Tagging Makes Secrecy Decidable with Unbounded Nonces as Well
نویسندگان
چکیده
Tagging schemes have been used in security protocols to ensure that the analysis of such protocols can work with messages of bounded length. When the set of nonces is bounded, this leads to decidability of secrecy. In this paper, we show that tagging schemes can be used to obtain decidability of secrecy even in the presence of unbound-
منابع مشابه
Decidability of context-explicit security protocols
An important problem in the analysis of security protocols is that of checking whether a protocol preserves secrecy, i.e., no secret owned by the honest agents is unintentionally revealed to the intruder. This problem has been proved to be undecidable in several settings. In particular, [11] prove the undecidability of the secrecy problem in the presence of an unbounded set of nonces, even when...
متن کاملA decidable subclass of unbounded security protocols
1 Summary The verification problem for security protocols can be formulated as follows: given an abstract specification of the protocol as a sequence of communications between agents, is it the case that every run generated by possible multi-sessions between agents, with a hypothetical intruder interleaving arbitrarily many actions , satisfies the given security requirements? There are many req...
متن کاملMultiset rewriting and the complexity of bounded security protocols
We formalize the Dolev-Yao model of security protocols, using a notation based on multi-set rewriting with existentials. The goals are to provide a simple formal notation for describing security protocols, to formalize the assumptions of the Dolev-Yao model using this notation, and to analyze the complexity of the secrecy problem under various restrictions. We prove that, even for the case wher...
متن کاملChecking Trace Equivalence: How to Get Rid of Nonces?
Security protocols can be successfully analysed using formal methods. When proving security in symbolic settings for an unbounded number of sessions, a typical technique consists in abstracting away fresh nonces and keys by a bounded set of constants. While this abstraction is clearly sound in the context of secrecy properties (for protocols without else branches), this is no longer the case fo...
متن کاملA (restricted) quantifier elimination for security protocols
While reasoning about security protocols, most of the difficulty of reasoning relates to the complicated semantics (with freshness of nonces, multisessions etc). While logics for security protocols need to be abstract (without explicitly dealing with nonces, encryption etc), ignoring details may result in rendering any verification of abstract properties worthless. We would like the verificatio...
متن کامل