9,454 research outputs found
A New Method to Analyze the Security of Protocol Implementations Based on Ideal Trace
The security analysis of protocols on theory level cannot guarantee the security of protocol implementations. To solve this problem, researchers have done a lot, and many achievements have been reached in this field, such as model extraction and code generation. However, the existing methods do not take the security of protocol implementations into account. In this paper, we have proposed to exploit the traces of function return values to analyze the security of protocol implementations at the source code level. Taking classic protocols into consideration, for example (like the Needham-Schroeder protocol and the Diffie-Hellman protocol, which cannot resist man-in-the-middle attacks), we have analyzed man-in-the-middle attacks during the protocol implementations and have carried out experiments. It has been shown in the experiments that our new method works well. Different from other methods of analyzing the security of protocol implementations in the literatures, our new method can avoid some flaws of program languages (like C language memory access, pointer analysis, etc.) and dynamically analyze the security of protocol implementations
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Security of quantum key distribution with imperfect devices
We prove the security of the Bennett-Brassard (BB84) quantum key distribution
protocol in the case where the source and detector are under the limited
control of an adversary. Our proof applies when both the source and the
detector have small basis-dependent flaws, as is typical in practical
implementations of the protocol. We derive a general lower bound on the
asymptotic key generation rate for weakly basis-dependent eavesdropping
attacks, and also estimate the rate in some special cases: sources that emit
weak coherent states with random phases, detectors with basis-dependent
efficiency, and misaligned sources and detectors.Comment: 22 pages. (v3): Minor changes. (v2): Extensively revised and
expanded. New results include a security proof for generic small flaws in the
source and the detecto
Security of two-way quantum key distribution
Quantum key distribution protocols typically make use of a one-way quantum
channel to distribute a shared secret string to two distant users. However,
protocols exploiting a two-way quantum channel have been proposed as an
alternative route to the same goal, with the potential advantage of
outperforming one-way protocols. Here we provide a strategy to prove security
for two-way quantum key distribution protocols against the most general quantum
attack possible by an eavesdropper. We utilize an entropic uncertainty
relation, and only a few assumptions need to be made about the devices used in
the protocol. We also show that a two-way protocol can outperform comparable
one-way protocols.Comment: 10 pages, 5 figure
Timed Analysis of Security Protocols
We propose a method for engineering security protocols that are aware of
timing aspects. We study a simplified version of the well-known Needham
Schroeder protocol and the complete Yahalom protocol, where timing information
allows the study of different attack scenarios. We model check the protocols
using UPPAAL. Further, a taxonomy is obtained by studying and categorising
protocols from the well known Clark Jacob library and the Security Protocol
Open Repository (SPORE) library. Finally, we present some new challenges and
threats that arise when considering time in the analysis, by providing a novel
protocol that uses time challenges and exposing a timing attack over an
implementation of an existing security protocol
Analysis of Imperfections in Practical Continuous-Variable Quantum Key Distribution
As quantum key distribution becomes a mature technology, it appears clearly
that some assumptions made in the security proofs cannot be justified in
practical implementations. This might open the door to possible side-channel
attacks. We examine several discrepancies between theoretical models and
experimental setups in the case of continuous-variable quantum key
distribution. We study in particular the impact of an imperfect modulation on
the security of Gaussian protocols and show that approximating the theoretical
Gaussian modulation with a discrete one is sufficient in practice. We also
address the issue of properly calibrating the detection setup, and in
particular the value of the shot noise. Finally, we consider the influence of
phase noise in the preparation stage of the protocol and argue that taking this
noise into account can improve the secret key rate because this source of noise
is not controlled by the eavesdropper.Comment: 4 figure
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
- …