410 research outputs found
A probabilistic polynomial-time process calculus for the analysis of cryptographic protocols
AbstractWe prove properties of a process calculus that is designed for analysing security protocols. Our long-term goal is to develop a form of protocol analysis, consistent with standard cryptographic assumptions, that provides a language for expressing probabilistic polynomial-time protocol steps, a specification method based on a compositional form of equivalence, and a logical basis for reasoning about equivalence.The process calculus is a variant of CCS, with bounded replication and probabilistic polynomial-time expressions allowed in messages and boolean tests. To avoid inconsistency between security and nondeterminism, messages are scheduled probabilistically instead of nondeterministically. We prove that evaluation of any process expression halts in probabilistic polynomial time and define a form of asymptotic protocol equivalence that allows security properties to be expressed using observational equivalence, a standard relation from programming language theory that involves quantifying over all possible environments that might interact with the protocol.We develop a form of probabilistic bisimulation and use it to establish the soundness of an equational proof system based on observational equivalences. The proof system is illustrated by a formation derivation of the assertion, well-known in cryptography, that El Gamal encryption's semantic security is equivalent to the (computational) Decision Diffie–Hellman assumption. This example demonstrates the power of probabilistic bisimulation and equational reasoning for protocol security
Modelling MAC-Layer Communications in Wireless Systems
We present a timed process calculus for modelling wireless networks in which
individual stations broadcast and receive messages; moreover the broadcasts are
subject to collisions. Based on a reduction semantics for the calculus we
define a contextual equivalence to compare the external behaviour of such
wireless networks. Further, we construct an extensional LTS (labelled
transition system) which models the activities of stations that can be directly
observed by the external environment. Standard bisimulations in this LTS
provide a sound proof method for proving systems contextually equivalence. We
illustrate the usefulness of the proof methodology by a series of examples.
Finally we show that this proof method is also complete, for a large class of
systems
Toward Automatic Verification of Quantum Cryptographic Protocols.
Several quantum process algebras have been proposed and successfully applied
in verification of quantum cryptographic protocols. All of the bisimulations
proposed so far for quantum processes in these process algebras are
state-based, implying that they only compare individual quantum states, but not
a combination of them. This paper remedies this problem by introducing a novel
notion of distribution-based bisimulation for quantum processes. We further
propose an approximate version of this bisimulation that enables us to prove
more sophisticated security properties of quantum protocols which cannot be
verified using the previous bisimulations. In particular, we prove that the
quantum key distribution protocol BB84 is sound and (asymptotically) secure
against the intercept-resend attacks by showing that the BB84 protocol, when
executed with such an attacker concurrently, is approximately bisimilar to an
ideal protocol, whose soundness and security are obviously guaranteed, with at
most an exponentially decreasing gap.Comment: Accepted by Concur'1
Equational Reasonings in Wireless Network Gossip Protocols
Gossip protocols have been proposed as a robust and efficient method for
disseminating information throughout large-scale networks. In this paper, we
propose a compositional analysis technique to study formal probabilistic models
of gossip protocols expressed in a simple probabilistic timed process calculus
for wireless sensor networks. We equip the calculus with a simulation theory to
compare probabilistic protocols that have similar behaviour up to a certain
tolerance. The theory is used to prove a number of algebraic laws which
revealed to be very effective to estimate the performances of gossip networks,
with and without communication collisions, and randomised gossip networks. Our
simulation theory is an asymmetric variant of the weak bisimulation metric that
maintains most of the properties of the original definition. However, our
asymmetric version is particularly suitable to reason on protocols in which the
systems under consideration are not approximately equivalent, as in the case of
gossip protocols
Compositional bisimulation metric reasoning with Probabilistic Process Calculi
We study which standard operators of probabilistic process calculi allow for
compositional reasoning with respect to bisimulation metric semantics. We argue
that uniform continuity (generalizing the earlier proposed property of
non-expansiveness) captures the essential nature of compositional reasoning and
allows now also to reason compositionally about recursive processes. We
characterize the distance between probabilistic processes composed by standard
process algebra operators. Combining these results, we demonstrate how
compositional reasoning about systems specified by continuous process algebra
operators allows for metric assume-guarantee like performance validation
03411 Abstracts Collection -- Language Based Security
From October 5th to 10th 2003,the Dagstuhl Seminar 03411
``Language Based security\u27\u27 was held
in the International Conference and Research Center (IBFI), Schloss Dagstuhl.
During the seminar, several participants presented their current
research, and ongoing work and open problems were discussed. Abstracts of
the presentations given during the seminar are put together in this paper
- …