1,194 research outputs found
Toward Automatic Verification of Quantum Cryptographic Protocols.
Several quantum process algebras have been proposed and successfully applied
in verification of quantum cryptographic protocols. All of the bisimulations
proposed so far for quantum processes in these process algebras are
state-based, implying that they only compare individual quantum states, but not
a combination of them. This paper remedies this problem by introducing a novel
notion of distribution-based bisimulation for quantum processes. We further
propose an approximate version of this bisimulation that enables us to prove
more sophisticated security properties of quantum protocols which cannot be
verified using the previous bisimulations. In particular, we prove that the
quantum key distribution protocol BB84 is sound and (asymptotically) secure
against the intercept-resend attacks by showing that the BB84 protocol, when
executed with such an attacker concurrently, is approximately bisimilar to an
ideal protocol, whose soundness and security are obviously guaranteed, with at
most an exponentially decreasing gap.Comment: Accepted by Concur'1
A class of theory-decidable inference systems
Tableau d’honneur de la Faculté des études supérieures et postdoctorales, 2004-2005Dans les deux dernières décennies, l’Internet a apporté une nouvelle dimension aux communications. Il est maintenant possible de communiquer avec n’importe qui, n’importe où, n’importe quand et ce, en quelques secondes. Alors que certains systèmes de communication distribués, comme le courriel, le chat, . . . , sont plutôt informels et ne nécessitent aucune sécurité, d’autres comme l’échange d’informations militaires ou encore médicales, le commerce électronique, . . . , sont très formels et nécessitent de très hauts niveaux de sécurité. Pour atteindre les objectifs de sécurité voulus, les protocoles cryptographiques sont souvent utilisés. Cependant, la création et l’analyse de ces protocoles sont très difficiles. Certains protocoles ont été montrés incorrects plusieurs années après leur conception. Nous savons maintenant que les méthodes formelles sont le seul espoir pour avoir des protocoles parfaitement corrects. Ce travail est une contribution dans le domaine de l’analyse des protocoles cryptographiques de la façon suivante: • Une classification des méthodes formelles utilisées pour l’analyse des protocoles cryptographiques. • L’utilisation des systèmes d’inférence pour la mod´elisation des protocoles cryptographiques. • La définition d’une classe de systèmes d’inférence qui ont une theorie décidable. • La proposition d’une procédure de décision pour une grande classe de protocoles cryptographiquesIn the last two decades, Internet brought a new dimension to communications. It is now possible to communicate with anyone, anywhere at anytime in few seconds. While some distributed communications, like e-mail, chat, . . . , are rather informal and require no security at all, others, like military or medical information exchange, electronic-commerce, . . . , are highly formal and require a quite strong security. To achieve security goals in distributed communications, it is common to use cryptographic protocols. However, the informal design and analysis of such protocols are error-prone. Some protocols were shown to be deficient many years after their conception. It is now well known that formal methods are the only hope of designing completely secure cryptographic protocols. This thesis is a contribution in the field of cryptographic protocols analysis in the following way: • A classification of the formal methods used in cryptographic protocols analysis. • The use of inference systems to model cryptographic protocols. • The definition of a class of theory-decidable inference systems. • The proposition of a decision procedure for a wide class of cryptographic protocols
Foundations, Properties, and Security Applications of Puzzles: A Survey
Cryptographic algorithms have been used not only to create robust ciphertexts
but also to generate cryptograms that, contrary to the classic goal of
cryptography, are meant to be broken. These cryptograms, generally called
puzzles, require the use of a certain amount of resources to be solved, hence
introducing a cost that is often regarded as a time delay---though it could
involve other metrics as well, such as bandwidth. These powerful features have
made puzzles the core of many security protocols, acquiring increasing
importance in the IT security landscape. The concept of a puzzle has
subsequently been extended to other types of schemes that do not use
cryptographic functions, such as CAPTCHAs, which are used to discriminate
humans from machines. Overall, puzzles have experienced a renewed interest with
the advent of Bitcoin, which uses a CPU-intensive puzzle as proof of work. In
this paper, we provide a comprehensive study of the most important puzzle
construction schemes available in the literature, categorizing them according
to several attributes, such as resource type, verification type, and
applications. We have redefined the term puzzle by collecting and integrating
the scattered notions used in different works, to cover all the existing
applications. Moreover, we provide an overview of the possible applications,
identifying key requirements and different design approaches. Finally, we
highlight the features and limitations of each approach, providing a useful
guide for the future development of new puzzle schemes.Comment: This article has been accepted for publication in ACM Computing
Survey
Web3.0 Security: Privacy Enhancing and Anonym Auditing in Blockchain-based Structures
The advent of Web 3.0, underpinned by blockchain technologies, promises to
transform the internet's landscape by empowering individuals with decentralized
control over their data. However, this evolution brings unique security
challenges that need to be addressed. This paper explores these complexities,
focusing on enhancing privacy and anonymous auditing within blockchain
structures. We present the architecture of Web 3.0 based on the blockchain,
providing a clear perspective on its workflow and security mechanisms. A
security protocol for Web 3.0 systems, employing privacy-preserving techniques
and anonymous auditing during runtime, is proposed. Key components of our
solution include the integration of privacy-enhancing techniques and the
utilization of Tor for anonymous auditing. We discuss related work and propose
a framework that meets these new security requirements. Lastly, we offer an
evaluation and comparison of our model to existing methods. This research
contributes towards the foundational understanding of Web 3.0's secure
structure and offers a pathway towards secure and privacy-preserving digital
interactions in this novel internet landscape
Satellite-Based Communications Security: A Survey of Threats, Solutions, and Research Challenges
Satellite-based Communication systems are gaining renewed momentum in
Industry and Academia, thanks to innovative services introduced by leading tech
companies and the promising impact they can deliver towards the global
connectivity objective tackled by early 6G initiatives. On the one hand, the
emergence of new manufacturing processes and radio technologies promises to
reduce service costs while guaranteeing outstanding communication latency,
available bandwidth, flexibility, and coverage range. On the other hand,
cybersecurity techniques and solutions applied in SATCOM links should be
updated to reflect the substantial advancements in attacker capabilities
characterizing the last two decades. However, business urgency and
opportunities are leading operators towards challenging system trade-offs,
resulting in an increased attack surface and a general relaxation of the
available security services. In this paper, we tackle the cited problems and
present a comprehensive survey on the link-layer security threats, solutions,
and challenges faced when deploying and operating SATCOM systems.Specifically,
we classify the literature on security for SATCOM systems into two main
branches, i.e., physical-layer security and cryptography schemes.Then, we
further identify specific research domains for each of the identified branches,
focusing on dedicated security issues, including, e.g., physical-layer
confidentiality, anti-jamming schemes, anti-spoofing strategies, and
quantum-based key distribution schemes. For each of the above domains, we
highlight the most essential techniques, peculiarities, advantages,
disadvantages, lessons learned, and future directions.Finally, we also identify
emerging research topics whose additional investigation by Academia and
Industry could further attract researchers and investors, ultimately unleashing
the full potential behind ubiquitous satellite communications.Comment: 72 page
- …