Verifying Privacy-Type Properties in a Modular Way

Formal methods have proved their usefulness for analysing the security of protocols. In this setting, privacy-type security properties (e.g. vote-privacy, anonymity, unlink ability) that play an important role in many modern applications are formalised using a notion of equivalence. In this paper, we study the notion of trace equivalence and we show how to establish such an equivalence relation in a modular way. It is well-known that composition works well when the processes do not share secrets. However, there is no result allowing us to compose processes that rely on some shared secrets such as long term keys. We show that composition works even when the processes share secrets provided that they satisfy some reasonable conditions. Our composition result allows us to prove various equivalence-based properties in a modular way, and works in a quite general setting. In particular, we consider arbitrary cryptographic primitives and processes that use non-trivial else branches. As an example, we consider the ICAO e-passport standard, and we show how the privacy guarantees of the whole application can be derived from the privacy guarantees of its sub-protocols

Composing security protocols: from confidentiality to privacy

Security protocols are used in many of our daily-life applications, and our privacy largely depends on their design. Formal verification techniques have proved their usefulness to analyse these protocols, but they become so complex that modular techniques have to be developed. We propose several results to safely compose security protocols. We consider arbitrary primitives modeled using an equational theory, and a rich process algebra close to the applied pi calculus. Relying on these composition results, we derive some security properties on a protocol from the security analysis performed on each of its sub-protocols individually. We consider parallel composition and the case of key-exchange protocols. Our results apply to deal with confidentiality but also privacy-type properties (e.g. anonymity) expressed using a notion of equivalence. We illustrate the usefulness of our composition results on protocols from the 3G phone application and electronic passport

A Reduced Semantics for Deciding Trace Equivalence

Many privacy-type properties of security protocols can be modelled using trace equivalence properties in suitable process algebras. It has been shown that such properties can be decided for interesting classes of finite processes (i.e., without replication) by means of symbolic execution and constraint solving. However, this does not suffice to obtain practical tools. Current prototypes suffer from a classical combinatorial explosion problem caused by the exploration of many interleavings in the behaviour of processes. M\"odersheim et al. have tackled this problem for reachability properties using partial order reduction techniques. We revisit their work, generalize it and adapt it for equivalence checking. We obtain an optimisation in the form of a reduced symbolic semantics that eliminates redundant interleavings on the fly. The obtained partial order reduction technique has been integrated in a tool called APTE. We conducted complete benchmarks showing dramatic improvements.Comment: Accepted for publication in LMC

A Formal Theory of Key Conjuring

Key conjuring is the process by which an attacker obtains an unknown, encrypted key by repeatedly calling a cryptographic API function with random values in place of keys. We propose a formalism for detecting computationally feasible key conjuring operations, incorporated into a Dolev-Yao style model of the security API. We show that security in the presence of key conjuring operations is decidable for a particular class of APIs, which includes the key management API of IBM’s Common Cryptographic Architecture (CCA)

Partial Order Reduction for Security Protocols

Security protocols are concurrent processes that communicate using cryptography with the aim of achieving various security properties. Recent work on their formal verification has brought procedures and tools for deciding trace equivalence properties (e.g., anonymity, unlinkability, vote secrecy) for a bounded number of sessions. However, these procedures are based on a naive symbolic exploration of all traces of the considered processes which, unsurprisingly, greatly limits the scalability and practical impact of the verification tools. In this paper, we overcome this difficulty by developing partial order reduction techniques for the verification of security protocols. We provide reduced transition systems that optimally eliminate redundant traces, and which are adequate for model-checking trace equivalence properties of protocols by means of symbolic execution. We have implemented our reductions in the tool Apte, and demonstrated that it achieves the expected speedup on various protocols

