Timed Analysis of Security Protocols

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study of different attack scenarios. We model check the protocols using UPPAAL. Further, a taxonomy is obtained by studying and categorising protocols from the well known Clark Jacob library and the Security Protocol Open Repository (SPORE) library. Finally, we present some new challenges and threats that arise when considering time in the analysis, by providing a novel protocol that uses time challenges and exposing a timing attack over an implementation of an existing security protocol

Nonmonotonic Trust Management for P2P Applications

Community decisions about access control in virtual communities are non-monotonic in nature. This means that they cannot be expressed in current, monotonic trust management languages such as the family of Role Based Trust Management languages (RT). To solve this problem we propose RT-, which adds a restricted form of negation to the standard RT language, thus admitting a controlled form of non-monotonicity. The semantics of RT- is discussed and presented in terms of the well-founded semantics for Logic Programs. Finally we discuss how chain discovery can be accomplished for RT-.Comment: This paper appears in the proceedings of the 1st International Workshop on Security and Trust Management (STM 2005). To appear in ENTC

A programming and a modelling perspective on the evaluation of Java card implementations

Java Card Technology has provided a huge step forward in programming smart cards: from assembler to using a high level Object Oriented language. However, the authors have found some differences between the current Java Card version (2.1) and main stream Java that may restrict the benefits of using Java achievable in smartcard programming. In particular, efforts towards evaluating Java Card implementations at a high level of assurance may be hampered by the presence of these differences as well as by the complexity of the Java Card VM and API. The goal of the present paper is to detail the differences from a programming and a modelling point of view

Security Attributes Based Digital Rights Management

Most real-life systems delegate responsibilities to different authorities. We apply this model to a digital rights management system, to achieve flexible security. In our model a hierarchy of authorities issues certificates that are linked by cryptographic means. This linkage establishes a chain of control, identity-attribute-rights, and allows flexible rights control over content. Typical security objectives, such as identification, authentication, authorization and access control can be realised. Content keys are personalised to detect illegal super distribution. We describe a working prototype, which we develop using standard techniques, such as standard certificates, XML and Java. We present experimental results to evaluate the scalability of the system. A formal analysis demonstrates that our design is able to detect a form of illegal super distribution