An Experiment in Ping-Pong Protocol Verification by Nondeterministic Pushdown Automata

TL;DR

This paper demonstrates that security verification of cryptographic protocols under the Dolev-Yao model can be effectively performed using two-way nondeterministic pushdown automata, ensuring termination and simplifying the process.

Contribution

It introduces an interpretive approach for protocol verification with 2NPDA, separating logic from control, and applies automata theory to practical cryptographic security analysis.

Findings

Verification terminates in cubic time on a 2NPDA-simulator.

The interpretive approach simplifies the verification process.

Automata theory can be applied to practical cryptographic problems.

Abstract

An experiment is described that confirms the security of a well-studied class of cryptographic protocols (Dolev-Yao intruder model) can be verified by two-way nondeterministic pushdown automata (2NPDA). A nondeterministic pushdown program checks whether the intersection of a regular language (the protocol to verify) and a given Dyck language containing all canceling words is empty. If it is not, an intruder can reveal secret messages sent between trusted users. The verification is guaranteed to terminate in cubic time at most on a 2NPDA-simulator. The interpretive approach used in this experiment simplifies the verification, by separating the nondeterministic pushdown logic and program control, and makes it more predictable. We describe the interpretive approach and the known transformational solutions, and show they share interesting features. Also noteworthy is how abstract results from automata theory can solve practical problems by programming language means.