27,395 research outputs found
A Hybrid Analysis for Security Protocols with State
Cryptographic protocols rely on message-passing to coordinate activity among
principals. Each principal maintains local state in individual local sessions
only as needed to complete that session. However, in some protocols a principal
also uses state to coordinate its different local sessions. Sometimes the
non-local, mutable state is used as a means, for example with smart cards or
Trusted Platform Modules. Sometimes it is the purpose of running the protocol,
for example in commercial transactions.
Many richly developed tools and techniques, based on well-understood
foundations, are available for design and analysis of pure message-passing
protocols. But the presence of cross-session state poses difficulties for these
techniques.
In this paper we provide a framework for modeling stateful protocols. We
define a hybrid analysis method. It leverages theorem-proving---in this
instance, the PVS prover---for reasoning about computations over state. It
combines that with an "enrich-by-need" approach---embodied by CPSA---that
focuses on the message-passing part. As a case study we give a full analysis of
the Envelope Protocol, due to Mark Ryan
Shake well before use: Authentication based on Accelerometer Data
Small, mobile devices without user interfaces, such as Bluetooth headsets, often need to communicate securely over wireless networks. Active attacks can only be prevented by authenticating wireless communication, which is problematic when devices do not have any a priori information about each other. We introduce a new method for device-to-device authentication by shaking devices together. This paper describes two protocols for combining cryptographic authentication techniques with known methods of accelerometer data analysis to the effect of generating authenticated, secret keys. The protocols differ in their design, one being more conservative from a security point of view, while the other allows more dynamic interactions. Three experiments are used to optimize and validate our proposed authentication method
A class of theory-decidable inference systems
Tableau d’honneur de la Faculté des études supérieures et postdoctorales, 2004-2005Dans les deux dernières décennies, l’Internet a apporté une nouvelle dimension aux communications. Il est maintenant possible de communiquer avec n’importe qui, n’importe où, n’importe quand et ce, en quelques secondes. Alors que certains systèmes de communication distribués, comme le courriel, le chat, . . . , sont plutôt informels et ne nécessitent aucune sécurité, d’autres comme l’échange d’informations militaires ou encore médicales, le commerce électronique, . . . , sont très formels et nécessitent de très hauts niveaux de sécurité. Pour atteindre les objectifs de sécurité voulus, les protocoles cryptographiques sont souvent utilisés. Cependant, la création et l’analyse de ces protocoles sont très difficiles. Certains protocoles ont été montrés incorrects plusieurs années après leur conception. Nous savons maintenant que les méthodes formelles sont le seul espoir pour avoir des protocoles parfaitement corrects. Ce travail est une contribution dans le domaine de l’analyse des protocoles cryptographiques de la façon suivante: • Une classification des méthodes formelles utilisées pour l’analyse des protocoles cryptographiques. • L’utilisation des systèmes d’inférence pour la mod´elisation des protocoles cryptographiques. • La définition d’une classe de systèmes d’inférence qui ont une theorie décidable. • La proposition d’une procédure de décision pour une grande classe de protocoles cryptographiquesIn the last two decades, Internet brought a new dimension to communications. It is now possible to communicate with anyone, anywhere at anytime in few seconds. While some distributed communications, like e-mail, chat, . . . , are rather informal and require no security at all, others, like military or medical information exchange, electronic-commerce, . . . , are highly formal and require a quite strong security. To achieve security goals in distributed communications, it is common to use cryptographic protocols. However, the informal design and analysis of such protocols are error-prone. Some protocols were shown to be deficient many years after their conception. It is now well known that formal methods are the only hope of designing completely secure cryptographic protocols. This thesis is a contribution in the field of cryptographic protocols analysis in the following way: • A classification of the formal methods used in cryptographic protocols analysis. • The use of inference systems to model cryptographic protocols. • The definition of a class of theory-decidable inference systems. • The proposition of a decision procedure for a wide class of cryptographic protocols
Design and cryptographic security analysis of e-voting protocols
Electronic voting (e-voting) systems are used in numerous countries for political elections, but also for less critical elections within clubs and associations, and hence affect the lives of millions of people. It is therefore important to ensure that single voters' choices remain private, and to be able to verify that an election result coincides with the voters' intention. Unfortunately, for most e-voting systems employed in real elections, these fundamental security and privacy properties cannot be guaranteed, so that in particular the legitimacy of such political elections is challenged.
This demonstrates the importance of employing e-voting systems that are rootedly designed to guarantee the required security. However, it turned out to be highly challenging to construct secure yet practical e-voting systems since one always has to find a balance between the (possibly conflicting) requirements of the given kind of election.
In the first two chapters of the thesis' main part, we present two practical e-voting systems which are both meant for low-risk and non-political elections, e.g., within clubs or associations. We have implemented both systems to demonstrate their practicability. The first system, called sElect, is designed to be as simple as possible while still guaranteeing a good level of security. The second system, called Ordinos, provides a superior level of privacy as it only reveals the most necessary information about the election outcome, e.g., solely the winner's name but nothing else. We will rigorously analyze the security of sElect and Ordinos. To do this, we formally define the required security properties and then mathematically prove that sElect and Ordinos achieve them.
In the third chapter of the thesis' main part, we provide substantial work on the fundamental notion of verifiability of e-voting systems. We analyze and compare all formal verifiability definitions from the literature regarding how meaningful, expressive, or general they are
On the Design of Cryptographic Primitives
The main objective of this work is twofold. On the one hand, it gives a brief
overview of the area of two-party cryptographic protocols. On the other hand,
it proposes new schemes and guidelines for improving the practice of robust
protocol design. In order to achieve such a double goal, a tour through the
descriptions of the two main cryptographic primitives is carried out. Within
this survey, some of the most representative algorithms based on the Theory of
Finite Fields are provided and new general schemes and specific algorithms
based on Graph Theory are proposed
Automated Cryptographic Analysis of the Pedersen Commitment Scheme
Aiming for strong security assurance, recently there has been an increasing
interest in formal verification of cryptographic constructions. This paper
presents a mechanised formal verification of the popular Pedersen commitment
protocol, proving its security properties of correctness, perfect hiding, and
computational binding. To formally verify the protocol, we extended the theory
of EasyCrypt, a framework which allows for reasoning in the computational
model, to support the discrete logarithm and an abstraction of commitment
protocols. Commitments are building blocks of many cryptographic constructions,
for example, verifiable secret sharing, zero-knowledge proofs, and e-voting.
Our work paves the way for the verification of those more complex
constructions.Comment: 12 pages, conference MMM-ACNS 201
Timed Analysis of Security Protocols
We propose a method for engineering security protocols that are aware of
timing aspects. We study a simplified version of the well-known Needham
Schroeder protocol and the complete Yahalom protocol, where timing information
allows the study of different attack scenarios. We model check the protocols
using UPPAAL. Further, a taxonomy is obtained by studying and categorising
protocols from the well known Clark Jacob library and the Security Protocol
Open Repository (SPORE) library. Finally, we present some new challenges and
threats that arise when considering time in the analysis, by providing a novel
protocol that uses time challenges and exposing a timing attack over an
implementation of an existing security protocol
- …