Trace Equivalence Decision: Negative Tests and Non-determinism

We consider security properties of cryptographic protocols that can be modeled using the notion of trace equivalence. The notion of equivalence is crucial when specifying privacy-type properties, like anonymity, vote-privacy, and unlinkability. In this paper, we give a calculus that is close to the applied pi calculus and that allows one to capture most existing protocols that rely on classical cryptographic primitives. First, we propose a symbolic semantics for our calculus relying on constraint systems to represent infinite sets of possible traces, and we reduce the decidability of trace equivalence to deciding a notion of symbolic equivalence between sets of constraint systems. Second, we develop an algorithm allowing us to decide whether two sets of constraint systems are in symbolic equivalence or not. Altogether, this yields the first decidability result of trace equivalence for a general class of processes that may involve else branches and/or private channels (for a bounded number of sessions)

Aspects of production for Clerodendrum as potted flowering plants

The effect of growth regulators gibberellic acid (Pro-Gibb™), daminozide (B-Nine™), ancymidol (A-Rest™) and paclobutrazol (Bonzi™) were evaluated on species of Clerodendrum grown as flowering pot plants. Studies on photoperiod and post-production longevity were also included. Experiments were conducted on C. bungei, C. thomsoniae, C. ugandense, C. phillippinum, C. paniculata and C. speciosissimum in polycarbonate greenhouses. For C. thomsoniae the best growth control was achieved by applying paclobutrazol and ancymidol drench at a rate of 1.0 mg a.i. /pot. For C. ugandense, the most appropriate application rate of PGR was paclobutrazol drench at 5 to 15 mg a.i./pot. C. bungei did not respond significantly to either daminozide or paclobutrazol treatments compared to control. Based on the visual quality rating, C. bungei were acceptable as marketable plants until day 7, and C. ugandense were acceptable as marketable plants until day 5. Neither daminozide nor paclobutrazol had any effect on C. bungei quality ratings in post-production. In C. ugandense, however, there were significant differences in post-production when comparing the daminozide and the paclobutrazol treatments. On day 5, 7 and 11, the paclobutrazol treated plants had significantly lower quality ratings compared to control and compared to those treated with daminozide. It appears that the paclobutrazol treatment may produce a quality plant, but has a negative effect on post-production longevity. Gibberellic acid at 10 ppm was considered the best rate and most economical rate for promoting optimum vegetative growth of C. thomsoniae to sufficiently cover a round support hoop. C. speciosissimum, C. phillippinum, C. paniculata and C. speciosissimum were determined to be long day plants (12-h photoperiod or longer). Height of C. paniculata and C. speciosissimum was significantly increased by the 12 or 16-h photoperiod

Differences between the acoustic parameters of prosody in speakers with asd and typically developing speakers ages three to six

The present study was designed to compare the acoustic parameters of prosody of children between the ages of three and six with Autism Spectrum Disorder (ASD to age matched typically developing (TD) speakers. The acoustic parameters of prosody examined were fundamental frequency (f0), intensity, speech rate, and speech rhythm. Analyzing the acoustic features of atypical expressive prosody in speakers with ASD would provide more detailed and defined information regarding the nature of the prosodic abnormality in these individuals to guide clinicians in providing a more concentrated focus for intervention. Speech samples were obtained from ten English-speaking, monolingual children (5 ASD, 5 TD) between the ages of three and six. The speech samples were analyzed for various measurements of f0, intensity, speech rate, and speech rhythm to determine differences. Results showed that, of the ten prosodic variables analyzed, five of them were significantly different between ASD and TD speakers: %V, mean f0, f0 standard deviation, intensity range, and intensity standard deviation. Specifically, TD speakers had a higher %V, f0 mean, intensity range, and intensity standard deviation, while ASD speakers had a higher f0 standard deviation. These findings in relation to previous, similar research, suggest that the prosodic features of preschool age children with ASD change with increasing age. Therefore, it is essential that clinicians are aware of ages in which prosodic deficits tend to appear so that intervention can begin at the appropriate age for each child and potential social barriers can be minimized or prevented