On the symbolic reduction of processes with cryptographic functions
Theoretical Computer Science
A bisimulation method for cryptographic protocols
Nordic Journal of Computing
Non Interference for the Analysis of Cryptographic Protocols
ICALP '00 Proceedings of the 27th International Colloquium on Automata, Languages and Programming
Symbolic Trace Analysis of Cryptographic Protocols
ICALP '01 Proceedings of the 28th International Colloquium on Automata, Languages and Programming,
On the Reachability Problem in Cryptographic Protocols
CONCUR '00 Proceedings of the 11th International Conference on Concurrency Theory
On Name Generation and Set-Based Analysis in the Dolev-Yao Model
CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
Protocol insecurity with a finite number of sessions and composed keys is NP-complete
Theoretical Computer Science
Computing Symbolic Models for Verifying Cryptographic Protocols
CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Model-Checking Large Finite-State Systems and Beyond
SOFSEM '07 Proceedings of the 33rd conference on Current Trends in Theory and Practice of Computer Science
Reachability is decidable for weakly extended process rewrite systems
Information and Computation
On recursion, replication and scope mechanisms in process calculi
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
CCS with replication in the Chomsky hierarchy: the expressive power of divergence
APLAS'07 Proceedings of the 5th Asian conference on Programming languages and systems
Monotonic set-extended prefix rewriting and verification of recursive ping-pong protocols
ATVA'06 Proceedings of the 4th international conference on Automated Technology for Verification and Analysis
Hi-index | 0.00 |
We use some recent techniques from process algebra to draw several conclusions about the well studied class of ping-pong protocols introduced by Dolev and Yao. In particular we show that all nontrivial properties, including reachability and equivalence checking wrt. the whole van Glabbeek's spectrum, become undecidable for a very simple recursive extension of the protocol. The result holds even if no nondeterministic choice operator is allowed. We also show that the extended calculus is capable of an implicit description of the active intruder, including full analysis and synthesis of messages in the sense of Amadio, Lugiez and Vanackère. We conclude by showing that reachability analysis for a replicative variant of the protocol becomes decidable. Note: full proofs are available in [11].