Yong Huang,Xuezeng Pan

DOI: https://doi.org/10.1007/978-3-642-23226-8_21

2011-01-01

Abstract:Aiming at the main problem that the link between the formal definition of multilevel security and security goal is not always clear, we propose a new definition of multilevel security closer to the practical application. Due to the fact that separability property based on the construction of covert channels is not practical, we introduce the concept of trusted domain to the theoretical framework initiated by the characteristics of transitive and intransitive security policy. Following that two intuitive propositions with the corresponding proof are proposed.

韩进,蔡圣闻,王崇峻,赖海光,谢俊元

2010-01-01

Journal of Computer Research and Development

Abstract:The security protocol model is the basis of the security protocol analysis and verification. Existing modeling methods have some shortcomings, such as high complexity, bad reusability, and so on. A typed π calculus-π(superscript t) calculus is presented in this paper, and its type rules and evaluation rules are also given. It is proved that π(superscript t) calculus is a safely typed system. π(superscript t) calculus can be used to build formal models of security protocols and their attackers. NRL protocol is taken for an example to show how to build a security protocol model based on π(superscript t) calculus. The attacker model for a security protocol is also presented in this paper. The action ability which the attacker model based on π(superscript t) calculus has is proved the same to the D-Y attacker model. So the correctness of the results which come from verifying the security protocol models based on π(superscript t) calculus is promised. The security protocol modeling approach based on π(superscript t) calculus can give more detailed description of the semantics of protocol data and the knowledge of participators. Compared with other kinds of methods, this method has better usability and high reusability and can provide more analysis support. The analysis result shows that the method can detect flaws of a security protocol in its modeling process.

Joshua Guttman

DOI: https://doi.org/10.4204/EPTCS.8.5

2009-11-11

Abstract:A model-theoretic approach can establish security theorems for cryptographic protocols. Formulas expressing authentication and non-disclosure properties of protocols have a special form. They are quantified implications for all xs . (phi implies for some ys . psi). Models (interpretations) for these formulas are *skeletons*, partially ordered structures consisting of a number of local protocol behaviors. Realized skeletons contain enough local sessions to explain all the behavior, when combined with some possible adversary behaviors. We show two results. (1) If phi is the antecedent of a security goal, then there is a skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there is a homomorphism from A_phi to B. (2) A protocol enforces for all xs . (phi implies for some ys . psi) iff every realized homomorphic image of A_phi satisfies psi. Hence, to verify a security goal, one can use the Cryptographic Protocol Shapes Analyzer CPSA (TACAS, 2007) to identify minimal realized skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in each of these shapes, then the goal holds.

Cryptography and Security,Logic in Computer Science

Vincent Cheval,Steve Kremer,Itsaka Rakotonirina

DOI: https://doi.org/10.46298/theoretics.24.4

2024-03-12

Abstract:Automated verification has become an essential part in the security evaluation of cryptographic protocols. In this context privacy-type properties are often modelled by indistinguishability statements, expressed as behavioural equivalences in a process calculus. In this paper we contribute both to the theory and practice of this verification problem. We establish new complexity results for static equivalence, trace equivalence and labelled bisimilarity and provide a decision procedure for these equivalences in the case of a bounded number of protocol sessions. Our procedure is the first to decide trace equivalence and labelled bisimilarity exactly for a large variety of cryptographic primitives -- those that can be represented by a subterm convergent destructor rewrite system. We also implemented the procedure in a new tool, DeepSec. We showed through extensive experiments that it is significantly more efficient than other similar tools, while at the same time raises the scope of the protocols that can be analysed.

Cryptography and Security

Michele Boreale,Maria Grazia Buscemi

DOI: https://doi.org/10.1016/j.tcs.2005.03.044

IF: 1.002

2005-06-01

Theoretical Computer Science

Abstract:In security protocols, message exchange between the intruder and honest participants induces a form of state explosion which makes protocol models infinite. We propose a general method for automatic analysis of security protocols based on the notion of frame, essentially a rewrite system plus a set of distinguished terms called messages. Frames are intended to model generic crypto-systems. Based on frames, we introduce a process language akin to Abadi and Fournet's applied pi. For this language, we define a symbolic operational semantics that relies on unification and provides finite and effective protocol models. Next, we give a method to carry out trace analysis directly on the symbolic model. We spell out a regularity condition on the underlying frame, which guarantees completeness of our method for the considered class of properties, including secrecy and various forms of authentication. We show how to instantiate our method to some of the most common crypto-systems, including shared- and public-key encryption, hashing and Diffie–Hellman key exchange.

computer science, theory & methods

Myrto Arapinis,Vincent Cheval,Stéphanie Delaune

DOI: https://doi.org/10.48550/arXiv.1407.5444

2014-10-21

Abstract:Security protocols are used in many of our daily-life applications, and our privacy largely depends on their design. Formal verification techniques have proved their usefulness to analyse these protocols, but they become so complex that modular techniques have to be developed. We propose several results to safely compose security protocols. We consider arbitrary primitives modeled using an equational theory, and a rich process algebra close to the applied pi calculus. Relying on these composition results, we are able to derive some security properties on a protocol from the security analysis performed on each sub-protocol individually. We consider parallel composition and the case of key-exchange protocols. Our results apply to deal with confidentiality but also privacy-type properties (e.g. anonymity, unlinkability) expressed using a notion of equivalence. We illustrate the usefulness of our composition results on protocols from the 3G phone application and electronic passport.

