Entity authentication and key distribution
CRYPTO '93 Proceedings of the 13th annual international cryptology conference on Advances in cryptology
A Formal Language for Cryptographic Protocol Requirements
Designs, Codes and Cryptography - Special issue dedicated to Gustavus J. Simmons
Using encryption for authentication in large networks of computers
Communications of the ACM
Constraint solving for bounded-process cryptographic protocol analysis
CCS '01 Proceedings of the 8th ACM conference on Computer and Communications Security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
An Improved Constraint-Based System for the Verification of Security Protocols
SAS '02 Proceedings of the 9th International Symposium on Static Analysis
Protocol insecurity with a finite number of sessions and composed keys is NP-complete
Theoretical Computer Science
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Towards a Completeness Result for Model Checking of Security Protocols
CSFW '98 Proceedings of the 11th IEEE workshop on Computer Security Foundations
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Protocol Insecurity with Finite Number of Sessions is NP-Complete
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Symmetric Encryption in a Simulatable Dolev-Yao Style Cryptographic Library
CSFW '04 Proceedings of the 17th IEEE workshop on Computer Security Foundations
Multiset rewriting and the complexity of bounded security protocols
Journal of Computer Security
Decidability of context-explicit security protocols
Journal of Computer Security - Special issue on WITS'03
Deciding security of protocols against off-line guessing attacks
Proceedings of the 12th ACM conference on Computer and communications security
CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Completeness theorems for the Abadi-Rogaway language of encrypted expressions
Journal of Computer Security - Special issue on WITS'02
Verification of cryptographic Protocols: tagging enforces termination
FOSSACS'03/ETAPS'03 Proceedings of the 6th International conference on Foundations of Software Science and Computation Structures and joint European conference on Theory and practice of software
RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
Associative-commutative deducibility constraints
STACS'07 Proceedings of the 24th annual conference on Theoretical aspects of computer science
Safely composing security protocols
FSTTCS'07 Proceedings of the 27th international conference on Foundations of software technology and theoretical computer science
Towards key-dependent message security in the standard model
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
${\mathcal PS}$-LTL for constraint-based security protocol analysis
ICLP'05 Proceedings of the 21st international conference on Logic Programming
Deciding key cycles for security protocols
LPAR'06 Proceedings of the 13th international conference on Logic for Programming, Artificial Intelligence, and Reasoning
Computationally sound symbolic secrecy in the presence of hash functions
FSTTCS'06 Proceedings of the 26th international conference on Foundations of Software Technology and Theoretical Computer Science
The AVISPA tool for the automated validation of internet security protocols and applications
CAV'05 Proceedings of the 17th international conference on Computer Aided Verification
On the complexity of equational horn clauses
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Soundness of formal encryption in the presence of key-cycles
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Formal to Practical Security
Implementation and performance evaluation of the RSEP protocol on ARM and intel platforms
Proceedings of the 3rd international conference on Security of information and networks
Deciding recognizability under Dolev-Yao intruder model
ISC'10 Proceedings of the 13th international conference on Information security
Deciding security for protocols with recursive tests
CADE'11 Proceedings of the 23rd international conference on Automated deduction
ASIAN'09 Proceedings of the 13th Asian conference on Advances in Computer Science: information Security and Privacy
Automating security analysis: symbolic equivalence of constraint systems
IJCAR'10 Proceedings of the 5th international conference on Automated Reasoning
Security protocols, constraint systems, and group theories
IJCAR'12 Proceedings of the 6th international joint conference on Automated Reasoning
LICS: Logic in Computer Security -- Some Attacker's Models and Related Decision Problems
LICS '13 Proceedings of the 2013 28th Annual ACM/IEEE Symposium on Logic in Computer Science
| Hi-index | 0.00 |
There is a large amount of work dedicated to the formal verification of security protocols. In this article, we revisit and extend the NP-complete decision procedure for a bounded number of sessions. We use a, now standard, deducibility constraint formalism for modeling security protocols. Our first contribution is to give a simple set of constraint simplification rules, that allows to reduce any deducibility constraint to a set of solved forms, representing all solutions (within the bound on sessions). As a consequence, we prove that deciding the existence of key cycles is NP-complete for a bounded number of sessions. The problem of key-cycles has been put forward by recent works relating computational and symbolic models. The so-called soundness of the symbolic model requires indeed that no key cycle (e.g., enc(k, k)) ever occurs in the execution of the protocol. Otherwise, stronger security assumptions (such as KDM-security) are required. We show that our decision procedure can also be applied to prove again the decidability of authentication-like properties and the decidability of a significant fragment of protocols with timestamps.