742 research outputs found
Symbolic Universal Composability
We introduce a variant of the Universal Composability framework (UC; Canetti, FOCS 2001) that uses symbolic cryptography. Two salient properties of the UC framework are secure composition and the possibility of easily defining security by giving an ideal functionality as specification. These advantages are now also available in a symbolic modeling of cryptography, allowing for a modular analysis of complex protocols.
We furthermore introduce a new technique for modular design of protocols that uses UC but avoids the need for powerful cryptographic primitives that often comes with UC protocols; this virtual primitives approach is unique to the symbolic setting and has no counterpart in the original computational UC framework
Automated Cryptographic Analysis of the Pedersen Commitment Scheme
Aiming for strong security assurance, recently there has been an increasing
interest in formal verification of cryptographic constructions. This paper
presents a mechanised formal verification of the popular Pedersen commitment
protocol, proving its security properties of correctness, perfect hiding, and
computational binding. To formally verify the protocol, we extended the theory
of EasyCrypt, a framework which allows for reasoning in the computational
model, to support the discrete logarithm and an abstraction of commitment
protocols. Commitments are building blocks of many cryptographic constructions,
for example, verifiable secret sharing, zero-knowledge proofs, and e-voting.
Our work paves the way for the verification of those more complex
constructions.Comment: 12 pages, conference MMM-ACNS 201
Composable M&S web services for net-centric applications
Service-oriented architectures promise easier integration of functionality in the form of web services into operational systems than is the case with interface-driven system-oriented approaches. Although the Extensible Markup Language (XML) enables a new level of interoperability among heterogeneous systems, XML alone does not solve all interoperability problems users contend with when integrating services into operational systems. To manage the basic challenges of service interoperation, we developed the Levels of Conceptual Interoperability Model (LCIM) to enable a layered approach and gradual solution improvements. Furthermore, we developed methods of model-based data engineering (MBDE) for semantically consistent service integration as a first step. These methods have been applied in the U.S. in collaboration with industry resulting in proofs of concepts. The results are directly applicable in a net-centric and net-enabled environment
Rethinking the Physical Symbol Systems Hypothesis
It is now more than a half-century since the Physical Symbol Systems
Hypothesis (PSSH) was first articulated as an empirical hypothesis. More recent
evidence from work with neural networks and cognitive architectures has
weakened it, but it has not yet been replaced in any satisfactory manner. Based
on a rethinking of the nature of computational symbols -- as atoms or
placeholders -- and thus also of the systems in which they participate, a
hybrid approach is introduced that responds to these challenges while also
helping to bridge the gap between symbolic and neural approaches, resulting in
two new hypotheses, one that is to replace the PSSH and other focused more
directly on cognitive architectures.Comment: Final version published at the the 16th Annual AGI Conference, 202
EasyUC: using EasyCrypt to mechanize proofs of universally composable security
We present a methodology for using the EasyCrypt proof assistant (originally designed for mechanizing the generation of proofs of game-based security of cryptographic schemes and protocols) to mechanize proofs of security of cryptographic protocols within the universally composable (UC) security framework. This allows, for the first time, the mechanization and formal verification of the entire sequence of steps needed for proving simulation-based security in a modular way: Specifying a protocol and the desired ideal functionality; Constructing a simulator and demonstrating its validity, via reduction to hard computational problems; Invoking the universal composition operation and demonstrating that it indeed preserves security. We demonstrate our methodology on a simple example: stating and proving the security of secure message communication via a one-time pad, where the key comes from a Diffie-Hellman key-exchange, assuming ideally authenticated communication. We first put together EasyCrypt-verified proofs that: (a) the Diffie-Hellman protocol UC-realizes an ideal key-exchange functionality, assuming hardness of the Decisional Diffie-Hellman problem, and (b) one-time-pad encryption, with a key obtained using ideal key-exchange, UC-realizes an ideal secure-communication functionality. We then mechanically combine the two proofs into an EasyCrypt-verified proof that the composed protocol realizes the same ideal secure-communication functionality. Although formulating a methodology that is both sound and workable has proven to be a complex task, we are hopeful that it will prove to be the basis for mechanized UC security analyses for significantly more complex protocols and tasks.Accepted manuscrip
Probabilistic Model Checking for Energy Analysis in Software Product Lines
In a software product line (SPL), a collection of software products is
defined by their commonalities in terms of features rather than explicitly
specifying all products one-by-one. Several verification techniques were
adapted to establish temporal properties of SPLs. Symbolic and family-based
model checking have been proven to be successful for tackling the combinatorial
blow-up arising when reasoning about several feature combinations. However,
most formal verification approaches for SPLs presented in the literature focus
on the static SPLs, where the features of a product are fixed and cannot be
changed during runtime. This is in contrast to dynamic SPLs, allowing to adapt
feature combinations of a product dynamically after deployment. The main
contribution of the paper is a compositional modeling framework for dynamic
SPLs, which supports probabilistic and nondeterministic choices and allows for
quantitative analysis. We specify the feature changes during runtime within an
automata-based coordination component, enabling to reason over strategies how
to trigger dynamic feature changes for optimizing various quantitative
objectives, e.g., energy or monetary costs and reliability. For our framework
there is a natural and conceptually simple translation into the input language
of the prominent probabilistic model checker PRISM. This facilitates the
application of PRISM's powerful symbolic engine to the operational behavior of
dynamic SPLs and their family-based analysis against various quantitative
queries. We demonstrate feasibility of our approach by a case study issuing an
energy-aware bonding network device.Comment: 14 pages, 11 figure
Composing security protocols: from confidentiality to privacy
Security protocols are used in many of our daily-life applications, and our privacy largely depends on their design. Formal verification techniques have proved their usefulness to analyse these protocols, but they become so complex that modular techniques have to be developed. We propose several results to safely compose security protocols. We consider arbitrary primitives modeled using an equational theory, and a rich process algebra close to the applied pi calculus.
Relying on these composition results, we derive some security properties on a protocol from the security analysis performed on each of its sub-protocols individually. We consider parallel composition and the case of key-exchange protocols. Our results apply to deal with confidentiality but also privacy-type properties (e.g. anonymity) expressed using a notion of equivalence. We illustrate the usefulness of our composition results on protocols from the 3G phone application and electronic passport
A Semantic Model for Interacting Cyber-Physical Systems
We propose a component-based semantic model for Cyber-Physical Systems (CPSs)
wherein the notion of a component abstracts the internal details of both cyber
and physical processes, to expose a uniform semantic model of their externally
observable behaviors expressed as sets of sequences of observations. We
introduce algebraic operations on such sequences to model different kinds of
component composition. These composition operators yield the externally
observable behavior of their resulting composite components through
specifications of interactions of the behaviors of their constituent
components, as they, e.g., synchronize with or mutually exclude each other's
alternative behaviors. Our framework is expressive enough to allow articulation
of properties that coordinate desired interactions among composed components
within the framework, also as component behavior. We demonstrate the usefulness
of our formalism through examples of coordination properties in a CPS
consisting of two robots interacting through shared physical resources
- …