16,083 research outputs found
Security Theorems via Model Theory
A model-theoretic approach can establish security theorems for cryptographic
protocols. Formulas expressing authentication and non-disclosure properties of
protocols have a special form. They are quantified implications for all xs .
(phi implies for some ys . psi). Models (interpretations) for these formulas
are *skeletons*, partially ordered structures consisting of a number of local
protocol behaviors. Realized skeletons contain enough local sessions to explain
all the behavior, when combined with some possible adversary behaviors. We show
two results. (1) If phi is the antecedent of a security goal, then there is a
skeleton A_phi such that, for every skeleton B, phi is satisfied in B iff there
is a homomorphism from A_phi to B. (2) A protocol enforces for all xs . (phi
implies for some ys . psi) iff every realized homomorphic image of A_phi
satisfies psi. Hence, to verify a security goal, one can use the Cryptographic
Protocol Shapes Analyzer CPSA (TACAS, 2007) to identify minimal realized
skeletons, or "shapes," that are homomorphic images of A_phi. If psi holds in
each of these shapes, then the goal holds
The Hopf algebra of odd symmetric functions
We consider a q-analogue of the standard bilinear form on the commutative
ring of symmetric functions. The q=-1 case leads to a Z-graded Hopf
superalgebra which we call the algebra of odd symmetric functions. In the odd
setting we describe counterparts of the elementary and complete symmetric
functions, power sums, Schur functions, and combinatorial interpretations of
associated change of basis relations.Comment: 43 pages, 12 figures. v2: some correction
Choreographies with Secure Boxes and Compromised Principals
We equip choreography-level session descriptions with a simple abstraction of
a security infrastructure. Message components may be enclosed within (possibly
nested) "boxes" annotated with the intended source and destination of those
components. The boxes are to be implemented with cryptography. Strand spaces
provide a semantics for these choreographies, in which some roles may be played
by compromised principals. A skeleton is a partially ordered structure
containing local behaviors (strands) executed by regular (non-compromised)
principals. A skeleton is realized if it contains enough regular strands so
that it could actually occur, in combination with any possible activity of
compromised principals. It is delivery guaranteed (DG) realized if, in
addition, every message transmitted to a regular participant is also delivered.
We define a novel transition system on skeletons, in which the steps add
regular strands. These steps solve tests, i.e. parts of the skeleton that could
not occur without additional regular behavior. We prove three main results
about the transition system. First, each minimal DG realized skeleton is
reachable, using the transition system, from any skeleton it embeds. Second, if
no step is possible from a skeleton A, then A is DG realized. Finally, if a DG
realized B is accessible from A, then B is minimal. Thus, the transition system
provides a systematic way to construct the possible behaviors of the
choreography, in the presence of compromised principals
Heuristic Methods for Security Protocols
Model checking is an automatic verification technique to verify hardware and
software systems. However it suffers from state-space explosion problem. In
this paper we address this problem in the context of cryptographic protocols by
proposing a security property-dependent heuristic. The heuristic weights the
state space by exploiting the security formulae; the weights may then be used
to explore the state space when searching for attacks
Attacking Group Protocols by Refuting Incorrect Inductive Conjectures
Automated tools for finding attacks on flawed security protocols often fail to deal adequately with group protocols. This is because the abstractions made to improve performance on fixed 2 or 3 party protocols either preclude the modelling of group protocols all together, or permit modelling only in a fixed scenario, which can prevent attacks from being discovered. This paper describes Coral, a tool for finding counterexamples to incorrect inductive conjectures, which we have used to model protocols for both group key agreement and group key management, without any restrictions on the scenario. We will show how we used Coral to discover 6 previously unknown attacks on 3 group protocols
- ā¦