A Sound Decision Procedure for the Compositionality of Secrecy

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7159)


The composition of processes is in general not secrecy preserving under the Dolev-Yao attacker model. In this paper, we describe an algorithmic decision procedure which determines whether the composition of secrecy preserving processes is still secrecy preserving. As a case-study we consider a variant of the TLS protocol where, even though the client and server considered separately would be viewed as preserving the secrecy of the data to be communicated, its composition to the complete protocol does not preserve that secrecy. We also show results on tool support that allows one to validate the efficiency of our algorithm for multiple compositions.


Decision Procedure Order Logic Authentication Protocol Security Protocol Dependency Tree 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Abadi, M.: Security protocols and their properties. In: Bauer, F., Steinbrüggen, R. (eds.) 20th International Summer School on Foundations of Secure Computation, Marktoberdorf, Germany, pp. 39–60. IOS Press, Amsterdam (2000)Google Scholar
  2. 2.
    Apostolopoulos, G., Peris, V., Saha, D.: Transport layer security: How much does it really cost? In: Proceedings of the IEEE Infocom, pp. 717–725 (1999)Google Scholar
  3. 3.
    Armando, A., Carbone, R., Compagna, L., Cuéllar, J., Tobarra, M.L.: Formal analysis of SAML 2.0 web browser single sign-on: breaking the SAML-based single sign-on for google apps. In: Shmatikov, V. (ed.) FMSE, pp. 1–10. ACM (2008)Google Scholar
  4. 4.
    Broy, M.: A logical basis for component-based systems engineering. In: Calculational System Design. IOS Press (1999)Google Scholar
  5. 5.
    Clarke, E.M., Long, D.E., Mcmillan, K.L.: Compositional model checking. In: Proceedings of the Fourth Annual Symposium on Logic in Computer Science (LICS 1989). IEEE Computer Society (1989)Google Scholar
  6. 6.
    Datta, A., Derek, A., Mitchell, J.C., Roy, A.: Protocol composition logic (pcl). Electronic Notes in Theoretical Computer Science 172(0), 311–358 (2007); Computation, Meaning, and Logic: Articles dedicated to Gordon PlotkinMathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Guttman, J.D.: Cryptographic Protocol Composition via the Authentication Tests. In: de Alfaro, L. (ed.) FOSSACS 2009. LNCS, vol. 5504, pp. 303–317. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  8. 8.
    Guttman, J.D., Javier, F., Fábrega, F.J.T.: Protocol independence through disjoint encryption. In: Proceedings 13th Computer Security Foundations Workshop, pp. 24–34. IEEE Computer Society Press (2000)Google Scholar
  9. 9.
    Jürjens, J.: Composability of Secrecy. In: Gorodetski, V.I., Skormin, V.A., Popyack, L.J. (eds.) MMM-ACNS 2001. LNCS, vol. 2052, pp. 28–38. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Jürjens, J.: A domain-specific language for cryptographic protocols based on streams. J. Log. Algebr. Program. 78(2), 54–73 (2009)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    Lowe, G.: Breaking and fixing the Needham-Schroeder public-key protocol using FDR. Software Concepts and Tools 17(3), 93–102 (1996)Google Scholar
  12. 12.
    Meadows, C.: Open issues in formal methods for cryptographic protocol analysis. In: DARPA Information Survivability Conference and Exposition (DISCEX 2000), pp. 237–250. IEEE Computer Society (2000)Google Scholar
  13. 13.
    Paulson, L.: The inductive approach to verifying cryptographic protocols. Journal of Computer Security 6(1-2), 85–128 (1998)CrossRefGoogle Scholar
  14. 14.
    Stoller, S.D.: A bound on attacks on authentication protocols. In: Proc. of the 2nd IFIP International Conference on Theoretical Computer Science: Foundations of Information Technology in the Era of Network and Mobile Computing (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  1. 1.Software EngineeringTU DortmundGermany
  2. 2.Fraunhofer ISSTGermany
  3. 3.Siemens AGGermany

Personalised recommendations