50,617 research outputs found
Performance and cryptographic evaluation of security protocols in distributed networks using applied pi calculus and Markov Chain
The development of cryptographic protocols goes through two stages, namely, security verification and performance analysis. The verification of the protocolās security properties could be analytically achieved using threat modelling, or formally using formal methods and model checkers. The performance analysis could be mathematical or simulation-based. However, mathematical modelling is complicated and does not reflect the actual deployment environment of the protocol in the current state of the art. Simulation software provides scalability and can simulate complicated scenarios, however, there are times when it is not possible to use simulations due to a lack of support for new technologies or simulation scenarios. Therefore, this paper proposes a formal method and analytical model for evaluating the performance of security protocols using applied pi-calculus and Markov Chain processes. It interprets algebraic processes and associates cryptographic operatives with quantitative measures to estimate and evaluate cryptographic costs. With this approach, the protocols are presented as processes using applied pi-calculus, and their security properties are an approximate abstraction of protocol equivalence based on the verification from ProVerif and evaluated using analytical and simulation models for quantitative measures. The interpretation of the quantities is associated with process transitions, rates, and measures as a cost of using cryptographic primitives. This method supports usersā input in analysing the protocolās activities and performance. As a proof of concept, we deploy this approach to assess the performance of security protocols designed to protect large-scale, 5G-based Device-to-Device communications. We also conducted a performance evaluation of the protocols based on analytical and network simulator results to compare the effectiveness of the proposed approach
Virtual Communication Stack: Towards Building Integrated Simulator of Mobile Ad Hoc Network-based Infrastructure for Disaster Response Scenarios
Responses to disastrous events are a challenging problem, because of possible
damages on communication infrastructures. For instance, after a natural
disaster, infrastructures might be entirely destroyed. Different network
paradigms were proposed in the literature in order to deploy adhoc network, and
allow dealing with the lack of communications. However, all these solutions
focus only on the performance of the network itself, without taking into
account the specificities and heterogeneity of the components which use it.
This comes from the difficulty to integrate models with different levels of
abstraction. Consequently, verification and validation of adhoc protocols
cannot guarantee that the different systems will work as expected in
operational conditions. However, the DEVS theory provides some mechanisms to
allow integration of models with different natures. This paper proposes an
integrated simulation architecture based on DEVS which improves the accuracy of
ad hoc infrastructure simulators in the case of disaster response scenarios.Comment: Preprint. Unpublishe
ProbNV: probabilistic verification of network control planes
ProbNV is a new framework for probabilistic network control plane verification that strikes a balance between generality and scalability. ProbNV is general enough to encode a wide range of features from the most common protocols (eBGP and OSPF) and yet scalable enough to handle challenging properties, such as probabilistic all-failures analysis of medium-sized networks with 100-200 devices. When there are a small, bounded number of failures, networks with up to 500 devices may be verified in seconds. ProbNV operates by translating raw CISCO configurations into a probabilistic and functional programming language designed for network verification. This language comes equipped with a novel type system that characterizes the sort of representation to be used for each data structure: concrete for the usual representation of values; symbolic for a BDD-based representation of sets of values; and multi-value for an MTBDD-based representation of values that depend upon symbolics. Careful use of these varying representations speeds execution of symbolic simulation of network models. The MTBDD-based representations are also used to calculate probabilistic properties of network models once symbolic simulation is complete. We implement the language and evaluate its performance on benchmarks constructed from real network topologies and synthesized routing policies
Formal analysis techniques for gossiping protocols
We give a survey of formal verification techniques that can be used to corroborate existing experimental results for gossiping protocols in a rigorous manner. We present properties of interest for gossiping protocols and discuss how various formal evaluation techniques can be employed to predict them
The STRESS Method for Boundary-point Performance Analysis of End-to-end Multicast Timer-Suppression Mechanisms
Evaluation of Internet protocols usually uses random scenarios or scenarios
based on designers' intuition. Such approach may be useful for average-case
analysis but does not cover boundary-point (worst or best-case) scenarios. To
synthesize boundary-point scenarios a more systematic approach is needed.In
this paper, we present a method for automatic synthesis of worst and best case
scenarios for protocol boundary-point evaluation.
