Safe abstractions of data encodings in formal security protocol models

When using formal methods, security protocols are usually modeled at a high level of abstraction. In particular, data encoding and decoding transformations are often abstracted away. However, if no assumptions at all are made on the behavior of such transformations, they could trivially lead to security faults, for example leaking secrets or breaking freshness by collapsing nonces into constants. In order to address this issue, this paper formally states sufficient conditions, checkable on sequential code, such that if an abstract protocol model is secure under a Dolev-Yao adversary, then a refined model, which takes into account a wide class of possible implementations of the encoding/decoding operations, is implied to be secure too under the same adversary model. The paper also indicates possible exploitations of this result in the context of methods based on formal model extraction from implementation code and of methods based on automated code generation from formally verified model

Formal Verification of Security Protocol Implementations: A Survey

Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac

Directions of Digital Technologies Development in the Supply Chain Management of the Russian Economy

Abstract— The main objective of this paper is to investigate the digitalization and technologies impact on supply chain management of agricultural industry.  This paper provides practical examples of supply chain digitalization, as well as its socio-economic and environmental effects. The absence of processes that are compatible with the high production requirements adopted in foreign markets can lead to crisis phenomena in domestic industries with high potential and rapid growth dynamics in agriculture industry. Agriculture in Russia is an integral part of the agro-industrial complex, and the program “Digitalization of its supply chain” should provide participants with the opportunity to use broadband, mobile, LPWAN communications, information technologies (small and big data, management platforms, etc.) of the domestic instrument industry (tags, controllers, sensors, control units) to improve significantly the efficiency of agriculture. The opportunities for modernizing the industry are huge. Food security of the country and the development of export potential, turn agriculture into a high-tech industry that can not only provide food for itself, but also many countries of the world through the global supply chain system, as well as create opportunities for the introduction of new innovative developments that have not exist before, stimulate management decisions that can provide the population with high-quality and safe products. According to expert estimates, during the season, the farmer has to make more than 40 different decisions in limited time intervals. Many of these solutions, which affect directly the production economy, are objects of digitalization in supply chain

Security against individual attacks for realistic quantum key distribution

I prove the security of quantum key distribution against individual attacks for realistic signals sources, including weak coherent pulses and downconversion sources. The proof applies to the BB84 protocol with the standard detection scheme (no strong reference pulse). I obtain a formula for the secure bit rate per time slot of an experimental setup which can be used to optimize the performance of existing schemes for the considered scenario.Comment: 10 pages, 4 figure