Verification of randomized security protocols

Rohit Chadha; A. Prasad Sistla; Mahesh Viswanathan

doi:10.1109/LICS.2017.8005126

Verification of randomized security protocols

Rohit Chadha, A. Prasad Sistla, Mahesh Viswanathan

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

We consider the problem of verifying the security of finitely many sessions of a protocol that tosses coins in addition to standard cryptographic primitives against a Dolev-Yao adversary. Two properties are investigated here - secrecy, which asks if no adversary interacting with a protocol P can determine a secret sec with probability > 1 - p; and indistinguishability, which asks if the probability observing any sequence 0 in P₁ is the same as that of observing 0 in P₂, under the same adversary. Both secrecy and indistinguishability are known to be coNP-complete for non-randomized protocols. In contrast, we show that, for randomized protocols, secrecy and indistinguishability are both decidable in coNEXPTIME. We also prove a matching lower bound for the secrecy problem by reducing the non-satisfiability problem of monadic first order logic without equality.

Original language	English (US)
Title of host publication	2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017
Publisher	Institute of Electrical and Electronics Engineers Inc.
ISBN (Electronic)	9781509030187
DOIs	https://doi.org/10.1109/LICS.2017.8005126
State	Published - Aug 8 2017
Event	32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017 - Reykjavik, Iceland Duration: Jun 20 2017 → Jun 23 2017

Publication series

Name	Proceedings - Symposium on Logic in Computer Science
ISSN (Print)	1043-6871

Other

Other	32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017
Country/Territory	Iceland
City	Reykjavik
Period	6/20/17 → 6/23/17

ASJC Scopus subject areas

Software
Mathematics(all)

Online availability

10.1109/LICS.2017.8005126

Library availability

Discover UIUC Full Text

Cite this

Verification of randomized security protocols. / Chadha, Rohit; Sistla, A. Prasad; Viswanathan, Mahesh.
2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017. Institute of Electrical and Electronics Engineers Inc., 2017. 8005126 (Proceedings - Symposium on Logic in Computer Science).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chadha, R, Sistla, AP & Viswanathan, M 2017, Verification of randomized security protocols. in 2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017., 8005126, Proceedings - Symposium on Logic in Computer Science, Institute of Electrical and Electronics Engineers Inc., 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017, Reykjavik, Iceland, 6/20/17. https://doi.org/10.1109/LICS.2017.8005126

@inproceedings{98cc10e447354ecc8b9356d38f0374f7,

title = "Verification of randomized security protocols",

abstract = "We consider the problem of verifying the security of finitely many sessions of a protocol that tosses coins in addition to standard cryptographic primitives against a Dolev-Yao adversary. Two properties are investigated here - secrecy, which asks if no adversary interacting with a protocol P can determine a secret sec with probability > 1 - p; and indistinguishability, which asks if the probability observing any sequence 0 in P1 is the same as that of observing 0 in P2, under the same adversary. Both secrecy and indistinguishability are known to be coNP-complete for non-randomized protocols. In contrast, we show that, for randomized protocols, secrecy and indistinguishability are both decidable in coNEXPTIME. We also prove a matching lower bound for the secrecy problem by reducing the non-satisfiability problem of monadic first order logic without equality.",

author = "Rohit Chadha and Sistla, {A. Prasad} and Mahesh Viswanathan",

note = "Funding Information: Acknowledgements. We thanks the anonymous reviewers for their useful comments and suggestions. Rohit Chadha was partially supported by NSF CNS 1314338 and NSF CNS 1553548. A. Prasad Sistla was partially supported by NSF CCF 1319754, NSF CCF 1564296 and NSF CNS 1314485. Mahesh Viswanathan was partially supported by NSF CNS 1314485. Publisher Copyright: {\textcopyright} 2017 IEEE.; 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017 ; Conference date: 20-06-2017 Through 23-06-2017",

year = "2017",

month = aug,

day = "8",

doi = "10.1109/LICS.2017.8005126",

language = "English (US)",

series = "Proceedings - Symposium on Logic in Computer Science",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

booktitle = "2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017",

address = "United States",

}

TY - GEN

T1 - Verification of randomized security protocols

AU - Chadha, Rohit

AU - Sistla, A. Prasad

AU - Viswanathan, Mahesh

N1 - Funding Information: Acknowledgements. We thanks the anonymous reviewers for their useful comments and suggestions. Rohit Chadha was partially supported by NSF CNS 1314338 and NSF CNS 1553548. A. Prasad Sistla was partially supported by NSF CCF 1319754, NSF CCF 1564296 and NSF CNS 1314485. Mahesh Viswanathan was partially supported by NSF CNS 1314485. Publisher Copyright: © 2017 IEEE.

PY - 2017/8/8

Y1 - 2017/8/8

N2 - We consider the problem of verifying the security of finitely many sessions of a protocol that tosses coins in addition to standard cryptographic primitives against a Dolev-Yao adversary. Two properties are investigated here - secrecy, which asks if no adversary interacting with a protocol P can determine a secret sec with probability > 1 - p; and indistinguishability, which asks if the probability observing any sequence 0 in P1 is the same as that of observing 0 in P2, under the same adversary. Both secrecy and indistinguishability are known to be coNP-complete for non-randomized protocols. In contrast, we show that, for randomized protocols, secrecy and indistinguishability are both decidable in coNEXPTIME. We also prove a matching lower bound for the secrecy problem by reducing the non-satisfiability problem of monadic first order logic without equality.

AB - We consider the problem of verifying the security of finitely many sessions of a protocol that tosses coins in addition to standard cryptographic primitives against a Dolev-Yao adversary. Two properties are investigated here - secrecy, which asks if no adversary interacting with a protocol P can determine a secret sec with probability > 1 - p; and indistinguishability, which asks if the probability observing any sequence 0 in P1 is the same as that of observing 0 in P2, under the same adversary. Both secrecy and indistinguishability are known to be coNP-complete for non-randomized protocols. In contrast, we show that, for randomized protocols, secrecy and indistinguishability are both decidable in coNEXPTIME. We also prove a matching lower bound for the secrecy problem by reducing the non-satisfiability problem of monadic first order logic without equality.

UR - http://www.scopus.com/inward/record.url?scp=85029486645&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85029486645&partnerID=8YFLogxK

U2 - 10.1109/LICS.2017.8005126

DO - 10.1109/LICS.2017.8005126

M3 - Conference contribution

AN - SCOPUS:85029486645

T3 - Proceedings - Symposium on Logic in Computer Science

BT - 2017 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 32nd Annual ACM/IEEE Symposium on Logic in Computer Science, LICS 2017

Y2 - 20 June 2017 through 23 June 2017

ER -

Verification of randomized security protocols

Abstract

Publication series

Other

ASJC Scopus subject areas

Online availability

Library availability

Related links

Fingerprint

Cite this