4,197 research outputs found
Knowledge Flow Analysis for Security Protocols
Knowledge flow analysis offers a simple and flexible way to find flaws in
security protocols. A protocol is described by a collection of rules
constraining the propagation of knowledge amongst principals. Because this
characterization corresponds closely to informal descriptions of protocols, it
allows a succinct and natural formalization; because it abstracts away message
ordering, and handles communications between principals and applications of
cryptographic primitives uniformly, it is readily represented in a standard
logic. A generic framework in the Alloy modelling language is presented, and
instantiated for two standard protocols, and a new key management scheme.Comment: 20 page
A Spatial-Epistemic Logic for Reasoning about Security Protocols
Reasoning about security properties involves reasoning about where the
information of a system is located, and how it evolves over time. While most
security analysis techniques need to cope with some notions of information
locality and knowledge propagation, usually they do not provide a general
language for expressing arbitrary properties involving local knowledge and
knowledge transfer. Building on this observation, we introduce a framework for
security protocol analysis based on dynamic spatial logic specifications. Our
computational model is a variant of existing pi-calculi, while specifications
are expressed in a dynamic spatial logic extended with an epistemic operator.
We present the syntax and semantics of the model and logic, and discuss the
expressiveness of the approach, showing it complete for passive attackers. We
also prove that generic Dolev-Yao attackers may be mechanically determined for
any deterministic finite protocol, and discuss how this result may be used to
reason about security properties of open systems. We also present a
model-checking algorithm for our logic, which has been implemented as an
extension to the SLMC system.Comment: In Proceedings SecCo 2010, arXiv:1102.516
How to Specify and How to Prove Correctness of Secure Routing Protocols for MANET
Secure routing protocols for mobile ad hoc networks have been developed
recently, yet, it has been unclear what are the properties they achieve, as a
formal analysis of these protocols is mostly lacking. In this paper, we are
concerned with this problem, how to specify and how to prove the correctness of
a secure routing protocol. We provide a definition of what a protocol is
expected to achieve independently of its functionality, as well as
communication and adversary models. This way, we enable formal reasoning on the
correctness of secure routing protocols. We demonstrate this by analyzing two
protocols from the literature
Computer-aided proofs for multiparty computation with active security
Secure multi-party computation (MPC) is a general cryptographic technique
that allows distrusting parties to compute a function of their individual
inputs, while only revealing the output of the function. It has found
applications in areas such as auctioning, email filtering, and secure
teleconference. Given its importance, it is crucial that the protocols are
specified and implemented correctly. In the programming language community it
has become good practice to use computer proof assistants to verify correctness
proofs. In the field of cryptography, EasyCrypt is the state of the art proof
assistant. It provides an embedded language for probabilistic programming,
together with a specialized logic, embedded into an ambient general purpose
higher-order logic. It allows us to conveniently express cryptographic
properties. EasyCrypt has been used successfully on many applications,
including public-key encryption, signatures, garbled circuits and differential
privacy. Here we show for the first time that it can also be used to prove
security of MPC against a malicious adversary. We formalize additive and
replicated secret sharing schemes and apply them to Maurer's MPC protocol for
secure addition and multiplication. Our method extends to general polynomial
functions. We follow the insights from EasyCrypt that security proofs can be
often be reduced to proofs about program equivalence, a topic that is well
understood in the verification of programming languages. In particular, we show
that in the passive case the non-interference-based definition is equivalent to
a standard game-based security definition. For the active case we provide a new
NI definition, which we call input independence
Probabilistic Algorithmic Knowledge
The framework of algorithmic knowledge assumes that agents use deterministic
knowledge algorithms to compute the facts they explicitly know. We extend the
framework to allow for randomized knowledge algorithms. We then characterize
the information provided by a randomized knowledge algorithm when its answers
have some probability of being incorrect. We formalize this information in
terms of evidence; a randomized knowledge algorithm returning ``Yes'' to a
query about a fact \phi provides evidence for \phi being true. Finally, we
discuss the extent to which this evidence can be used as a basis for decisions.Comment: 26 pages. A preliminary version appeared in Proc. 9th Conference on
Theoretical Aspects of Rationality and Knowledge (TARK'03
Private Multi-party Matrix Multiplication and Trust Computations
This paper deals with distributed matrix multiplication. Each player owns
only one row of both matrices and wishes to learn about one distinct row of the
product matrix, without revealing its input to the other players. We first
improve on a weighted average protocol, in order to securely compute a
dot-product with a quadratic volume of communications and linear number of
rounds. We also propose a protocol with five communication rounds, using a
Paillier-like underlying homomorphic public key cryptosystem, which is secure
in the semi-honest model or secure with high probability in the malicious
adversary model. Using ProVerif, a cryptographic protocol verification tool, we
are able to check the security of the protocol and provide a countermeasure for
each attack found by the tool. We also give a randomization method to avoid
collusion attacks. As an application, we show that this protocol enables a
distributed and secure evaluation of trust relationships in a network, for a
large class of trust evaluation schemes.Comment: Pierangela Samarati. SECRYPT 2016 : 13th International Conference on
Security and Cryptography, Lisbonne, Portugal, 26--28 Juillet 2016. 201
- …