6,239 research outputs found
Execution Models for Choreographies and Cryptoprotocols
A choreography describes a transaction in which several principals interact.
Since choreographies frequently describe business processes affecting
substantial assets, we need a security infrastructure in order to implement
them safely. As part of a line of work devoted to generating cryptoprotocols
from choreographies, we focus here on the execution models suited to the two
levels.
We give a strand-style semantics for choreographies, and propose a special
execution model in which choreography-level messages are faithfully delivered
exactly once. We adapt this model to handle multiparty protocols in which some
participants may be compromised.
At level of cryptoprotocols, we use the standard Dolev-Yao execution model,
with one alteration. Since many implementations use a "nonce cache" to discard
multiply delivered messages, we provide a semantics for at-most-once delivery
Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions
As computation spreads from computers to networks of computers, and migrates
into cyberspace, it ceases to be globally programmable, but it remains
programmable indirectly: network computations cannot be controlled, but they
can be steered by local constraints on network nodes. The tasks of
"programming" global behaviors through local constraints belong to the area of
security. The "program particles" that assure that a system of local
interactions leads towards some desired global goals are called security
protocols. As computation spreads beyond cyberspace, into physical and social
spaces, new security tasks and problems arise. As networks are extended by
physical sensors and controllers, including the humans, and interlaced with
social networks, the engineering concepts and techniques of computer security
blend with the social processes of security. These new connectors for
computational and social software require a new "discipline of programming" of
global behaviors through local constraints. Since the new discipline seems to
be emerging from a combination of established models of security protocols with
older methods of procedural programming, we use the name procedures for these
new connectors, that generalize protocols. In the present paper we propose
actor-networks as a formal model of computation in heterogenous networks of
computers, humans and their devices; and we introduce Procedure Derivation
Logic (PDL) as a framework for reasoning about security in actor-networks. On
the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL)
that evolved through our work in security in last 10 years. Both formalisms are
geared towards graphic reasoning and tool support. We illustrate their workings
by analysing a popular form of two-factor authentication, and a multi-channel
device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended
references, added discussio
Security Theorems via Model Theory
A model-theoretic approach can establish security theorems for cryptographic
protocols. Formulas expressing authentication and non-disclosure properties of
protocols have a special form. They are quantified implications for all xs .
(phi implies for some ys . psi). Models (interpretations) for these formulas
are *skeletons*, partially ordered structures consisting of a number of local
protocol behaviors. Realized skeletons contain enough local sessions to explain
all the behavior, when combined with some possible adversary behaviors. We show
two results. (1) If phi is the antecedent of a security goal, then there is a
skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there
is a homomorphism from A_phi to B. (2) A protocol enforces for all xs . (phi
implies for some ys . psi) iff every realized homomorphic image of A_phi
satisfies psi. Hence, to verify a security goal, one can use the Cryptographic
Protocol Shapes Analyzer CPSA (TACAS, 2007) to identify minimal realized
skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in
each of these shapes, then the goal holds
Automating Security Protocol Analysis
When Roger Needham and Michael Schroeder first introduced a seemingly secure protocol 24, it took over 18 years to discover that even with the most secure encryption, the conversations using this protocol were still subject to penetration. To date, there is still no one protocol that is accepted for universal use. Because of this, analysis of the protocol outside the encryption is becoming more important. Recent work by Joshua Guttman and others 9 have identified several properties that good protocols often exhibit. Termed Authentication Tests, these properties have been very useful in examining protocols. The purpose of this research is to automate these tests and thus help expedite the analysis of both existing and future protocols. The success of this research is shown through rapid analysis of numerous protocols for the existence of authentication tests. The result of this is that an analyst is now able to ascertain in near real-time whether or not a proposed protocol is of a sound design or whether an existing protocol may contain previously unknown weaknesses. The other achievement of this research is the generality of the input process involved. Although there exist other protocol analyzers, their use is limited primarily due to their complexity of use. With the tool generated here, an analyst needs only to enter their protocol into a standard text file; and almost immediately, the analyzer determines the existence of the authentication tests
- …