Authenticated group key agreement and friends
CCS '98 Proceedings of the 5th ACM conference on Computer and communications security
On Name Generation and Set-Based Analysis in the Dolev-Yao Model
CONCUR '02 Proceedings of the 13th International Conference on Concurrency Theory
Protocol insecurity with a finite number of sessions and composed keys is NP-complete
Theoretical Computer Science
Intruder Deductions, Constraint Solving and Insecurity Decision in Presence of Exclusive or
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
An NP Decision Procedure for Protocol Insecurity with XOR
LICS '03 Proceedings of the 18th Annual IEEE Symposium on Logic in Computer Science
Mechanized proofs for a recursive authentication protocol
CSFW '97 Proceedings of the 10th IEEE workshop on Computer Security Foundations
Regular protocols and attacks with regular knowledge
CADE' 20 Proceedings of the 20th international conference on Automated Deduction
Formal methods for cryptographic protocol analysis: emerging issues and trends
IEEE Journal on Selected Areas in Communications
Selecting theories and nonce generation for recursive protocols
Proceedings of the 2007 ACM workshop on Formal methods in security engineering
Transducer-based analysis of cryptographic protocols
Information and Computation
Proving Group Protocols Secure Against Eavesdroppers
IJCAR '08 Proceedings of the 4th international joint conference on Automated Reasoning
Authentication Revisited: Flaw or Not, the Recursive Authentication Protocol
ATVA '08 Proceedings of the 6th International Symposium on Automated Technology for Verification and Analysis
On the automatic analysis of recursive security protocols with XOR
STACS'07 Proceedings of the 24th annual conference on Theoretical aspects of computer science
Deciding security for protocols with recursive tests
CADE'11 Proceedings of the 23rd international conference on Automated deduction
Tree automata with equality constraints modulo equational theories
IJCAR'06 Proceedings of the Third international joint conference on Automated Reasoning
Verification of security protocols with lists: from length one to unbounded length
POST'12 Proceedings of the First international conference on Principles of Security and Trust
Automatic verification of protocols with lists of unbounded length
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Verification of security protocols with lists: From length one to unbounded length
Journal of Computer Security - Security and Trust Principles
Hi-index | 0.00 |
Many decidability results are known for non-recursive cryptographic protocols, where the protocol steps can be expressed by simple rewriting rules. Recently, a tree transducer-based model was proposed for recursive protocols, where the protocol steps involve some kind of recursive computations. This model has, however, some limitations: (1) rules are assumed to have linear left-hand sides (so no equality tests can be performed), (2) only finite amount of information can be conveyed from one receive-send action to the next ones. It has been proven that, in this model, relaxing these assumptions leads to undecidability.In this paper, we propose a formalism, called selecting theories, which extends the standard non-recursive term rewriting model and allows participants to compare and store arbitrary messages. This formalism can model recursive protocols, where participants, in each protocol step, are able to send a number of messages unbounded w.r.t. the size of the protocol. We prove that insecurity of protocols with selecting theories is decidable in NEXPTIME.