Utilization of timed automata as a verification tool for real-time security protocols

Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2010Includes bibliographical references (leaves: 85-92)Text in English; Abstract: Turkish and Englishxi, 92 leavesTimed Automata is an extension to the automata-theoretic approach to the modeling of real time systems that introduces time into the classical automata. Since it has been first proposed by Alur and Dill in the early nineties, it has become an important research area and been widely studied in both the context of formal languages and modeling and verification of real time systems. Timed automata use dense time modeling, allowing efficient model checking of time-sensitive systems whose correct functioning depend on the timing properties. One of these application areas is the verification of security protocols. This thesis aims to study the timed automata model and utilize it as a verification tool for security protocols. As a case study, the Neuman-Stubblebine Repeated Authentication Protocol is modeled and verified employing the time-sensitive properties in the model. The flaws of the protocol are analyzed and it is commented on the benefits and challenges of the model

Protocols for The Meeting Businessmen Problem

Assume that some businessmen wish to have a meeting. For this to occur, they usuallyhave to meet somewhere. If they cannot meet physically, then they can take part in a video (oraudio) conference to discuss whatever needs to be discussed. But what if their meeting is meant tobe private? In this case they need a cryptographic protocol that allows them to exchange their ideasremotely, while keeping them secure from any potential eavesdropper. In this paper we list all thenecessary requirements that a cryptographic protocol must have in order to allow several businessmento exchange their ideas securely over the Internet. Moreover, and based on the standard taxonomy ofcryptographic protocols, we suggest several approaches on how to design cryptographic protocols thatenable us to achieve our aim. Finally, we propose the design of a protocol that solves the meetingbusinessmen problem

The Meeting Businessmen Problem: Requirements and Limitations

Let us assume that some businessmen wish to have a meeting. For this to happen, they usually have to meet somewhere. If they cannot meet physically, then they can take part in a video (or audio) conference to discuss whatever needs to be discussed. But what if their meeting is meant to be private? In this case they need a cryptographic protocol that allows them to exchange their ideas remotely, while keeping them secure from any potential eavesdropper. In this paper we list all the necessary requirements that a cryptographic protocol must have in order to allow several businessmen to exchange their ideas securely over the Internet. Moreover, and based on the standard taxonomy of cryptographic pro- tocols, we suggest several approaches on how to design cryptographic protocols that enable us to achieve our aim. Finally, we propose the design of a protocol that solves the meeting businessmen problem

Analysis and Design on Key Updating Policies for Satellite Networks

Satellite networks are becoming increasingly important because of the exciting global communication services they provide. Key management policies have been successfully deployed in terrestrial networks to guarantee the information security. However, long propagation, storage and computation constraints bring new challenges in designing efficient and cost-effective key updating policies for satellite networks. Based on the structure and communication features of satellite networks, a dynamic key management model for satellite networks (DKM-SN) is presented, which includes certificates owned by each satellite, primary keys and session keys both of which are shared between two satellites. Furthermore, a protocol is designed for updating certificates for satellites; different policies for updating primary and session keys are studied and their efficiency and security are analyzed and compared. In addition, simulation environment for satellite networks is built and the key updating processes are implemented in Walker constellation. From the simulation results, further contrasts on key updating time and storage costs between the applications of IBM hybrid key management model (HKMM) and DKM-SN in satellite networks are presented. Finally, important suggestions in designing key updating policies are given

Automating Security Protocol Analysis

When Roger Needham and Michael Schroeder first introduced a seemingly secure protocol 24, it took over 18 years to discover that even with the most secure encryption, the conversations using this protocol were still subject to penetration. To date, there is still no one protocol that is accepted for universal use. Because of this, analysis of the protocol outside the encryption is becoming more important. Recent work by Joshua Guttman and others 9 have identified several properties that good protocols often exhibit. Termed Authentication Tests, these properties have been very useful in examining protocols. The purpose of this research is to automate these tests and thus help expedite the analysis of both existing and future protocols. The success of this research is shown through rapid analysis of numerous protocols for the existence of authentication tests. The result of this is that an analyst is now able to ascertain in near real-time whether or not a proposed protocol is of a sound design or whether an existing protocol may contain previously unknown weaknesses. The other achievement of this research is the generality of the input process involved. Although there exist other protocol analyzers, their use is limited primarily due to their complexity of use. With the tool generated here, an analyst needs only to enter their protocol into a standard text file; and almost immediately, the analyzer determines the existence of the authentication tests

Secure web services using two-way authentication and three-party key establishment for service delivery

With the advance of web technologies, a large quantity of transactions have been processed through web services. Service Provider needs encryption via public communication channel in order that web services can be delivered to Service Requester. Such encryptions can be realized using secure session keys. Traditional approaches which can enable such transactions are based on peer-to-peer architecture or hierarchical group architecture. The former method resides on two-party communications while the latter resides on hierarchical group communications. In this paper, we will use three-party key establishment to enable secure communications for Service Requester and Service Provider. The proposed protocol supports Service Requester, Service Broker, and Service Provider with a shared secret key established among them. Compared with peer-to-peer architecture and hierarchical group architecture, our method aims at reducing communication and computation overheads