Efficient and timely mutual authentication
ACM SIGOPS Operating Systems Review
Haskell overloading is DEXPTIME-complete
Information Processing Letters
An attack on the Needham-Schroeder public-key authentication protocol
Information Processing Letters
Provably secure session key distribution: the three party case
STOC '95 Proceedings of the twenty-seventh annual ACM symposium on Theory of computing
Authenticated group key agreement and friends
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
On the symbolic reduction of processes with cryptographic functions
Theoretical Computer Science
A Method for Automatic Cryptographic Protocol Verification
IPDPS '00 Proceedings of the 15 IPDPS 2000 Workshops on Parallel and Distributed Processing
On the Decidability of Cryptographic Protocols with Open-Ended Data Structures
CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
Rewriting for Cryptographic Protocol Verification
CADE-17 Proceedings of the 17th International Conference on Automated Deduction
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Mechanized proofs for a recursive authentication protocol
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Decision Procedures for the Analysis of Cryptographic Protocols by Logics of Belief
CSFW '99 Proceedings of the 12th IEEE workshop on Computer Security Foundations
XML with data values: typechecking revisited
Journal of Computer and System Sciences - Special issu on PODS 2001
A Security Analysis of the Cliques Protocols Suites
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Protocol Insecurity with Finite Number of Sessions is NP-Complete
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Multiset rewriting and the complexity of bounded security protocols
Journal of Computer Security
Selecting theories and recursive protocols
CONCUR 2005 - Concurrency Theory
Deciding the Security of Protocols with Commuting Public Key Encryption
Electronic Notes in Theoretical Computer Science (ENTCS)
On the automatic analysis of recursive security protocols with XOR
STACS'07 Proceedings of the 24th annual conference on Theoretical aspects of computer science
Regular protocols and attacks with regular knowledge
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
| Hi-index | 0.00 |
Cryptographic protocols can be divided into (1) protocols where the protocol steps are simple from a computational point of view and can thus be modeled by simple means, for instance, by single rewrite rules-we call these protocols non-looping-and (2) protocols, such as group protocols, where the protocol steps are complex and typically involve an iterative or recursive computation-we call them recursive. While much is known on the decidability of security for non-looping protocols, only little is known for recursive protocols. In this paper, we prove decidability of security (with respect to the standard Dolev-Yao intruder) for a core class of recursive protocols and undecidability for several extensions. The key ingredient of our protocol model is specifically designed tree transducers which work over infinite signatures and have the ability to generate new constants (which allow us to mimic key generation). The decidability result is based on an automata-theoretic construction which involves a new notion of regularity, designed to work well with the infinite signatures we use.