54,697 research outputs found
Analysis of security protocols using finite-state machines
This paper demonstrates a comprehensive analysis method using formal methods such as finite-state machine. First, we describe the modified version of our new protocol and briefly explain the encrypt-then-authenticate mechanism, which is regarded as more a secure mechanism than the one used in our protocol. Then, we use a finite-state verification to study the behaviour of each machine created for each phase of the protocol and examine their behaviour s together. Modelling with finite-state machines shows that the modified protocol can function correctly and behave properly even with invalid input or time delay
Continuous-variable measurement-device-independent quantum key distribution: Composable security against coherent attacks
We present a rigorous security analysis of continuous-variable measurement-device-independent quantum key distribution (CVMDI QKD) in a finite-size scenario. The security proof is obtained in two steps: by first assessing the security against collective Gaussian attacks, and then extending to the most general class of coherent attacks via the Gaussian de Finetti reduction. Our result combines recent state-of-the-art security proofs for CVQKD with findings about min-entropy calculus and parameter estimation. In doing so, we improve the finite-size estimate of the secret key rate. Our conclusions confirm that CV MDI protocols allow for high rates on the metropolitan scale, and may achieve a nonzero secret key rate against the most general class of coherent attacks after 10^7–10^9 quantum signal transmissions, depending on loss and noise, and on the required level of security
A largely self-contained and complete security proof for quantum key distribution
In this work we present a security analysis for quantum key distribution,
establishing a rigorous tradeoff between various protocol and security
parameters for a class of entanglement-based and prepare-and-measure protocols.
The goal of this paper is twofold: 1) to review and clarify the
state-of-the-art security analysis based on entropic uncertainty relations, and
2) to provide an accessible resource for researchers interested in a security
analysis of quantum cryptographic protocols that takes into account finite
resource effects. For this purpose we collect and clarify several arguments
spread in the literature on the subject with the goal of making this treatment
largely self-contained.
More precisely, we focus on a class of prepare-and-measure protocols based on
the Bennett-Brassard (BB84) protocol as well as a class of entanglement-based
protocols similar to the Bennett-Brassard-Mermin (BBM92) protocol. We carefully
formalize the different steps in these protocols, including randomization,
measurement, parameter estimation, error correction and privacy amplification,
allowing us to be mathematically precise throughout the security analysis. We
start from an operational definition of what it means for a quantum key
distribution protocol to be secure and derive simple conditions that serve as
sufficient condition for secrecy and correctness. We then derive and eventually
discuss tradeoff relations between the block length of the classical
computation, the noise tolerance, the secret key length and the security
parameters for our protocols. Our results significantly improve upon previously
reported tradeoffs.Comment: v2: completely revised, improved presentation and finite-key bounds;
v3: accepted at Quantu
PS-LTL for constraint-based security protocol analysis
Several formal approaches have been proposed to analyse security protocols, e.g. [2,7,11,1,6,12]. Recently, a great interest has been growing on the use of constraint solving approach. Initially proposed by Millen and Shmatikov [9], this approach allows analysis of a finite number of protocol sessions. Yet, the representation of protocol runs by symbolic traces (as opposed to concrete traces) captures the possibility of having unbounded message space, allowing analysis over an infinite state space. A constraint is defined as a pair consisting of a message M and a set of messages K that represents the intruder¿s knowledge. Millen and Shmatikov present a procedure to solve a set of constraints, i.e. that in each constraint, M can be built from K. When a set of constraints is solved, then a concrete trace representing an attack over the protocol can be extracted. \ud
Corin and Etalle [4] has improved the work of Millen and Shmatikov by presenting a more efficient procedure. However, none of these constraint-based systems provide enough flexibility and expresiveness in specifying security properties. For example, to check secrecy an artificial protocol role is added to simulate whether a secret can be learned by an intruder. Authentication cannot also be checked directly. Moreover, only a built-in notion of authentication is implemented by Millen and Shmatikov in his Prolog implementation [10]. This problem motivates our current work. \ud
A logical formalism is considered to be an appropriate solution to improve the flexibility and expresiveness in specifying security properties. A preliminary attempt to use logic for specifying local security properties in a constraint-based setting has been carried out [3]. Inspired by this work and the successful NPATRL [11,8], we currently explores a variant of linear temporal logic (LTL) over finite traces, -LTL, standing for pure-past security LTL [5]. In contrast to standard LTL, this logic deals only with past events in a trace. In our current work, a protocol is modelled as in previous works [9,4,3], viz. by protocol roles. A protocol role is a sequence of send and receive events, together with status events to indicate, e.g. that a protocol role has completed her protocol run. A scenario is then used to deal with the number of sessions and protocol roles considered in the analysis. \ud
Integrating -LTL into our constraint solving approach presents a challenge, since we need to develop a sound and complete decision procedure against symbolic traces, instead of concrete traces. Our idea to address this problem is by concretizing symbolic traces incrementally while deciding a formula. Basically, the decision procedure consists of two steps: transform and decide. The former step transforms a -LTL formula with respect to the current trace into a so-called elementary formula that is built from constraints and equalities using logical connectives and quantifiers. The decision is then performed by the latter step through solving the constraints and checking the equalities. \ud
Although we define a decision procedure for a fragment of -LTL, this fragment is expressive enough to specify several security properties, like various notions of secrecy and authentication, and also data freshness. We provide a Prolog implementation and have analysed several security protocols. \ud
There are many directions for improvement. From the implementation point of view, the efficiency of the decision procedure can still be improved. I would also like to investigate the expressiveness of the logic for speficying other security properties. This may result in an extension of the decision procedure for a larger fragment of the logic. Another direction is to characterize the expressivity power of -LTL compared to other security requirement languages
Advanced Features in Protocol Verification: Theory, Properties, and Efficiency in Maude-NPA
The area of formal analysis of cryptographic protocols has been an active
one since the mid 80’s. The idea is to verify communication protocols
that use encryption to guarantee secrecy and that use authentication of
data to ensure security. Formal methods are used in protocol analysis to
provide formal proofs of security, and to uncover bugs and security flaws
that in some cases had remained unknown long after the original protocol
publication, such as the case of the well known Needham-Schroeder
Public Key (NSPK) protocol. In this thesis we tackle problems regarding
the three main pillars of protocol verification: modelling capabilities,
verifiable properties, and efficiency.
