On the Decidability of Cryptographic Protocols with Open-Ended Data Structures
CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
On the Security of Ping-Pong Protocols when Implemented using the RSA
CRYPTO '85 Advances in Cryptology
Tree Automata with One Memory, Set Constraints, and Ping-Pong Protocols
ICALP '01 Proceedings of the 28th International Colloquium on Automata, Languages and Programming,
Composable Formal Security Analysis: Juggling Soundness, Simplicity and Efficiency
ICALP '08 Proceedings of the 35th international colloquium on Automata, Languages and Programming, Part II
Rewriting Techniques in the Constraint Solver
Electronic Notes in Theoretical Computer Science (ENTCS)
CoSP: a general framework for computational soundness proofs
Proceedings of the 16th ACM conference on Computer and communications security
An Optimized Intruder Model for SAT-based Model-Checking of Security Protocols
Electronic Notes in Theoretical Computer Science (ENTCS)
Security properties: two agents are sufficient
ESOP'03 Proceedings of the 12th European conference on Programming
Abstraction by set-membership: verifying security protocols and web services with databases
Proceedings of the 17th ACM conference on Computer and communications security
Computationally sound verification of source code
Proceedings of the 17th ACM conference on Computer and communications security
Computational soundness of symbolic zero-knowledge proofs
Journal of Computer Security - 7th International Workshop on Issues in the Theory of Security (WITS'07)
Bounded key-dependent message security
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Computational soundness without protocol restrictions
Proceedings of the 2012 ACM conference on Computer and communications security
Hi-index | 0.00 |
We define a p-party ping-pong protocol and its security problem, along the lines of Dolev and Yao's definition for twoparty ping-pong protocol. In the case of two parties, it was assumed, with no loss of generality, that there exists a single saboteur in the net and the protocol was defined to be secure iff it was secure against the active interventions of one saboteur. We show that for more than 2 parties this assumption can no longer be made and that for p parties 3(p-2) + 1 is a lower bound on the number of saboteurs which should be considered for the security problem. On the other hand we establish a 3(p-2) + 2 upper bound on the number of saboteurs which should be considered. We conclude that for a fixed p, p-party ping-pong protocols can be tested for security in 0(n3) time and 0(n2) space, when n is the length of the protocol. We show that if p, the number of participants in the protocol, is part of the input then the security problem becomes NP-Hard. Relaxing the definition of a ping-pong protocol so that operators can operate on half words (thus introducing commutativity of the operators) causes the security problem to become undecidable.