21 research outputs found
Automatic Methods for Analyzing Non-Repudiation Protocols with an Active Intruder
Non-repudiation protocols have an important role in many areas where secured
transactions with proofs of participation are necessary. Formal methods are
clever and without error, therefore using them for verifying such protocols is
crucial. In this purpose, we show how to partially represent non-repudiation as
a combination of authentications on the Fair Zhou-Gollmann protocol. After
discussing its limits, we define a new method based on the handling of the
knowledge of protocol participants. This method is very general and is of
natural use, as it consists in adding simple annotations, like for
authentication problems. The method is very easy to implement in tools able to
handle participants knowledge. We have implemented it in the AVISPA Tool and
analyzed the optimistic Cederquist-Corin- Dashti protocol, discovering two
unknown attacks. This extension of the AVISPA Tool for handling non-repudiation
opens a highway to the specification of many other properties, without any more
change in the tool itself
Security analysis of an e-commerce solution
The escalation in the number of people with access to the Internet has fuelled the growth of e-commerce transactions. In order to stimulate this growth in e-commerce, the adoption of new business models will be required. In this thesis, we propose the idea of bringing the multi-level marketing business model into the e-commerce world. For e-commerce applications to take advantage of the business potential in this business model, some challenging security problems need to be resolved. Our proposed protocol provides a method for fair exchange of valuable items between multiple-parties in accordance with the multi-level marketing business model. It also provides the required security services needed to increase the overall customers' trust in e-commerce, and hence increase the rate of committed online transactions. These security services include content assurance, confidentiality, fair exchange and non-repudiation. The above security services are usually attained through the use of cryptography. For example, digital rights management systems deliver e-goods in an encrypted format. As these e-goods are decrypted before being presented to the end user, cryptographic keys may appear in the memory which leaves it vulnerable to memory disclosure attacks. In the second part of this thesis, we investigate a set of memory disclosure attacks which may compromise the confidentiality of cryptographic keys. We demonstrate that the threat of these attacks is real by exposing the secret private keys of several cryptographic algorithms used by different cryptographic implementations of the Java Cryptographic Extension (JCE
Most General Winning Secure Equilibria Synthesis in Graph Games
This paper considers the problem of co-synthesis in -player games over a
finite graph where each player has an individual -regular specification
. In this context, a secure equilibrium (SE) is a Nash equilibrium
w.r.t. the lexicographically ordered objectives of each player to first satisfy
their own specification, and second, to falsify other players' specifications.
A winning secure equilibrium (WSE) is an SE strategy profile
that ensures the specification
if no player deviates from their strategy
. Distributed implementations generated from a WSE make components act
rationally by ensuring that a deviation from the WSE strategy profile is
immediately punished by a retaliating strategy that makes the involved players
lose.
In this paper, we move from deviation punishment in WSE-based implementations
to a distributed, assume-guarantee based realization of WSE. This shift is
obtained by generalizing WSE from strategy profiles to specification profiles
with , which
we call most general winning secure equilibria (GWSE). Such GWSE have the
property that each player can individually pick a strategy winning for
(against all other players) and all resulting strategy profiles
are guaranteed to be a WSE. The obtained flexibility in
players' strategy choices can be utilized for robustness and adaptability of
local implementations.
Concretely, our contribution is three-fold: (1) we formalize GWSE for
-player games over finite graphs, where each player has an -regular
specification ; (2) we devise an iterative semi-algorithm for GWSE
synthesis in such games, and (3) obtain an exponential-time algorithm for GWSE
synthesis with parity specifications .Comment: TACAS 202
Expressing Receipt-Freeness and Coercion-Resistance in Logics of Strategic Ability: Preliminary Attempt
ABSTRACT Voting is a mechanism of utmost importance to social processes. In this paper, we focus on the strategic aspect of information security in voting procedures. We argue that the notions of receipt-freeness and coercion resistance are underpinned by existence (or nonexistence) of a suitable strategy for some participants of the voting process. In order to back the argument formally, we provide logical "transcriptions" of the informal intuitions behind coercion-related properties that can be found in the existing literature. The transcriptions are formulated in the modal game logic ATL * , well known in the area of multi-agent systems
Infinite State AMC-Model Checking for Cryptographic Protocols
Only very little is known about the automatic analysis of cryptographic protocols for game-theoretic security properties. In this paper, we therefore study decidability and complexity of the model checking problem for AMC-formulas over infinite state concurrent game structures induced by cryptographic protocols and the Dolev-Yao intruder. We show that the problem is NEXPTIME-complete when making reasonable assumptions about protocols and for an expressive fragment of AMC, which contains, for example, all properties formulated by Kremer and Raskin in fair ATL for contract-signing and non-repudiation protocols. We also prove that our assumptions on protocols are necessary to obtain decidability
A Game-Based Verification of Non-Repudiation and Fair Exchange Protocols
In this paper, we report on a recent work for the verification of non-repudiation protocols. We propose a verification method based on the idea that non-repudiation protocols are best modeled as games. To formalize this idea, we use alternating transition systems, a game based model, to model protocols and alternating temporal logic, a game based logic, to express requirements that the protocols must ensure. This method is automated by using the model-checker Mocha, a model-checker that supports the alternating transition systems and the alternating temporal logic. Several optimistic protocols are analyzed using Mocha.CONCUR'01info:eu-repo/semantics/publishe
A game-based verification of non-repudiation and fair exchange protocols
SCOPUS: ar.jinfo:eu-repo/semantics/publishe