This thesis is devoted to investigate advanced features in the analysis
of cryptographic protocols tailored to the Maude-NPA tool. This tool
is a model-checker for cryptographic protocol analysis that allows for
the incorporation of different equational theories and operates in the
unbounded session model without the use of data or control abstraction.
An important contribution of this thesis is relative to theoretical aspects
of protocol verification in Maude-NPA. First, we define a forwards
operational semantics, using rewriting logic as the theoretical framework
and the Maude programming language as tool support. This is the first
time that a forwards rewriting-based semantics is given for Maude-NPA.
Second, we also study the problem that arises in cryptographic protocol
analysis when it is necessary to guarantee that certain terms generated
during a state exploration are in normal form with respect to the protocol
equational theory.
We also study techniques to extend Maude-NPA capabilities to support
the verification of a wider class of protocols and security properties.
First, we present a framework to specify and verify sequential protocol
compositions in which one or more child protocols make use of information obtained from running a parent protocol. Second, we present a
theoretical framework to specify and verify protocol indistinguishability
in Maude-NPA. This kind of properties aim to verify that an attacker
cannot distinguish between two versions of a protocol: for example, one
using one secret and one using another, as it happens in electronic voting
protocols.
Finally, this thesis contributes to improve the efficiency of protocol
verification in Maude-NPA. We define several techniques which drastically
reduce the state space, and can often yield a finite state space,
so that whether the desired security property holds or not can in fact
be decided automatically, in spite of the general undecidability of such
problems.Santiago Pinazo, S. (2015). Advanced Features in Protocol Verification: Theory, Properties, and Efficiency in Maude-NPA [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/4852
A Distributed Security Architecture for Large Scale Systems
This thesis describes the research leading from the conception, through development, to the practical
implementation of a comprehensive security architecture for use within, and as a value-added enhancement
to, the ISO Open Systems Interconnection (OSI) model.
The Comprehensive Security System (CSS) is arranged basically as an Application Layer service but can
allow any of the ISO recommended security facilities to be provided at any layer of the model. It is
suitable as an 'add-on' service to existing arrangements or can be fully integrated into new applications.
For large scale, distributed processing operations, a network of security management centres (SMCs) is
suggested, that can help to ensure that system misuse is minimised, and that flexible operation is provided
in an efficient manner.
The background to the OSI standards are covered in detail, followed by an introduction to security in open
systems. A survey of existing techniques in formal analysis and verification is then presented. The
architecture of the CSS is described in terms of a conceptual model using agents and protocols, followed
by an extension of the CSS concept to a large scale network controlled by SMCs.
A new approach to formal security analysis is described which is based on two main methodologies.
Firstly, every function within the system is built from layers of provably secure sequences of finite state
machines, using a recursive function to monitor and constrain the system to the desired state at all times.
Secondly, the correctness of the protocols generated by the sequences to exchange security information
and control data between agents in a distributed environment, is analysed in terms of a modified temporal
Hoare logic. This is based on ideas concerning the validity of beliefs about the global state of a system
as a result of actions performed by entities within the system, including the notion of timeliness.
The two fundamental problems in number theory upon which the assumptions about the security of the
finite state machine model rest are described, together with a comprehensive survey of the very latest
progress in this area. Having assumed that the two problems will remain computationally intractable in
the foreseeable future, the method is then applied to the formal analysis of some of the components of the
Comprehensive Security System.
A practical implementation of the CSS has been achieved as a demonstration system for a network of IBM
Personal Computers connected via an Ethernet LAN, which fully meets the aims and objectives set out
in Chapter 1. This implementation is described, and finally some comments are made on the possible
future of research into security aspects of distributed systems.IBM (United Kingdom) Laboratories
Hursley Park, Winchester, U
A Spatial-Epistemic Logic for Reasoning about Security Protocols
Reasoning about security properties involves reasoning about where the
information of a system is located, and how it evolves over time. While most
security analysis techniques need to cope with some notions of information
locality and knowledge propagation, usually they do not provide a general
language for expressing arbitrary properties involving local knowledge and
knowledge transfer. Building on this observation, we introduce a framework for
security protocol analysis based on dynamic spatial logic specifications. Our
computational model is a variant of existing pi-calculi, while specifications
are expressed in a dynamic spatial logic extended with an epistemic operator.
We present the syntax and semantics of the model and logic, and discuss the
expressiveness of the approach, showing it complete for passive attackers. We
also prove that generic Dolev-Yao attackers may be mechanically determined for
any deterministic finite protocol, and discuss how this result may be used to
reason about security properties of open systems. We also present a
model-checking algorithm for our logic, which has been implemented as an
extension to the SLMC system.Comment: In Proceedings SecCo 2010, arXiv:1102.516
- …