Cryptography and Security

ZHANG Yu-qing,WANG Lei,XIAO Guo-zhen,WU Jian-ping

2000-01-01

Journal of Software

Abstract:It is an important and hard problem in the area of computer network security to analyze cryptographic protocols. A methodology is presented using a model checke r of formal methods, SMV (symbolic model verifier), to analyze the well known Ne edham-Schroeder Public-Key Protocol. The SMV is used to discover an attack upo n the protocol, which has never been discovered by BAN logic. Finally, the proto col is adapted, and then the SMV is used to show that the new protocol is secure .

Cong Sun,Liyong Tang,Zhong Chen

DOI: https://doi.org/10.1109/infcomw.2011.5928777

2011-01-01

Abstract:Language-based information flow security aims to decide whether an action-observable program can unintentionally leak confidential information if it has the authority to access confidential data. Recent concerns about declassification polices have provided many choices for practical intended information release, but more precise enforcement mechanism for these policies is insufficiently studied. In this paper, we propose a security property on the where-dimension of declassification and present an enforcement based on automated verification. The approach automatically transforms the abstract model with a variant of self-composition, and checks the reachability of illegal-flow state of the model after transformation. The self-composition is equipped with a store-match pattern to reduce the state space and to model the equivalence of declassified expressions in the premise of property. The evaluation shows that our approach is more precise than type-based enforcement.

Bruno Montalto

DOI: https://doi.org/10.3929/ethz-a-010349801

Abstract:Security protocols are distributed programs designed to ensure secure communication in a network controlled by an adversary. They are widely used today for securing on-line services such as personal communication and electronic voting. Their design is notoriously error-prone, and a great deal of research has been devoted to their analysis. In this thesis we provide two main contributions towards the automated analysis of such protocols: algorithms for the symbolic analysis of equivalence properties, and a symbolic probabilistic framework for security protocol analysis. We consider the problem of verifying two equivalence properties relevant in protocol analysis: static equivalence and trace equivalence. Both notions model the property that an attacker cannot distinguish between two protocol executions, and they have been used to model security goals such as off-line guessing, electronic voting anonymity, and RFID untraceability. Static equivalence is concerned with an attacker who passively eavesdrop on a network and then tries to distinguish between possible executions by performing off-line computations. Trace equivalence is used in the analysis of security properties against an attacker who may participate actively in protocol execution. We present an efficient decision procedure for static equivalence under equational theories generated by subterm convergent rewriting systems. This class of theories encompasses the most common cryptographic primitives, including symmetric and asymmetric encryption and decryption, hash functions and digital signatures. Our algorithm achieves a better asymptotic complexity than competing algorithms, albeit with a narrower scope. We discuss its implementation in the FAST tool and show that it indeed performs much more efficiently than other existing tools for the same task. We also present a procedure for deciding the trace equivalence of bounded simple processes under equational theories generated by convergent rewriting systems and for which a finitary unification algorithm exists. Although we do not have a termination result, our procedure is correct for the largest class of equational theories handled by any existing procedure for deciding trace equivalence and, together with the work by Cheval et. al [64], it is the only one to handle non-trivial else branches. Finally, we introduce a symbolic probabilistic framework for the analysis of security protocols. Our framework provides a general method for expressing weak-

Computer Science

R Pradeep,N.R Sunitha,V Ravi,Sushma Verma

DOI: https://doi.org/10.1109/icccnt45670.2019.8944623

2019-07-01

Abstract:Designing a perfect security protocol is a difficult task and requires a good effort and knowledge of Cryptography which is an art of secret writing. In order to achieve high reliability of security protocols, the testing technique is not suitable, because the testing technique has got many drawbacks. To achieve high reliability of security protocols, proving the correctness of security protocols is very much essential. To prove and verify the correctness of security protocols the Formal Verification technique is the best solution because it provides the mathematical proof for the correctness of security protocols. TACACS+ (Terminal Access Controller Access-Control System Plus) [6] is one the important security protocol used by most of the Cisco network communication devices to provide Authentication, Authorization, and Accountability (popularly known as AAA services) services to the host devices. In the proposed work, the TACACS+ security protocol is formally verified using the Model Checking technique. Using the Scyther [12] model checker the Confidentiality and Authentication security properties of TACACS+ security protocol is successfully verified.

