Towards the verification of security protocols that use temporary secrets

The rank functions approach to protocol analysis is incomplete with respect to secrecy specifications. In particular, security protocols that use temporary secrets may be un-verifiable within the framework. This paper investigates the incompleteness and proposes a solution based on a novel theory of combined rank functions. We define a procedure by which a protocol that contains a single temporary secret may be divided (under some reasonable assumptions) into two sub-protocols such that the temporary secret is a secret in the first sub-protocol and a public value in the second sub-protocol. We prove a result that allows us to conclude the correctness of the entire protocol from the correctness of each of its sub-protocols. The utility of the approach is illustrated by the use of a combination of two rank functions to verify a protocol that has no proof in the standard rank functions approach.