Dynamic Tags for Security Protocols

The design and verification of cryptographic protocols is a notoriously difficulttask, even in symbolic models which take an abstract view of cryptography. This is mainlydue to the fact that protocols may interact with an arbitrary attacker which yields averification problem that has several sources of unboundedness (size of messages, numberof sessions, etc.).In this paper, we characterize a class of protocols for which deciding security for anunbounded number of sessions is decidable. More precisely, we present a simple transfor-mation which maps a protocol that is secure for a bounded number of protocol sessions (adecidable problem) to a protocol that is secure for an unbounded number of sessions. Theprecise number of sessions that need to be considered is a function of the security prop-erty and we show that for several classical security properties a single session is sufficient.Therefore, in many cases our results yields a design strategy for security protocols: (i) de-sign a protocol intended to be secure for a single session; and (ii) apply our transformationto obtain a protocol which is secure for an unbounded number of sessions.