10 research outputs found
Quantifying pervasive authentication: the case of the Hancke-Kuhn protocol
As mobile devices pervade physical space, the familiar authentication
patterns are becoming insufficient: besides entity authentication, many
applications require, e.g., location authentication. Many interesting protocols
have been proposed and implemented to provide such strengthened forms of
authentication, but there are very few proofs that such protocols satisfy the
required security properties. The logical formalisms, devised for reasoning
about security protocols on standard computer networks, turn out to be
difficult to adapt for reasoning about hybrid protocols, used in pervasive and
heterogenous networks.
We refine the Dolev-Yao-style algebraic method for protocol analysis by a
probabilistic model of guessing, needed to analyze protocols that mix weak
cryptography with physical properties of nonstandard communication channels.
Applying this model, we provide a precise security proof for a proximity
authentication protocol, due to Hancke and Kuhn, that uses a subtle form of
probabilistic reasoning to achieve its goals.Comment: 31 pages, 2 figures; short version of this paper appeared in the
Proceedings of MFPS 201
Privacy protocols
Security protocols enable secure communication over insecure channels.
Privacy protocols enable private interactions over secure channels. Security
protocols set up secure channels using cryptographic primitives. Privacy
protocols set up private channels using secure channels. But just like some
security protocols can be broken without breaking the underlying cryptography,
some privacy protocols can be broken without breaking the underlying security.
Such privacy attacks have been used to leverage e-commerce against targeted
advertising from the outset; but their depth and scope became apparent only
with the overwhelming advent of influence campaigns in politics. The blurred
boundaries between privacy protocols and privacy attacks present a new
challenge for protocol analysis. Covert channels turn out to be concealed not
only below overt channels, but also above: subversions, and the level-below
attacks are supplemented by sublimations and the level-above attacks.Comment: 38 pages, 6 figure
Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions
As computation spreads from computers to networks of computers, and migrates
into cyberspace, it ceases to be globally programmable, but it remains
programmable indirectly: network computations cannot be controlled, but they
can be steered by local constraints on network nodes. The tasks of
"programming" global behaviors through local constraints belong to the area of
security. The "program particles" that assure that a system of local
interactions leads towards some desired global goals are called security
protocols. As computation spreads beyond cyberspace, into physical and social
spaces, new security tasks and problems arise. As networks are extended by
physical sensors and controllers, including the humans, and interlaced with
social networks, the engineering concepts and techniques of computer security
blend with the social processes of security. These new connectors for
computational and social software require a new "discipline of programming" of
global behaviors through local constraints. Since the new discipline seems to
be emerging from a combination of established models of security protocols with
older methods of procedural programming, we use the name procedures for these
new connectors, that generalize protocols. In the present paper we propose
actor-networks as a formal model of computation in heterogenous networks of
computers, humans and their devices; and we introduce Procedure Derivation
Logic (PDL) as a framework for reasoning about security in actor-networks. On
the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL)
that evolved through our work in security in last 10 years. Both formalisms are
geared towards graphic reasoning and tool support. We illustrate their workings
by analysing a popular form of two-factor authentication, and a multi-channel
device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended
references, added discussio
Structural and symptomatic change in psychoanalysis and psychodynamic psychotherapy: a quantitative study of process, outcome, and attachment.
This thesis describes a quasi-experimental study exploring psychotherapeutic process and outcome in 25 young adults sequentially assigned to psychoanalysis (n=14) or psychodynamic psychotherapy (n=11) at the Anna Freud Centre in London, England. Analysts reported process using a novel 899-item questionnaire, the Young Adult Weekly Rating Scale (YAWRS). Patients were assessed by an independent psychiatrist at intake, termination, and at 18 month intervals after intake and termination with Main and Goldwyn's Adult Attachment Interview (AAI) and on a host of symptomatic and diagnostic measures. The patients suffered from depression, anxiety, and personality disorders. Over the course of treatment (6 months to 8 years long), 12 of 19 patients (with adequate data) improved symptomatically on an aggregate measure. Ten of 12 improvers were in the psychoanalysis group, suggesting that it is a more effective treatment in this population. Data from 1,314 YAWRS questionnaires were factor analysed and used to test hypotheses from the psychotherapy process literature. In the first year of psychoanalysis (as compared with psychodynamic psychotherapy), higher scores on therapist dynamic technique, patient dynamic material, and negative patient transference were found. In the combined sample, higher scores in the first year on therapist dynamic technique, patient dynamic material, and discussion of contract were predictive of positive outcome. The AAI classifies patients according to security of "state of mind with respect to attachment" from narratives about early life relationship experiences. Our results show a high proportion of secure classifications at initial assessment and, in successful treatments, a movement towards a preoccupied-entangled attachment pattern which began to resolve by termination. We propose that the AAI be used to measure both structural health and regression/transference neurosis, which must occur and then resolve for treatment to succeed. Further research using the YAWRS and AAI is proposed