2020
DOI: 10.1007/s10817-020-09582-9
|View full text |Cite
|
Sign up to set email alerts
|

A Decidable Class of Security Protocols for Both Reachability and Equivalence Properties

Abstract: We identify a new decidable class of security protocols, both for reachability and equivalence properties. Our result holds for an unbounded number of sessions and for protocols with nonces. It covers all standard cryptographic primitives. Our class sets up three main assumptions. (i) Protocols need to be without else branch and "simple", meaning that an attacker can precisely identify from which participant and which session a message originates from. (ii) Protocols should be type-compliant which is intuitive… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
3
1
1

Citation Types

2
11
0

Year Published

2020
2020
2024
2024

Publication Types

Select...
5
1

Relationship

0
6

Authors

Journals

citations
Cited by 6 publications
(13 citation statements)
references
References 29 publications
(60 reference statements)
2
11
0
Order By: Relevance
“…• In [16], [21], the notion of typed protocols is relaxed to consider type-compliance, that intuitively requires that unifiable messages have the same type. While protocol agents may receive arbitrary messages, type-compliance ensures the existence of a well-typed witness when an attack exists.…”
Section: Related Work Several Results Have Studied This Questionmentioning
confidence: 99%
See 2 more Smart Citations
“…• In [16], [21], the notion of typed protocols is relaxed to consider type-compliance, that intuitively requires that unifiable messages have the same type. While protocol agents may receive arbitrary messages, type-compliance ensures the existence of a well-typed witness when an attack exists.…”
Section: Related Work Several Results Have Studied This Questionmentioning
confidence: 99%
“…While protocol agents may receive arbitrary messages, type-compliance ensures the existence of a well-typed witness when an attack exists. In [16], [21], the notion of dependency graph is introduced with the aim to characterize how actions depend from the other ones. For protocols with an acyclic dependency graph, the number of sessions can be bounded and hence reachability and equivalence properties are decidable.…”
Section: Related Work Several Results Have Studied This Questionmentioning
confidence: 99%
See 1 more Smart Citation
“…First work, which expounds a CP model based on Milner's approach, is [99AG]. Among other works related to this direction, it should be noted [00RS], [01AF], [05KR], [07ABF], [11RS], [16ABF], [16B], [17CW], [21CDS].…”
Section: An Overview Of Methods Of Modeling and Verification Of Crypt...mentioning
confidence: 99%
“…Without else branches there is still an attack. Some papers that analyse the BAC protocol drop the else branch [CDS20]. This is convenient since not all tools and methods handle else branches.…”
Section: 33mentioning
confidence: 99%