Qurat ul Ain Nizamani,Emilio Tuosto

DOI: https://doi.org/10.4204/EPTCS.7.5

2009-10-21

Abstract:Model checking is an automatic verification technique to verify hardware and software systems. However it suffers from state-space explosion problem. In this paper we address this problem in the context of cryptographic protocols by proposing a security property-dependent heuristic. The heuristic weights the state space by exploiting the security formulae; the weights may then be used to explore the state space when searching for attacks.

Cryptography and Security,Logic in Computer Science,Programming Languages

Thi Minh Chau Le,Xuan Thang Pham,Vinh Thinh Le

DOI: https://doi.org/10.54644/jte.2024.1523

2024-02-28

Journal of Technical Education Science

Abstract:In the dynamic field of Internet security, verifying and analyzing security protocols is crucial for ensuring secure and effective communication. This paper presents an analysis of leading tools used for the verification, falsification, and analysis of security protocols, focusing particularly on Scyther and Tamarin. We examine the methodologies, capabilities, and applications of these tools in various contexts, including cloud computing and IoT, highlighting their unique approaches and contributions to the field. The paper starts with an examination of the Scyther tool, emphasizing its innovative approach to automated falsification and verification, and its application in multi-protocol analysis. We then transition to exploring the use of Scyther in verifying key agreement protocols in cloud computing. A comparative analysis of Scyther and Tamarin is also presented, shedding light on their effectiveness in identifying security properties and revealing the strengths and weaknesses of different protocols. This is further enriched by a detailed look at the unbounded verification capabilities of Scyther. Additionally, the paper covers the capabilities of the Tamarin prover, exploring its advanced features in symbolic analysis, its ability to handle complex security properties, and its application in verifying protocol implementations. Through this paper, we aim to provide a comprehensive overview of the current landscape in security protocol verification, offering insights into the methodologies, challenges, and future directions in this essential area of research.

M.L. Martinez Ricci,J. Mazzaferri,A.V. Bragas,O.E. Martinez

DOI: https://doi.org/10.1119/1.2742400

2007-10-02

Abstract:We present a photon counting experiment designed for an undergraduate physics laboratory. The statistics of the number of photons of a pseudo-thermal light source is studied in two limiting cases: much longer and much shorter than the coherence time, giving Poisson and Bose-Einstein distributions, respectively. The experiment can be done in a reasonable time using a digital oscilloscope without the need of counting boards. The use of the oscilloscope has the advantage of allowing the storage of the data for further processing. The stochastic nature of the detection phenomena adds additional value because students are forced to do data processing and analysis.

Optics

CHEN Qiang,HUANG Lian-sheng,ZHAO Xiu-wen

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.06.033

2006-01-01

Abstract:This paper presents a combined analysis method for security protocols.By specifying security protocols using Common Authentication Protocol Specification Language,then convert CAPSL specification into formal inputs for other analysis tools by connector.This method can utilize the advantage of various analysis tools and ensure the accuracy of formal analysis.Meanwhile,it is convenient for analyzer.We design two CAPSL connector and give an instance.

Qin Li,Qingkai Zeng

DOI: https://doi.org/10.1109/nss.2009.12

2009-01-01

Abstract:We present a calculus of concurrent objects for specification and security analysis of ad hoc security protocols. The communicating nodes and the network are modeled by objects, while the interactions between them are modeled by asynchronous method invocations. The internal state of an object is represented by a constant method which can be overridden. The approach is complemented by a control flow analysis which can be used to automatically check properties such as security routing. The attacker model is integrated into the analysis as set values containing the knowledge of the attacker.

Mitsugu Iwamoto,Kazuo Ohta,Junji Shikata

DOI: https://doi.org/10.48550/arXiv.1410.1120

2014-10-05

Abstract:This paper revisits formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols which are very fundamental primitives in cryptography. In general, we can formalize information-theoretic security in various ways: some of them can be formalized as stand-alone security by extending (or relaxing) Shannon's perfect secrecy or by other ways such as semantic security; some of them can be done based on composable security. Then, a natural question about this is: what is the gap between the formalizations? To answer the question, we investigate relationships between several formalizations of information-theoretic security for symmetric-key encryption and key agreement protocols. Specifically, for symmetric-key encryption protocols in a general setting including the case where there exist decryption-errors, we deal with the following formalizations of security: formalizations extended (or relaxed) from Shannon's perfect secrecy by using mutual information and statistical distance; information-theoretic analogues of indistinguishability and semantic security by Goldwasser and Micali; and composable security by Maurer et al. and Canetti. Then, we explicitly show the equivalence and non-equivalence between those formalizations. Under the model, we also derive lower bounds on the adversary's (or distinguisher's) advantage and the size of secret-keys required under all of the above formalizations. Although some of them may be already known, we can explicitly derive them all at once through our relationships between the formalizations. In addition, we briefly observe impossibility results which easily follow from the lower bounds. The similar results are also shown for key agreement protocols in a general setting including the case where there exist agreement-errors in the protocols.

