Dynamic Tags for Security Protocols

Myrto Arapinis, Stéphanie Delaune, and Steve Kremer. Dynamic Tags for Security Protocols. Logical Methods in Computer Science, 10(2:11), June 2014.

Download

[PDF] 

Abstract

The design and verification of cryptographic protocols is a notoriously difficult task, even in symbolic models which take an abstract view of cryptography. This is mainly due to the fact that protocols may interact with an arbitrary attacker which yields a verification problem that has several sources of unboundedness (size of messages, number of sessions, etc. In this paper, we characterize a class of protocols for which deciding security for an unbounded number of sessions is decidable. More precisely, we present a simple transformation which maps a protocol that is secure for a bounded number of protocol sessions (a decidable problem) to a protocol that is secure for an unbounded number of sessions. The precise number of sessions that need to be considered is a function of the security property and we show that for several classical security properties a single session is sufficient. Therefore, in many cases our results yields a design strategy for security protocols: (i) design a protocol intended to be secure for a single session; and (ii) apply our transformation to obtain a protocol which is secure for an unbounded number of sessions.

BibTeX

@article{ADK-lmcs14,
  abstract =      {The design and verification of cryptographic
                   protocols is a notoriously difficult task, even in
                   symbolic models which take an abstract view of
                   cryptography. This is mainly due to the fact that
                   protocols may interact with an arbitrary attacker
                   which yields a verification problem that has several
                   sources of unboundedness (size of messages, number of
                   sessions, etc. In this paper, we characterize a class
                   of protocols for which deciding security for an
                   unbounded number of sessions is decidable. More
                   precisely, we present a simple transformation which
                   maps a protocol that is secure for a bounded number
                   of protocol sessions (a~decidable problem) to a
                   protocol that is secure for an unbounded number of
                   sessions. The precise number of sessions that need to
                   be considered is a function of the security property
                   and we show that for several classical security
                   properties a single session is sufficient. Therefore,
                   in many cases our results yields a design strategy
                   for security protocols: (i)~design a protocol
                   intended to be secure for a {single session}; and
                   (ii)~apply our transformation to obtain a protocol
                   which is secure for an unbounded number of sessions.},
  author =        {Arapinis, Myrto and Delaune, St{\'e}phanie and
                   Kremer, Steve},
  OPTDOI =           {10.2168/LMCS-10(2:11)2014},
  journal =       {Logical Methods in Computer Science},
  month =         jun,
  number =        {2:11},
  title =         {Dynamic Tags for Security Protocols},
  volume =        {10},
  year =          {2014},
  nmonth =        {6},
  lsv-category =  {jour},
  wwwpublic =     {public and ccsb},
}