On the Complexity of Verifying Cyber-Physical Security Protocols

Many security protocols rely on the assumptions 1 on the physical properties in which its protocol sessions will be 2 carried out. For instance, Distance Bounding Protocols take into 3 account the round trip time of messages and the transmission 4 velocity to infer an upper bound of the distance between two 5 agents. We classify such security protocols as Cyber-Physical. 6 The key elements of such protocols are the use of cryptographic 7 keys, nonces and real-time. This paper studies the complexity 8 of verifying Cyber-Physical Protocols. We propose a multiset 9 rewriting framework with real-time and that may create fresh 10 values. We demonstrate that distance bounding protocols may be 11 specified in this framework. We also observe that the standard 12 Dolev-Yao intruder is not a reasonable intruder model for Cyber13 Physical Security Protocols Verification and propose a novel 14 intruder model that takes into account the Physical Properties 15 of the environment. From previous work, we infer that the 16 corresponding reachability problem is undecidable in general 17 even if the size of terms is bounded. We show that for the 18 important class of Bounded Memory Cyber-Physical Security 19 Protocols with a Memory Bounded Intruder the same problem 20 is PSPACE-complete if the size of terms is bounded. 21