Cryptography and Security,Information Theory

Jianping He,Yushan Li,Lin Cai,Xinping Guan

DOI: https://doi.org/10.48550/arXiv.2205.03556

2022-05-07

Systems and Control

Abstract:Recent years have witnessed the fast advance of security research for networked dynamical system (NDS). Considering the latest inference attacks that enable stealthy and precise attacks into NDSs with observation-based learning, this article focuses on a new security aspect, i.e., how to protect control mechanism secrets from inference attacks, including state information, interaction structure and control laws. We call this security property as control mechanism secrecy, which provides protection of the vulnerabilities in the control process and fills the defense gap that traditional cyber security cannot handle. Since the knowledge of control mechanism defines the capabilities to implement attacks, ensuring control mechanism secrecy needs to go beyond the conventional data privacy to cover both transmissible data and intrinsic models in NDSs. The prime goal of this article is to summarize recent results of both inference attacks on control mechanism secrets and countermeasures. We first introduce the basic inference attack methods on the state and structure of NDSs, respectively, along with their inference performance bounds. Then, the corresponding countermeasures and performance metrics are given to illustrate how to preserve the control mechanism secrecy. Necessary conditions are derived to guide the secrecy design. Finally, thorough discussions on the control laws and open issues are presented, beckoning future investigation on reliable countermeasure design and tradeoffs between the secrecy and control performance.

Xiaohu Li,T. Paul Parker,Shouhuai Xu

DOI: https://doi.org/10.1109/aina.2007.138

2007-01-01

Abstract:Traditional security analyses are often geared towards cryptographic primitives or protocols. Although such analyses are absolutely necessary, they do not provide much insight for answering an equally important question: what is the security assurance of a physically or logically networked system when we consider it as a whole? This question is known to be notoriously difficult, and the state-of-the-art is that we know very little about it. In this paper, we make a step towards resolving it with a new modeling approach.

Dusko Pavlovic,Catherine Meadows

DOI: https://doi.org/10.48550/arXiv.0910.5745

2009-10-29

Cryptography and Security

Abstract:As mobile devices pervade physical space, the familiar authentication patterns are becoming insufficient: besides entity authentication, many applications require, e.g., location authentication. Many interesting protocols have been proposed and implemented to provide such strengthened forms of authentication, but there are very few proofs that such protocols satisfy the required security properties. The logical formalisms, devised for reasoning about security protocols on standard computer networks, turn out to be difficult to adapt for reasoning about hybrid protocols, used in pervasive and heterogenous networks. <p> We refine the Dolev-Yao-style algebraic method for protocol analysis by a probabilistic model of guessing, needed to analyze protocols that mix weak cryptography with physical properties of nonstandard communication channels. Applying this model, we provide a precise security proof for a proximity authentication protocol, due to Hancke and Kuhn, that uses a subtle form of probabilistic reasoning to achieve its goals.

Zhuoruo Zhang,Jilin Hu,Chenyang Yu,Rui Chang,Yongwang Zhao

DOI: https://doi.org/10.1109/icws60048.2023.00022

2023-01-01

Abstract:Virtual Private Cloud (VPC) has become a widely used cloud computing service, serving as a foundational web infrastructure for many organizations. Nevertheless, the growing problem of reachability issues poses significant threats to the security and reliability of VPC networks, potentially resulting in critical security concerns such as data breaches and service outages. Although there has been substantial progress in recent reachability analysis, existing methods lack validation of correctness. Moreover, current analyses are tailored for One-to-One reachability where both the source and the destination are fixed, and fail to efficiently answer One-to-Multi reachability queries, which involve computing all reachable destinations for a given source node. To address the above challenges, we propose VeriReach, the first formally verified algorithm that provides comprehensive and efficient reachability analysis in large-scale VPC networks. The reachability analysis result of VeriReach is proved to be equivalent to the original reachability semantics of the VPC networks, ensuring its correctness (i.e., soundness and completeness). The fine-grained formalization of VeriReach and its fully mechanized correctness proofs are carried out in Isabelle/HOL theorem prover with 282 lemmas/theorems and $\sim 4,900{\mathrm{LoC}}$. We further implement VeriReach in C++ and the evaluations indicate that VeriReach is more efficient and scalable than MonoSAT, the state-of-the-art SMT solver, when applied to large-scale VPC networks for reachability analysis.