Recursion vs. Replication in Simple Cryptographic Protocols
Hans Hüttel,Jiri Srba +1 more
TLDR
It is shown that reachability analysis for a replicative variant of the protocol becomes decidable, and the extended calculus is capable of an implicit description of the active intruder.Abstract:
We use some recent techniques from process algebra to draw several conclusions about the well studied class of ping-pong protocols introduced by Dolev and Yao. In particular we show that all nontrivial properties, including reachability and equivalence checking wrt. the whole van Glabbeek's spectrum, become undecidable for a very simple recursive extension of the protocol. The result holds even if no nondeterministic choice operator is allowed. We also show that the extended calculus is capable of an implicit description of the active intruder, including full analysis and synthesis of messages in the sense of Amadio, Lugiez and Vanackere. We conclude by showing that reachability analysis for a replicative variant of the protocol becomes decidable.read more
Citations
More filters
Book
Formal Methods for Components and Objects
TL;DR: Evidence is given that the ability of expressing recursive behaviour via replication often depends on the scoping mechanisms of the given calculus which compensate for the restriction of replication.
Journal ArticleDOI
Refocusing in Reduction Semantics
Olivier Danvy,Lasse R. Nielsen +1 more
TL;DR: The construction of a refocus function shows how to mechanically obtain an abstract machine out of a reduction semantics, which was done previously on a case-by-case basis.
Journal ArticleDOI
A functional correspondence between monadic evaluators and abstract machines for languages with computational effects
TL;DR: The correspondence between evaluators and abstract machines is extended to the impure setting of the λ-calculus, and the tail-recursive stack inspection presented by Clements and Felleisen is characterized as a lifted state monad, which enables to combine this stack-inspection monad with other monads and to construct abstract machines for languages with properly tail- Recursion stack inspection and other computational effects.
Journal ArticleDOI
An Operational Foundation for Delimited Continuations in the CPS Hierarchy
TL;DR: In this article, an abstract machine and a reduction semantics for the lambda-calculus extended with control operators that give access to delimited continuations in the CPS hierarchy are presented.
Dissertation
Keeping Fairness Alive : Design and formal verification of optimistic fair exchange protocols
TL;DR: The work in this thesis has been carried out at the centre for mathematics and computer science (CWI) under the auspices of the research school IPA (Institute for Programming research and Algorithmics) and the research has been funded by the Dutch organisation for scientific research (NWO).
References
More filters
Journal ArticleDOI
On the security of public key protocols
Danny Dolev,Andrew Chi-Chih Yao +1 more
TL;DR: Several models are formulated in which the security of protocols can be discussed precisely, and algorithms and characterizations that can be used to determine protocol security in these models are given.
Book ChapterDOI
CHAPTER 1 – The Linear Time - Branching Time Spectrum I.* The Semantics of Concrete, Sequential Processes
TL;DR: Various semantics in the linear time - branching time spectrum are presented in a uniform, model-independent way, and for each of them a complete axiomatization is provided.
Book ChapterDOI
Verification on Infinite Structures
TL;DR: This chapter presents a hierarchy of infinite-state systems based on the primitive operations of sequential and parallel composition; the hierarchy includes a variety of commonly-studied classes of systems such as context-free and pushdown automata, and Petri net processes.
Journal ArticleDOI
Protocol insecurity with a finite number of sessions and composed keys is NP-complete
TL;DR: It is shown that this problem is NP-complete with respect to a Dolev?Yao model of intruders and that in order to build an attack with a fixed number of sessions the intruder needs only to forge messages of linear size.
Book ChapterDOI
Symbolic Trace Analysis of Cryptographic Protocols
TL;DR: This paper proves that the symbolic and the conventional semantics are in full agreement, and gives a method by which trace analysis can be carried out directly on the symbolic model and is proven to be complete for the considered class of properties and is amenable to automatic checking.