Game-based verification of contract signing protocols with minimal messages

A multi-party contract signing (MPCS) protocol is used for a group of signers to sign a digital contract over a network. We analyse the protocols of Mauw, Radomirović and Torabi Dashti (MRT), using the finite-state model checker Mocha. Mocha allows for the specification of properties in alternating-time temporal logic (ATL) with game semantics, and the model checking problem for ATL requires the computation of winning strategies. This gives us an intuitive interpretation of the verification problem of crucial properties of MPCS protocols. MRT protocols can be generated from minimal message sequences, depending on the number of signers. We discover an attack on fairness in a published MRT protocol with three signers and a general attack on abuse-freeness for all MRT protocols. For both attacks, we present solutions. The abuse-freeness attack leads us to a revision of the methodology to construct an MRT protocol. Following this revised methodology, we design a number of MRT protocols using minimal message sequences for three and four signers, all of whom have been successfully model checked in Mocha.     

一种新的安全协议验证逻辑及其串空间语义

针对典型的安全协议验证逻辑存在的问题,如安全属性验证存在局限性、对混合密码原语的处理能力不强等,提出一种新的验证逻辑,新逻辑能够验证安全协议的认证性、密钥保密性、非否认性、可追究性、公平性及原子性。现有多数验证逻辑缺乏形式化语义,而逻辑语义能够证明逻辑系统的正确性,因此给出新逻辑所含逻辑构件的串空间语义,并应用串空间模型证明了新逻辑主要推理规则的正 确性。     

Semantic interpretation of Compositional Logic in Instantiation Space

The formal methods for security protocols guarantee the security properties of protocols. Instantiation Space Logic is a new security protocol logic, which has a strong expressive power. Compositional Logic is also a useful security protocol logic. This paper analyzes the relationship between these two logics, and interprets the semantics of Compositional Logic in Instantiation Space model. Through our work, the interpreted Compositional Logic can be extended more easily. Moreover, those security protocols described in Compositional Logic can be automatically verified by the verifier of Instantiation Space. The paper also proves that the expressive power of Instantiation Space Logic, which can not be completely interpreted by Compositional Logic, is stronger than Compositional Logic.     

A Geometric Semantics for Dialogue Game Protocols for Autonomous Agent Interactions

Formal dialogue games studied by philosophers since the time of Aristotle have recently found application in Artificial Intelligence as the basis for protocols for interactions between autonomous software agents. For instance, game protocols have been proposed for agent dialogues involving team formation, persuasion, negotiation and deliberation. There is yet, however, no formal, mathematical theory of dialogue game protocols with which to compare two protocols or to study their formal properties. In this paper,¹ we present preliminary work towards such a theory, in which we develop a geometric semantics for these protocols and, with it, define a notion of equivalence between two protocols. We then demonstrate an algebraic property of protocol equivalence, and use this to show the non-equivalence of two similar generic protocols. We also explore the relationship between finite and infinite dialogues, motivated by the Ehrenfeucht-Fraïssé games of model theory. Our results have implications for the design and evaluation of agent dialogue-game protocols.     

Strategy logic

We introduce strategy logic, a logic that treats strategies in two-player games as explicit first-order objects. The explicit treatment of strategies allows us to specify properties of nonzero-sum games in a simple and natural way. We show that the one-alternation fragment of strategy logic is strong enough to express the existence of Nash equilibria and secure equilibria, and subsumes other logics that were introduced to reason about games, such as ATL, ATL¹, and game logic. We show that strategy logic is decidable, by constructing tree automata that recognize sets of strategies. While for the general logic, our decision procedure is nonelementary, for the simple fragment that is used above we show that the complexity is polynomial in the size of the game graph and optimal in the size of the formula (ranging from polynomial to 2EXPTIME depending on the form of the formula).     

