8,028 research outputs found
Analysis of the Security of BB84 by Model Checking
Quantum Cryptography or Quantum key distribution (QKD) is a technique that
allows the secure distribution of a bit string, used as key in cryptographic
protocols. When it was noted that quantum computers could break public key
cryptosystems based on number theory extensive studies have been undertaken on
QKD. Based on quantum mechanics, QKD offers unconditionally secure
communication. Now, the progress of research in this field allows the
anticipation of QKD to be available outside of laboratories within the next few
years. Efforts are made to improve the performance and reliability of the
implemented technologies. But several challenges remain despite this big
progress. The task of how to test the apparatuses of QKD For example did not
yet receive enough attention. These devises become complex and demand a big
verification effort. In this paper we are interested in an approach based on
the technique of probabilistic model checking for studying quantum information.
Precisely, we use the PRISM tool to analyze the security of BB84 protocol and
we are focused on the specific security property of eavesdropping detection. We
show that this property is affected by the parameters of quantum channel and
the power of eavesdropper.Comment: 12 Pages, IJNS
An Authentication Protocol for Future Sensor Networks
Authentication is one of the essential security services in Wireless Sensor
Networks (WSNs) for ensuring secure data sessions. Sensor node authentication
ensures the confidentiality and validity of data collected by the sensor node,
whereas user authentication guarantees that only legitimate users can access
the sensor data. In a mobile WSN, sensor and user nodes move across the network
and exchange data with multiple nodes, thus experiencing the authentication
process multiple times. The integration of WSNs with Internet of Things (IoT)
brings forth a new kind of WSN architecture along with stricter security
requirements; for instance, a sensor node or a user node may need to establish
multiple concurrent secure data sessions. With concurrent data sessions, the
frequency of the re-authentication process increases in proportion to the
number of concurrent connections, which makes the security issue even more
challenging. The currently available authentication protocols were designed for
the autonomous WSN and do not account for the above requirements. In this
paper, we present a novel, lightweight and efficient key exchange and
authentication protocol suite called the Secure Mobile Sensor Network (SMSN)
Authentication Protocol. In the SMSN a mobile node goes through an initial
authentication procedure and receives a re-authentication ticket from the base
station. Later a mobile node can use this re-authentication ticket when
establishing multiple data exchange sessions and/or when moving across the
network. This scheme reduces the communication and computational complexity of
the authentication process. We proved the strength of our protocol with
rigorous security analysis and simulated the SMSN and previously proposed
schemes in an automated protocol verifier tool. Finally, we compared the
computational complexity and communication cost against well-known
authentication protocols.Comment: This article is accepted for the publication in "Sensors" journal. 29
pages, 15 figure
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
- …