Our method uses a fault-oriented test generation (FOTG) algorithm for
searching the protocol and system state space to synthesize these scenarios.
The algorithm is based on a global finite state machine (FSM) model. We extend
the algorithm with timing semantics to handle end-to-end delays and address
performance criteria. We introduce the notion of a virtual LAN to represent
delays of the underlying multicast distribution tree. The algorithms used in
our method utilize implicit backward search using branch and bound techniques
and start from given target events. This aims to reduce the search complexity
drastically. As a case study, we use our method to evaluate variants of the
timer suppression mechanism, used in various multicast protocols, with respect
to two performance criteria: overhead of response messages and response time.
Simulation results for reliable multicast protocols show that our method
provides a scalable way for synthesizing worst-case scenarios automatically.
Results obtained using stress scenarios differ dramatically from those obtained
through average-case analyses. We hope for our method to serve as a model for
applying systematic scenario generation to other multicast protocols.Comment: 24 pages, 10 figures, IEEE/ACM Transactions on Networking (ToN) [To
appear
A Lightweight and Attack Resistant Authenticated Routing Protocol for Mobile Adhoc Networks
In mobile ad hoc networks, by attacking the corresponding routing protocol,
an attacker can easily disturb the operations of the network. For ad hoc
networks, till now many secured routing protocols have been proposed which
contains some disadvantages. Therefore security in ad hoc networks is a
controversial area till now. In this paper, we proposed a Lightweight and
Attack Resistant Authenticated Routing Protocol (LARARP) for mobile ad hoc
networks. For the route discovery attacks in MANET routing protocols, our
protocol gives an effective security. It supports the node to drop the invalid
packets earlier by detecting the malicious nodes quickly by verifying the
digital signatures of all the intermediate nodes. It punishes the misbehaving
nodes by decrementing a credit counter and rewards the well behaving nodes by
incrementing the credit counter. Thus it prevents uncompromised nodes from
attacking the routes with malicious or compromised nodes. It is also used to
prevent the denial-of-service (DoS) attacks. The efficiency and effectiveness
of LARARP are verified through the detailed simulation studies.Comment: 14 Pages, IJWM
Practical applications of probabilistic model checking to communication protocols
Probabilistic model checking is a formal verification technique for the analysis of systems that exhibit stochastic behaviour. It has been successfully employed in an extremely wide array of application domains including, for example, communication and multimedia protocols, security and power management. In this chapter we focus on the applicability of these techniques to the analysis of communication protocols. An analysis of the performance of such systems must successfully incorporate several crucial aspects, including concurrency between multiple components, real-time constraints and randomisation. Probabilistic model checking, in particular using probabilistic timed automata, is well suited to such an analysis. We provide an overview of this area, with emphasis on an industrially relevant case study: the IEEE 802.3 (CSMA/CD) protocol. We also discuss two contrasting approaches to the implementation of probabilistic model checking, namely those based on numerical computation and those based on discrete-event simulation. Using results from the two tools PRISM and APMC, we summarise the advantages, disadvantages and trade-offs associated with these techniques
Applying Formal Methods to Networking: Theory, Techniques and Applications
Despite its great importance, modern network infrastructure is remarkable for
the lack of rigor in its engineering. The Internet which began as a research
experiment was never designed to handle the users and applications it hosts
today. The lack of formalization of the Internet architecture meant limited
abstractions and modularity, especially for the control and management planes,
thus requiring for every new need a new protocol built from scratch. This led
to an unwieldy ossified Internet architecture resistant to any attempts at
formal verification, and an Internet culture where expediency and pragmatism
are favored over formal correctness. Fortunately, recent work in the space of
clean slate Internet design---especially, the software defined networking (SDN)
paradigm---offers the Internet community another chance to develop the right
kind of architecture and abstractions. This has also led to a great resurgence
in interest of applying formal methods to specification, verification, and
synthesis of networking protocols and applications. In this paper, we present a
self-contained tutorial of the formidable amount of work that has been done in
formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial
- ā¦