一种分析电子商务安全协议的新逻辑

针对典型电子商务安全协议逻辑分析方法存在的问题,如安全属性分析存在局限性、缺乏形式化语义、对混合密码原语的处理能力不强等,提出了一种新的逻辑分析方法。新逻辑能够分析电子商务安全协议的认证性、密钥保密性、非否认性、可追究性、公平性及原子性。以匿名电子现金支付协议ISI作为分析实例,证明了新逻辑方法的有效性。分析找出了该协议的安全漏洞和缺陷:不满足商家的非否认性、密钥保密性、可追究性、公平性以及原子性,客户面临商家恶意欺骗的潜在威胁。     

基于结构化操作语义的安全协议分析框架研究

操作语义模型是一种用来分析安全协议的新模型,它以操作语义学为基础,结合了多种协议分析模型的优点,能直接分析多个协议的组合问题.本文在对安全协议操作语义模型进行研究的基础上,构建了一个基于结构化操作语义的安全协议分析框架,给出了该框架中的协议规格,协议运行,威胁模型和安全性质等形式化定义.最后,以经典的Needham Schroeder Lowe 协议为例,用该分析框架分析了其机密性和认证性.     

Formal Analysis of Multiparty Contract Signing

We analyze the multiparty contract-signing protocols of Garay and MacKenzie (GM) and of Baum and Waidner (BW). We use a finite-state tool, Mocha, which allows specification of protocol properties in a branching-time temporal logic with game semantics. While our analysis does not reveal any errors in the BW protocol, in the GM protocol we discover serious problems with fairness for four signers and an oversight regarding abuse-freeness for three signers. We propose a complete revision of the GM subprotocols in order to restore fairness.     

Stochastic game logic

Stochastic game logic (SGL) is a new temporal logic for multi-agent systems modeled by turn-based multi-player games with discrete transition probabilities. It combines features of alternating-time temporal logic (ATL), probabilistic computation tree logic and extended temporal logic. SGL contains an ATL-like modality to specify the individual cooperation and reaction facilities of agents in the multi-player game to enforce a certain winning objective. While the standard ATL modality states the existence of a strategy for a certain coalition of agents without restricting the range of strategies for the semantics of inner SGL formulae, we deal with a more general modality. It also requires the existence of a strategy for some coalition, but imposes some kind of strategy binding to inner SGL formulae. This paper presents the syntax and semantics of SGL and discusses its model checking problem for different types of strategies. The model checking problem of SGL turns out to be undecidable when dealing with the full class of history-dependent strategies. We show that the SGL model checking problem for memoryless deterministic strategies as well as the model checking problem of the qualitative fragment of SGL for memoryless randomized strategies is PSPACE-complete, and we establish a close link between natural syntactic fragments of SGL and the polynomial hierarchy. Further, we give a reduction from the SGL model checking problem under memoryless randomized strategies into the Tarski algebra which proves the problem to be in EXPSPACE.     

基于一阶逻辑的非否认协议模型

为了将密码协议的非否认性和公平性统一在一个框架之下更好地进行分析，提出了一套适用于分析非否认性和公平性的一阶逻辑语法和语义。在此基础上建立了一个用于分析非否认性和公平性的一阶逻辑模型，并以Fair ZG非否认协议为例进行了分析，发现了该协议的一个已知攻击，证明了模型的有效性和正确性。     

Towards an Awareness-Based Semantics for Security Protocol Analysis

We report on work-in-progress on a new semantics for analyzing security protocols that combines complementary features of security logics and inductive methods. We use awareness to model the agents' resource-bounded reasoning and, in doing so, capture a more appropriate notion of belief than those usually considered in security logics. We also address the problem of modeling interleaved protocol executions, adapting ideas from inductive methods for protocol verification. The result is an intuitive, but expressive, doxastic logic for formalizing and reasoning about attacks. As a case study, we use awareness to characterize, and demonstrate the existence of, a man-in-the-middle attack upon the Needham-Schroeder Public Key protocol. This is, to our knowledge, not only the first doxastic analysis of this attack but also the first practical application of an awareness logic. Even though defining the awareness sets of the agents, a task that is left unspecified in formal works on awareness logics, turns out to be surprisingly subtle, initial results suggest that our approach is promising for modeling, verifying and reasoning about security protocols and their properties.     

多agent逻辑程序及其在协议验证中的应用

提出一种多agent逻辑程序,每个agent具有一个相信算子,讨论了其不动点语义和操作语义,证明了两种语义之间的等价性.提出了一种基于多agent逻辑程序的协议验证方法,以一种多方非否认安全协议为例,对该协议进行了形式化描述,验证了其具有不可否认性.     

