382 research outputs found
Automatic Methods for Analyzing Non-Repudiation Protocols with an Active Intruder
Non-repudiation protocols have an important role in many areas where secured
transactions with proofs of participation are necessary. Formal methods are
clever and without error, therefore using them for verifying such protocols is
crucial. In this purpose, we show how to partially represent non-repudiation as
a combination of authentications on the Fair Zhou-Gollmann protocol. After
discussing its limits, we define a new method based on the handling of the
knowledge of protocol participants. This method is very general and is of
natural use, as it consists in adding simple annotations, like for
authentication problems. The method is very easy to implement in tools able to
handle participants knowledge. We have implemented it in the AVISPA Tool and
analyzed the optimistic Cederquist-Corin- Dashti protocol, discovering two
unknown attacks. This extension of the AVISPA Tool for handling non-repudiation
opens a highway to the specification of many other properties, without any more
change in the tool itself
Automatic Methods for Analyzing Non-repudiation Protocole with an Active Intruder
International audienceNon-repudiation protocols have an important role in many areas where secured transactions with proofs of participation are necessary. Formal methods are clever and without error, therefore using them for verifying such protocols is crucial. In this purpose, we show how to partially represent non-repudiation as a combination of authentications on the Fair Zhou-Gollmann protocol. After discussing the limitations of this method, we define a new one based on the handling of the knowledge of protocol participants. This second method is general and of natural use, as it consists in adding simple annotations in the protocol specification. It is very easy to implement in tools able to handle participants knowledge. We have implemented it in the AVISPA Tool and analyzed the optimistic Cederquist-Corin-Dashti protocol, discovering two attacks. This extension of the AVISPA Tool for handling non-repudiation opens a highway to the specification of many other properties, without any more change in the tool itself
Study for Automatically Analysing Non-repudiation
While security issues such as secrecy and authentication have been studied intensively, most interest in non-repudiation protocols has only come in recent years. Non-repudiation services must ensure that when two parties exchange informations over a network, neither one nor the other can deny having participated in this communication. Consequently a non-repudiation protocol has to generate evidences of participation to be used in the case of a dispute. In this paper, we present a description of non-repudiation services, and illustrate them on the Fair Zhou-Gollmann protocol. Then we show how to define non-repudiation properties with the AVISPA tool and explain how they can be automatically verified
Electronic negotiation and security of information exchanged in e-commerce
In settings such as electronic markets where trading partners have conflicting interests and a desire to cooperate, mobile agent mediated negotiation have become very popular. However, agent-based negotiation in electronic commerce involves the exchange of critical and sensitive data that must be highly safeguarded. Therefore, in order to give benefits of quick and safe trading to the trading partners, an approach that secures the information exchanged between the mobile agents during e-Commerce negotiations is needed. To this end, we discuss an approach that we refer to as Multi-Agent Security NEgotiation Protocol (MASNEP). To show that MASNEP protocol is free of attacks and thus the information exchanged throughout electronic negotiation is truly secured, we provide a formal proof on the correctness of the MASNEP.<br /
Optimistic Non-repudiation Protocol Analysis
The original publication is available at www.springerlink.com ; ISBN 978-3-540-72353-0 (Pring) 0302-9743 (Online) 1611-3349International audienceNon-repudiation protocols with session labels have a number of vulnerabilities. Recently Cederquist, Corin and Dashti have proposed an optimistic non-repudiation protocol that avoids altogether the use of session labels. We have specified and analysed this protocol using an extended version of the AVISPA Tool and one important fault has been discovered. We describe the protocol, the analysis method, show two attack traces that exploit the fault and propose a correction to the protocol
A Survey of Verification Techniques for Security Protocols
Security protocols aim to allow secure electronic communication despite the potential presence of eavesdroppers. Guaranteeing their correctness is vital in many applications. This report briefly surveys the many formal specification and verification techniques proposed for describing and analysing security protocols
Fair Exchange in Strand Spaces
Many cryptographic protocols are intended to coordinate state changes among
principals. Exchange protocols coordinate delivery of new values to the
participants, e.g. additions to the set of values they possess. An exchange
protocol is fair if it ensures that delivery of new values is balanced: If one
participant obtains a new possession via the protocol, then all other
participants will, too. Fair exchange requires progress assumptions, unlike
some other protocol properties. The strand space model is a framework for
design and verification of cryptographic protocols. A strand is a local
behavior of a single principal in a single session of a protocol. A bundle is a
partially ordered global execution built from protocol strands and adversary
activities. The strand space model needs two additions for fair exchange
protocols. First, we regard the state as a multiset of facts, and we allow
strands to cause changes in this state via multiset rewriting. Second, progress
assumptions stipulate that some channels are resilient-and guaranteed to
deliver messages-and some principals are assumed not to stop at certain
critical steps. This method leads to proofs of correctness that cleanly
separate protocol properties, such as authentication and confidentiality, from
invariants governing state evolution. G. Wang's recent fair exchange protocol
illustrates the approach
Recommended from our members
A second generation of nonrepudiation protocols
A non-repudiation protocol from party S to party R performs two tasks. First, the protocol enables party S to send to party R some text x along with sufficient evidence (that can convince a judge) that x was indeed sent by S. Second, the protocol enables party R to receive text x from S and to send to S sufficient evidence (that can convince a judge) that x was indeed received by R. The first generation of non-repudiation protocols were published in the period 1996-2000. In this dissertation, we design a second generation of non-repudiation protocols that enjoy several interesting properties.
First, we identify in this dissertation a special class of non-repudiation
protocols, called two-phase protocols. The two parties, S and R, in each two-phase protocol execute the protocol as specified until one of the two parties
receives its needed proof. Then and only then does this party refrain from
sending any more message specified by the protocol because these messages only help the other party complete its proof. We show that the execution of each two-phase protocol is deterministic and does not require synchronized real-time clocks. We also show that each two-phase protocol needs to involve a trusted third party T beside the two original parties, S and R.
Second, we show that if party R in a two-phase protocol has a real-time
clock and knows an upper bound on the round trip delay from R to S and
back to R, then the two-phase protocol does not need to involve a trusted
third party T.
Third, we design a non-repudiation protocol for transferring file F from
a sender S to a receiver R over a cloud C. This protocol is designed such
that there is no direct communication between parties S and R. Rather all
communications between S and R are carried out through cloud C. In this
protocol parties S and R do not need to store a local copy of file F and the
proofs that are needed by the two parties S and R (the only copy of file F and the proofs is stored in cloud C).
Fourth, we design a new non-repudiation protocol from S to R over C
where some of the proofs stored in cloud C get lost. This new protocol has an interesting stabilization property which ensures that when some of the proofs get lost, and one party can get the needed proofs but the other party cannot get its needed proofs from cloud C, then eventually, neither party is able to receive its needed proofs from cloud C.
Fifth, we design a non-repudiation protocol for transferring files from a
sender S to a subset of potential receivers {R.1, R.2, ..., R.n} over a cloud C. The protocol guarantees that after each file F is transferred from sender S to a subset of the potential receivers, then (1) each receiver R.i in the subset ends up with a proof that file F was indeed sent by sender S to R.i, and (2) sender S ends up with a proof that file F was indeed received from S by each receiver R.i in the subset.Computer Science
- …