Timed protocol insecurity problem is NP-complete

In this paper we study the protocol insecurity problem for time-dependent security protocols under the finite number of sessions’ assumption, extending to the timed case, previous results obtained for the same problem in the untimed case. In particular, we propose a timed specification language, which allows to model temporal features typically involved in the implementation of security protocols. We introduce a stronger version of the Dolev–Yao intruder, by allowing it to generate new timestamps which can affect the execution of a protocol sensitive to their temporal validity. We prove that this temporal extension together with the increased power of the intruder model do not affect the complexity of the protocol insecurity problem, which remains NP-complete as in the untimed case.

► The insecurity problem for time-dependent security protocols is analyzed.
► A specification language to model time-dependent features of protocols is proposed.
► We introduce a timed extension of the Dolev–Yao intruder model.
► The intruder is allowed to generate arbitrary timestamps during an attack.
► The insecurity problem is analyzed and proved to be NP-complete.