Proving Secure Properties of Cryptographic Protocols with Knowledge Based Approach

Cryptographic protocols have been widely used to protect communications over insecure network environments. Existing cryptographic protocols usually contain flaws. To analyze these protocols and find potential flaws in them, the secure properties of them need be studied in depth. This paper attempts to provide a new framework to analyze and prove the secure properties in these protocols. A number of predicates and action functions are used to model the network communication environment. Domain rules are given to describe the transitions of principals\u27 knowledge and belief states. An example of public key authentication protocols has been studied and analysed

Towards the Correctness of Security Protocols

AbstractIn [19], the authors presented a type-theoretic approach to the verification of security protocols. In this approach, a universal type system is proposed to capture in a finite way all the possible computations (internal actions or protocol instrumentations) that could be performed by a smart malicious intruder. This reduces the verification of cryptographic protocols to a typing problem where types are attack scenarios. In this paper, we recall this type system and we prove its completeness i.e. if the intruder can learn a message from a given protocol instrumentation, then this message could be infered from the type system. A significant result of this paper is the presentation of a new transformation that allows us to abstract a non-terminating type inference system into a terminating deductive proof system. We demonstrate how these results could be used to establish the security of cryptographic protocols from the secrecy standpoint. Finally, the usefulness and the efficiency of the whole approach is illustrated by proving the correctness of a new version of the Needham-Shoreder protocol with respect to the secrecy property

Defining an approximation to formally verify cryptographic protocols

Electronic forms of communication are abundant in todays world, and much emphasis is placed on these methods of communication in every day life. In order to guarantee the secrecy and authenticity of information exchanged, it is vital to formally verify the cryptographic protocols used in these forms of communications. This verification does, however, present many challenges. The systems to verify are infinite, with an infinite number of sessions and of p articipants. As if this was not enough, there is also a reactive element to deal with: th e intruder. The intruder will attack the protocol to achieve his goal: usurping identity, stealing confidential information, etc. His behavior is unpredictable! This thesis describes a method of verification based 011 the verification of systems by approximation. Starting from an initial configuration of the network, an overapproximation of the set of messages exchanged is automatically computed. Secrecy and authentication properties can then be checked on the approximated system. Starting from an existing semi-automatic proof method developed by Genet and Klay, an automatic solution is developed. Starting from an existing semi-automatic proof method developed by Genet and Klay, an automatic solution is developed. This thesis defines a particular approximation function that can be generated automatically and that guarantees that the computation of the approximated system terminates. Th e verification by approximation only tells if properties are verified. When the verification fails no conclusion can be drawn on the property. Thus, this thesis also shows how the approximation technique can easily be combined with another verification technique to combine the strengths of both approaches. Finally, the tool developed to validate these developments and the results of cryptographic protocol verifications carried out in the course of this research are included

Segurança na avaliação de conhecimento em contexto não presencial

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Ciência de Computação.Realizou-se um estudo sobre o uso da Internet para aplicação de avaliaçõeses de conhecimento onde os alunos encontram-se afastados das instituições e não são supervisionados por pessoas no momento da avaliação. O estudo é adequado aos seguintes tipos de avaliação: cursos a distância, certificação profissional, proficiência em idiomas e concursos públicos. O estudo focou-se em determinar a aplicabilidade do uso desta como canal para transmissão e aplicação de avaliações sob o ponto de vista dos problemas de segurança do canal e autenticidade dos documentos. Demonstra-se a import ância da etapa de avaliação dentro do processo de ensino a distância; enumeram-se o funcionamento e os problemas de segurança que se pode encontrar nos vários tipos de avaliação existentes; faz-se uma revisão de soluções encontradas na literatura; resumemse conceitos de criptografia e, por último, propõe-se uma nova arquitetura que permita o uso da Internet como meio seguro de realização de avaliações

Facilitating the modelling and automated analysis of cryptographic protocols

Includes bibliographical references.Multi-dimensional security protocol engineering is effective for creating cryptographic protocols since it encompasses a variety of design, analysis and deployment techniques, thereby providing a higher level of confidence than individual approaches. SPEAR II, the Security Protocol Engineering and Analysis Resource n, is a protocol engineering tool built on the foundation of previous experience garnered during the SPEAR I project in 1997. The goal of the SPEAR II tool is to facilitate cryptographic protocol engineering and aid users in distilling the critical issues during an engineering session by presenting them with an appropriate level of detail and guiding them as much as possible. The SPEAR II tool currently consists of four components that have been created as part of this dissertation and integrated into one consistent and unified graphical interface: a protocol specification environment (GYPSIE), a GNY statement construction interface (Visual GNY), a Prolog-based GNY analysis engine (GYNGER) and a message rounds calculator

Keeping Fairness Alive : Design and formal verification of optimistic fair exchange protocols

Fokkink, W.J. [Promotor]Pol, J.C. van de [Promotor