112 (July 2007)Google Scholar
  8. 8.
    Liang, Z., Verma, R.M.: Improving Techniques for Proving Undecidability of Checking Cryptograhpic Protocols. In: The Third International Conference on Availability, Security and Reliability, Barcelona, Spain, pp. 1067–1074. IEEE Computer Society Press, Los Alamitos (2008); Workshop on Privacy and Security by means of Artificial Intelligence (PSAI) Google Scholar
  9. 9.
    Gong, L.: Variations on the themes of message freshness and replay—or the difficulty of devising formal methods to analyze cryptographic protocols. In: Proceedings of the Computer Security Foundations Workshop VI, pp. 131–136. IEEE Computer Society Press, Los Alamitos (1993)CrossRefGoogle Scholar
  10. 10.
    Lam, K.-Y., Gollmann, D.: Freshness Assurance of Authentication Protocols. In: Deswarte, Y., Quisquater, J.-J., Eizenberg, G. (eds.) ESORICS 1992. LNCS, vol. 648, pp. 261–272. Springer, Heidelberg (1992)CrossRefGoogle Scholar
  11. 11.
    Liang, Z., Verma, R.M.: Complexity of Checking Freshness of Cryptographic Protocols. Technical report, Computer Science Department, University of Houston, Texas, USA, UH-CS-08-14 (September 2008),
  12. 12.
    Song, D.X.: Athena: A new efficient automatic checker for security protocol analysis. In: CSFW, pp. 192–202 (1999)Google Scholar
  13. 13.
    Song, D.X., Berezin, S., Perrig, A.: Athena: A novel approach to efficient automatic security protocol analysis. Journal of Computer Security 9(1/2), 47–74 (2001)CrossRefGoogle Scholar
  14. 14.
    Corin, R., Etalle, S., Saptawijaya, A.: A logic for constraint-based security protocol analysis. In: SP 2006: Proceedings of the 2006 IEEE Symposium on Security and Privacy, Washington, DC, USA, pp. 155–168. IEEE Computer Society Press, Los Alamitos (2006)Google Scholar
  15. 15.
    Backes, M., Cortesi, A., Focardi, R., Maffei, M.: A Calculus of Challenges and Responses. In: Proceedings of 5th ACM Workshop on Formal Methods in Security Engineering (FMSE) (November 2007)Google Scholar
  16. 16.
    Guttman, J.D., Thayer, F.J.: Authentication tests. In: IEEE Symposium on Security and Privacy, pp. 96–109 (2000)Google Scholar
  17. 17.
    Froschle, S.: The insecurity problem: Tackling unbounded data. In: IEEE Computer Security Foundations Symposium 2007, pp. 370–384. IEEE Computer Society, Los Alamitos (2007)Google Scholar
  18. 18.
    Chevalier, Y., Küsters, R., Rusinowitch, M., Turuani, M.: An np decision procedure for protocol insecurity with xor. Theor. Comput. Sci. 338(1-3), 247–274 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Paulson, L.C.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)CrossRefGoogle Scholar
  20. 20.
    Thayer, F.J., Herzog, J.C., Guttman, J.D.: Strand spaces: Proving security protocols correct. Journal of Computer Security 7(1) (1999)Google Scholar
  21. 21.
    Lowe, G.: A hierarchy of authentication specifications. In: CSFW 1997: Proceedings of the 10th Computer Security Foundations Workshop (CSFW 1997), Washington, DC, USA, p. 31. IEEE Computer Society Press, Los Alamitos (1997)Google Scholar
  22. 22.
    Syverson, P.F.: A taxonomy of replay attacks. In: CSFW, pp. 187–191 (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  1. 1.Computer Science DepartmentUniversity of HoustonHoustonUSA

Personalised recommendations