9,939 research outputs found
Composing protocols with randomized actions
Recently, several composition results have been established, showing that two cryptographic protocols proven secure against a Dolev-Yao adversary continue to afford the same security guarantees when composed together, provided the protocol messages are tagged with the information of which protocol they belong to. The key technical tool used to establish this guarantee is a separation result which shows that any attack on the composition can be mapped to an attack on one of the composed protocols running in isolation. We consider the composition of protocols which, in addition to using cryptographic primitives, also employ randomization within the protocol to achieve their goals. We show that if the protocols never reveal a secret with a probability greater than a given threshold, then neither does their composition, given that protocol messages are tagged with the information of which protocol they belong to.Ope
Holistic analysis of mix protocols
Security protocols are often analysed in isolation as
academic challenges. However, the real world can require
various combinations of them, such as a certified email
protocol executed over a resilient channel, or the key registration protocol to precede the purchase protocols of Secure Electronic Transactions (SET). We develop what appears to be the first scalable approach to specifying and analysing mix protocols. It expands on the Inductive Method by exploiting the simplicity with which inductive definitions can refer to each other. This lets the human analyst study each protocol separately first, and then
derive holistic properties about the mix. The approach, which is demonstrated on the sequential composition of a certification protocol with an authentication one, is not limited by the features of the protocols, which can, for example, share message components such as cryptographic keys and nonces. It bears potential for the analysis of complex protocols constructed by general composition of others
EasyUC: using EasyCrypt to mechanize proofs of universally composable security
We present a methodology for using the EasyCrypt proof assistant (originally designed for mechanizing the generation of proofs of game-based security of cryptographic schemes and protocols) to mechanize proofs of security of cryptographic protocols within the universally composable (UC) security framework. This allows, for the first time, the mechanization and formal verification of the entire sequence of steps needed for proving simulation-based security in a modular way: Specifying a protocol and the desired ideal functionality; Constructing a simulator and demonstrating its validity, via reduction to hard computational problems; Invoking the universal composition operation and demonstrating that it indeed preserves security. We demonstrate our methodology on a simple example: stating and proving the security of secure message communication via a one-time pad, where the key comes from a Diffie-Hellman key-exchange, assuming ideally authenticated communication. We first put together EasyCrypt-verified proofs that: (a) the Diffie-Hellman protocol UC-realizes an ideal key-exchange functionality, assuming hardness of the Decisional Diffie-Hellman problem, and (b) one-time-pad encryption, with a key obtained using ideal key-exchange, UC-realizes an ideal secure-communication functionality. We then mechanically combine the two proofs into an EasyCrypt-verified proof that the composed protocol realizes the same ideal secure-communication functionality. Although formulating a methodology that is both sound and workable has proven to be a complex task, we are hopeful that it will prove to be the basis for mechanized UC security analyses for significantly more complex protocols and tasks.Accepted manuscrip
Composability in quantum cryptography
In this article, we review several aspects of composability in the context of
quantum cryptography. The first part is devoted to key distribution. We discuss
the security criteria that a quantum key distribution protocol must fulfill to
allow its safe use within a larger security application (e.g., for secure
message transmission). To illustrate the practical use of composability, we
show how to generate a continuous key stream by sequentially composing rounds
of a quantum key distribution protocol. In a second part, we take a more
general point of view, which is necessary for the study of cryptographic
situations involving, for example, mutually distrustful parties. We explain the
universal composability framework and state the composition theorem which
guarantees that secure protocols can securely be composed to larger
applicationsComment: 18 pages, 2 figure
A tool for the synthesis of cryptographic orchestrators
Security is one of the main challenges of service oriented computing. Services need to be loosely coupled, easily ac- cessible and yet provide tight security guarantees enforced by cryptographic protocols. In this paper, we address how to automatically synthesize an orchestrator process able to guarantee the secure composition of electronic services, sup- porting different communication and cryptographic proto- cols. We present a theoretical model based on process alge- bra, partial model checking and logical satisfiability, plus an automated tool implementing the proposed theory
Emergent Behavior in Cybersecurity
We argue that emergent behavior is inherent to cybersecurity.Comment: 2 pages, HotSoS'2014 (2014 Symposium and Bootcamp on the Science of
Security
Cryptographic security of quantum key distribution
This work is intended as an introduction to cryptographic security and a
motivation for the widely used Quantum Key Distribution (QKD) security
definition. We review the notion of security necessary for a protocol to be
usable in a larger cryptographic context, i.e., for it to remain secure when
composed with other secure protocols. We then derive the corresponding security
criterion for QKD. We provide several examples of QKD composed in sequence and
parallel with different cryptographic schemes to illustrate how the error of a
composed protocol is the sum of the errors of the individual protocols. We also
discuss the operational interpretations of the distance metric used to quantify
these errors.Comment: 31+23 pages. 28 figures. Comments and questions welcom
Term-based composition of security protocols
In the context of security protocol parallel composition, where messages
belonging to different protocols can intersect each other, we introduce a new
paradigm: term-based composition (i.e. the composition of message components
also known as terms). First, we create a protocol specification model by
extending the original strand spaces. Then, we provide a term composition
algorithm based on which new terms can be constructed. To ensure that security
properties are maintained, we introduce the concept of term connections to
express the existing connections between terms and encryption contexts. We
illustrate the proposed composition process by using two existing protocols.Comment: 2008 IEEE International Conference on Automation, Quality and
Testing, Robotics, Cluj-Napoca, Romania, May 2008, pp. 233-238, ISBN
978-1-4244-2576-
On the Design of Cryptographic Primitives
The main objective of this work is twofold. On the one hand, it gives a brief
overview of the area of two-party cryptographic protocols. On the other hand,
it proposes new schemes and guidelines for improving the practice of robust
protocol design. In order to achieve such a double goal, a tour through the
descriptions of the two main cryptographic primitives is carried out. Within
this survey, some of the most representative algorithms based on the Theory of
Finite Fields are provided and new general schemes and specific algorithms
based on Graph Theory are proposed
Modeling Computational Security in Long-Lived Systems, Version 2
For many cryptographic protocols, security relies on the assumption that adversarial entities have limited computational power. This type of security degrades progressively over the lifetime of a protocol. However, some cryptographic services, such as timestamping services or digital archives, are long-lived in nature; they are expected to be secure and operational for a very long time (i.e., super-polynomial). In such cases, security cannot be guaranteed in the traditional sense: a computationally secure protocol may become insecure if the attacker has a super-polynomial number of interactions with the protocol. This paper proposes a new paradigm for the analysis of long-lived security protocols. We allow entities to be active for a potentially unbounded amount of real time, provided they perform only a polynomial amount of work per unit of real time. Moreover, the space used by these entities is allocated dynamically and must be polynomially bounded. We propose a new notion of long-term implementation, which is an adaptation of computational indistinguishability to the long-lived setting. We show that long-term implementation is preserved under polynomial parallel composition and exponential sequential composition. We illustrate the use of this new paradigm by analyzing some security properties of the long-lived timestamping protocol of Haber and Kamat
- …