Bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols

In this paper, we first define bisimulation-based non-deterministic admissible interference(BNAI), derive its process-theoretic characterization and present a compositional verification method with respect to the main operators over communicating processes, generalizing in this way the similar trace-based results obtained in [19] into the finer notion of observation-based bisimulation [6]. Like its trace-based version, BNAI admits information flow between secrecy levels only through a downgrader (e.g. a cryptosystem), but is phrased into a generalization of observational equivalence [18]. We then describe an admissible interference-based method for the analysis of cryptographic protocols, extending, in a non-trivial way, the non interference-based approach presented in [11]. Confidentiality and authentication for cryptoprotocols are defined in terms of BNAI and their respective bisimulation-based proof methods are derived. Finally, as a significant illustration of the method, we consider simple case studies: the paradigmatic examples of the Wide Mouthed Frog protocol [1] and the Woo and Lam one-way authentication protocol [25]. The original idea of this methodology is to prove that the intruder may interfere with the protocol only through selected channels considered as admissible when leading to harmless interference

An Information Flow Method to Detect Denial of Service Vulnerabilities

Meadows recently proposed a formal cost-based framework for the analysis of denial of service, showing how to formalize some existing principles used to make cryptographic protocols more resistant to denial of service by comparing the cost to the defender against the cost to the attacker. The firrst contribution of this paper is to introduce a new security property called impassivity designed to capture the abiity of a protocol to achieve these goals in the framework of a generic value-passing process algebra called Security Process Algebra (SPPA) extended with local function calls, cryptographic primitives and special semantic features in order to handle cryptographic protocols. Impassivity is defined as an information flow property founded on bisimulation-based non-deterministic admissible interference. A sound and complete proof method for impassivity is provided. The method extends previous results of the authors on bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols. It is illustrated by its application to the TCP/IP protocol. Key Words: Denial of service, Protocols, A

Using admissible interference to detect denial of service vulnerabilities

Meadows recently proposed a formal cost-based framework for analysis of denial of service. It was showed how some principles that have already been used to make cryptographic protocols more resistant to denial of service by trading off the cost to defender against the cost to the attacker can be formalized. The first contribution of this paper is to introduce a new security property called impassivity which intends to capture the ability of a protocol to achieve these goals in the framework of a generic value-passing process algebra called Security Process Algebra (SPPA) extended with local function calls, cryptographic primitives and special semantic features in order to cope with cryptographic protocols. More specifically, impassivity is defined as an information flow property founded on bisimulation-based non-deterministic admissible interference. A sound and complete proof method for impassivity is also provided. The method extends previous results presented by the authors on bisimulation-based non-deterministic admissible interference and its application to the analysis of cryptographic protocols. The method is illustrated throughout the paper on the TCP/IP connection protocol. A more substantial application to the 1KP secure electronic payment protocol is given in appendix. Keywords: Denial of service, Protocols, Admissible interference, Bisimulation, Equivalence-checking 1