From security protocols to pushdown automata

Authors:
Rémy Chrétien;Véronique Cortier;Stéphanie Delaune
Affiliations:
CNRS, LORIA, France,LSV, ENS Cachan & CNRS & INRIA Saclay Île-de, France;CNRS, LORIA, France;LSV, ENS Cachan & CNRS & INRIA Saclay Île-de, France
Venue:
ICALP'13 Proceedings of the 40th international conference on Automata, Languages, and Programming - Volume Part II
Year:
2013

Citing 15
Cited 0

L(A) = L(B)? decidability results from complete formal systems

Theoretical Computer Science
Deciding DPDA Equivalence Is Primitive Recursive

ICALP '02 Proceedings of the 29th International Colloquium on Automata, Languages and Programming
The Equivalence Problem for Deterministic Pushdown Automata is Decidable

ICALP '97 Proceedings of the 24th International Colloquium on Automata, Languages and Programming
Protocol insecurity with a finite number of sessions and composed keys is NP-complete

Theoretical Computer Science
An Efficient Cryptographic Protocol Verifier Based on Prolog Rules

CSFW '01 Proceedings of the 14th IEEE workshop on Computer Security Foundations
Automated Verification of Selected Equivalences for Security Protocols

LICS '05 Proceedings of the 20th Annual IEEE Symposium on Logic in Computer Science
Deciding security of protocols against off-line guessing attacks

Proceedings of the 12th ACM conference on Computer and communications security
Unbounded verification, falsification, and characterization of security protocols by pattern refinement

Proceedings of the 15th ACM conference on Computer and communications security
A Method for Proving Observational Equivalence

CSF '09 Proceedings of the 2009 22nd IEEE Computer Security Foundations Symposium
New decidability results for fragments of first-order logic and application to cryptographic protocols

RTA'03 Proceedings of the 14th international conference on Rewriting techniques and applications
Formal Verification of Privacy for RFID Systems

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Analysing Unlinkability and Anonymity Using the Applied Pi Calculus

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Automating Open Bisimulation Checking for the Spi Calculus

CSF '10 Proceedings of the 2010 23rd IEEE Computer Security Foundations Symposium
Trace equivalence decision: negative tests and non-determinism

Proceedings of the 18th ACM conference on Computer and communications security
Decidability of Equivalence of Symbolic Derivations

Journal of Automated Reasoning

Quantified Score

Hi-index	0.00

Visualization

Abstract

Formal methods have been very successful in analyzing security protocols for reachability properties such as secrecy or authentication. In contrast, there are very few results for equivalence-based properties, crucial for studying e.g. privacy-like properties such as anonymity or vote secrecy. We study the problem of checking equivalence of security protocols for an unbounded number of sessions. Since replication leads very quickly to undecidability (even in the simple case of secrecy), we focus on a limited fragment of protocols (standard primitives but pairs, one variable per protocol's rules) for which the secrecy preservation problem is known to be decidable. Surprisingly, this fragment turns out to be undecidable for equivalence. Then, restricting our attention to deterministic protocols, we propose the first decidability result for checking equivalence of protocols for an unbounded number of sessions. This result is obtained through a characterization of equivalence of protocols in terms of equality of languages of (generalized, real-time) deterministic pushdown automata.