A new biometric ID-based cryptography protocol and security analysis using Petri nets

This paper presents a Petri net (PN) approach to modelling, simulating, and analysing the new protocol we have proposed. This new protocol is an enhanced authentication scheme based on a biometric verification mechanism and identity based cryptography. A formal approach like Petri nets allows one to represent cryptographic protocols. For the sake of simplicity, a complex PN model will not be discussed in this paper until all attacks are demonstrated and the model proved to be secure. This paper shows how Petri nets are used to model, analyse and detect flaws in our new protocol. First, our proposed protocol is modelled without an adversary, and then a generic adversary model is added to examine all possible adversary behaviours. Finally we demonstrate how Petri nets can be used to analyse security threats such as man-in-the-middle attack, reflection attack, and parallel session attack on this protocol

A Polynomial Translation of pi-calculus FCPs to Safe Petri Nets

We develop a polynomial translation from finite control pi-calculus processes to safe low-level Petri nets. To our knowledge, this is the first such translation. It is natural in that there is a close correspondence between the control flows, enjoys a bisimulation result, and is suitable for practical model checking.Comment: To appear in special issue on best papers of CONCUR'12 of Logical Methods in Computer Scienc

Analysis of security protocols using finite-state machines

This paper demonstrates a comprehensive analysis method using formal methods such as finite-state machine. First, we describe the modified version of our new protocol and briefly explain the encrypt-then-authenticate mechanism, which is regarded as more a secure mechanism than the one used in our protocol. Then, we use a finite-state verification to study the behaviour of each machine created for each phase of the protocol and examine their behaviour s together. Modelling with finite-state machines shows that the modified protocol can function correctly and behave properly even with invalid input or time delay

A new tool for the performance analysis of massively parallel computer systems

We present a new tool, GPA, that can generate key performance measures for very large systems. Based on solving systems of ordinary differential equations (ODEs), this method of performance analysis is far more scalable than stochastic simulation. The GPA tool is the first to produce higher moment analysis from differential equation approximation, which is essential, in many cases, to obtain an accurate performance prediction. We identify so-called switch points as the source of error in the ODE approximation. We investigate the switch point behaviour in several large models and observe that as the scale of the model is increased, in general the ODE performance prediction improves in accuracy. In the case of the variance measure, we are able to justify theoretically that in the limit of model scale, the ODE approximation can be expected to tend to the actual variance of the model

Modelling- and Simulation-Based Design of Multi-tier Systems

This paper introduces a domain-specific language for modelling andsimulation-based design of multi-tier systems.  Multi-tier systems are complexand very few general models have been developed. Rather, models are alwaysdedicated to a specific architecture. Our approach allows for rapidexperimentation with different multi-tier alternatives. Not only parameters,but also structure can be drastically varied.  Using graph transformation,multi-tier systems models are translated into Queueing Petri Nets (QPNs) in asystematic way for analysis with the SimQPN simulator.  We describe QPN, ourmulti-tier architecture visual language, as well as the transformation between them.  A case study demonstrates the power of the approach for design-space exploration

Modelling- and Simulation-Based Design of Multi-tier Systems

This paper introduces a domain-specific language for modelling andsimulation-based design of multi-tier systems.  Multi-tier systems are complexand very few general models have been developed. Rather, models are alwaysdedicated to a specific architecture. Our approach allows for rapidexperimentation with different multi-tier alternatives. Not only parameters,but also structure can be drastically varied.  Using graph transformation,multi-tier systems models are translated into Queueing Petri Nets (QPNs) in asystematic way for analysis with the SimQPN simulator.  We describe QPN, ourmulti-tier architecture visual language, as well as the transformation between them.  A case study demonstrates the power of the approach for design-space exploration

An Aggregation Technique for Large-Scale PEPA Models with Non-Uniform Populations

Performance analysis based on modelling consists of two major steps: model construction and model analysis. Formal modelling techniques significantly aid model construction but can exacerbate model analysis. In particular, here we consider the analysis of large-scale systems which consist of one or more entities replicated many times to form large populations. The replication of entities in such models can cause their state spaces to grow exponentially to the extent that their exact stochastic analysis becomes computationally expensive or even infeasible. In this paper, we propose a new approximate aggregation algorithm for a class of large-scale PEPA models. For a given model, the method quickly checks if it satisfies a syntactic condition, indicating that the model may be solved approximately with high accuracy. If so, an aggregated CTMC is generated directly from the model description. This CTMC can be used for efficient derivation of an approximate marginal probability distribution over some of the model's populations. In the context of a large-scale client-server system, we demonstrate the usefulness of our method

A generic framework for process execution and secure multi-party transaction authorization

Process execution engines are not only an integral part of workflow and business process management systems but are increasingly used to build process-driven applications. In other words, they are potentially used in all kinds of software across all application domains. However, contemporary process engines and workflow systems are unsuitable for use in such diverse application scenarios for several reasons. The main shortcomings can be observed in the areas of interoperability, versatility, and programmability. Therefore, this thesis makes a step away from domain specific, monolithic workflow engines towards generic and versatile process runtime frameworks, which enable integration of process technology into all kinds of software. To achieve this, the idea and corresponding architecture of a generic and embeddable process virtual machine (ePVM), which supports defining process flows along the theoretical foundation of communicating extended finite state machines, are presented. The architecture focuses on the core process functionality such as control flow and state management, monitoring, persistence, and communication, while using JavaScript as a process definition language. This approach leads to a very generic yet easily programmable process framework. A fully functional prototype implementation of the proposed framework is provided along with multiple example applications. Despite the fact that business processes are increasingly automated and controlled by information systems, humans are still involved, directly or indirectly, in many of them. Thus, for process flows involving sensitive transactions, a highly secure authorization scheme supporting asynchronous multi-party transaction authorization must be available within process management systems. Therefore, along with the ePVM framework, this thesis presents a novel approach for secure remote multi-party transaction authentication - the zone trusted information channel (ZTIC). The ZTIC approach uniquely combines multiple desirable properties such as the highest level of security, ease-of-use, mobility, remote administration, and smooth integration with existing infrastructures into one device and method. Extensively evaluating both, the ePVM framework and the ZTIC, this thesis shows that ePVM in combination with the ZTIC approach represents a unique and very powerful framework for building workflow systems and process-driven applications including support for secure multi-party transaction authorization

Workshop on Modelling of Objects, Components, and Agents, Aarhus, Denmark, August 27-28, 2001

This booklet contains the proceedings of the workshop Modelling of Objects, Components, and Agents (MOCA'01), August 27-28, 2001. The workshop is organised by the CPN group at the Department of Computer Science, University of Aarhus, Denmark and the "Theoretical Foundations of Computer Science" Group at the University of Hamburg, Germany. The papers are also available in electronic form via the web pages: http://www.daimi.au.dk/CPnets/workshop01