Undecidability of Bounded Security Protocols
نویسندگان
چکیده
Using a multiset rewriting formalism with existen-tial quantiication, it is shown that protocol security remains undecidable even when rather severe restrictions are placed on protocols. In particular, even if data constructors, message depth, message width, number of distinct roles, role length, and depth of encryp-tion are bounded by constants, secrecy is an undecidable property. If protocols are further restricted to have no new data (nonces), then secrecy is dexptime-complete. Both lower bounds are obtained by encoding decision problems from existential Horn theories without function symbols into our protocol framework. The way that encryption and adversary behavior are used in the reduction sheds some light on protocol analysis.
منابع مشابه
An undecidability result for AGh
We present an undecidability result for the verification of security protocols. Since the perfect cryptography assumption is unrealistic for cryptographic primitives with visible algebraic properties, several recent works relax this assumption, allowing the intruder to exploit these properties. We are interested in the Abelian groups theory in combination with the homomorphism axiom. We show th...
متن کاملStéphanie Delaune An Undecidability Result for AGh
We present an undecidability result for the verification of security protocols. Since the perfect cryptography assumption is unrealistic for cryptographic primitives with visible algebraic properties, several recent works relax this assumption, allowing the intruder to exploit these properties. We are interested in the Abelian groups theory in combination with the homomorphism axiom. We show th...
متن کاملDecidability of context-explicit security protocols
An important problem in the analysis of security protocols is that of checking whether a protocol preserves secrecy, i.e., no secret owned by the honest agents is unintentionally revealed to the intruder. This problem has been proved to be undecidable in several settings. In particular, [11] prove the undecidability of the secrecy problem in the presence of an unbounded set of nonces, even when...
متن کاملOn the Automatic Analysis of Recursive Security Protocols with XOR
In many security protocols, such as group protocols, principals have to perform iterative or recursive computations. We call such protocols recursive protocols. Recently, first results on the decidability of the security of such protocols have been obtained. While recursive protocols often employ operators with algebraic, security relevant properties, such as the exclusive OR (XOR), the existin...
متن کاملDeciding Security for Protocols with Recursive Tests
Security protocols aim at securing communications over public networks. Their design is notoriously difficult and error-prone. Formal methods have shown their usefulness for providing a careful security analysis in the case of standard authentication and confidentiality protocols. However, most current techniques do not apply to protocols that perform recursive computation e.g. on a list of mes...
متن کامل