一种复合协议验证逻辑模型

针对协议复合时需要解决的问题,研究提出一种复合协议验证逻辑模型,给出了协议描述、逻辑语法、逻辑语义和相应的证明系统,对协议的秘密性和认证性进行建模,将协议复合分为并行复合和顺序复合,并提出相应的协议复合定理。最后以IKEv2协议为例进行分析,证明了IKEv2两个分别安全的阶段子协议复合后还是安全的。     

Abstract Interpretation for Proving Secrecy Properties in Security Protocols

A cryptographic protocol is a distributed program that can be executed by several actors. Since several runs of the protocol within the same execution are allowed, models of cryptoprotocols are often infinite. Sometimes, for verification purposes, only a finite and approximated model is needed. For this, we consider the problem of computing such an approximation and we propose to simulate the required partial execution in an abstract level. More precisely, we define an abstract finite category G ^a as an abstract game semantics for the SPC calculus, a dedicated calculus for security protocols. The abstract semantics is then used to build a decision procedure for secrecy correctness in security protocols.     

Towards A Game Theoretic Understanding of Ad-Hoc Routing

In this paper we present a new application of game theory, in which game theoretic techniques are used to provide a rigorous underpinning to the analysis of ad-hoc routing protocols. The explosion of interest in ad-hoc networks over the last few years has resulted in a very large number of routing protocols being proposed. Despite this, the science of analysing routing protocols is still relatively immature, and the question that remains is how to decide “how good” a given protocol is. We propose a game theoretic approach as a potentially effective means of answering this question. The conceptual mapping of routing into a game is, we believe, natural and simple. Furthermore, game theory provides an extensive repertoire of tools to analyse key properties. The paper describes how routing techniques can be modelled as games and presents some analytical results.     

Modeling Electronic Payment Systems Based on Dynamic Game

A dynamic game-based model of electronic payment systems is proposed, which is used to analyze formally security property of electronic payment protocols. Compared with previous work, the main contributiono are as follows. Firstly, using strategic games to model channels in three kinds of qualities and participants of dishonest behaviors makes it able to analyze cooperative and adversarial behaviors. Secondly, modeling process and channel failures helps to analyze security properties of a protocol in failed environment.     

Extending Answer Sets for Logic Programming Agents

We present systems of logic programming agents (LPAS) to model the interactions between decision-makers while evolving to a conclusion. Such a system consists of a number of agents connected by means of unidirectional communication channels. Agents communicate with each other by passing answer sets obtained by updating the information received from connected agents with their own private information. We introduce a credulous answer set semantics for logic programming agents. As an application, we show how extensive games with perfect information can be conveniently represented as logic programming agent systems, where each agent embodies the reasoning of a game player, such that the equilibria of the game correspond with the semantics agreed upon by the agents in the LPAS.     

Exogenous Probabilistic Computation Tree Logic

We define a logic EpCTL for reasoning about the evolution of probabilistic systems. System states correspond to probability distributions over classical states and the system evolution is modelled by probabilistic Kripke structures that capture both stochastic and non–deterministic transitions. The proposed logic is a temporal enrichment of Exogenous Probabilistic Propositional Logic (EPPL). The model-checking problem for EpCTL is analysed and the logic is compared with PCTL; the semantics of the former is defined in terms of probability distributions over sets of propositional symbols, whereas the latter is designed for reasoning about distributions over paths of possible behaviour. The intended application of the logic is as a specification formalism for properties of communication protocols, and security protocols in particular; to demonstrate this, we specify relevant security properties for a classical contract signing protocol and for the so–called quantum one–time pad.     

一种新的类BAN逻辑模态语义模型--兼论类BAN逻辑的语法缺陷

由于类BAN逻辑缺乏明确而清晰的语义,其语法规则和推理的正确性就受到了质疑。本文定义了安全协议的计算模型,在此基础上定义了符合模态逻辑的类BAN逻辑“可能世界”语义模型,并从语义的角度证明了在该模型下的类BAN逻辑语法存在的缺陷,同时,指出了建立或改进类BAN逻辑的方向。     

密码协议安全性证明系统解析器的设计与实现*

可证明安全性是密码协议安全性评估的重要依据,但手写安全性证明容易出错且正确性难以判定,利用计算机辅助构造游戏序列进而实现自动化证明是当前一种可行的方法。为此提出一种基于进程演算的密码协议形式化描述模型,定义了描述密码协议安全性证明中攻击游戏的语法规则,并借助工具LEX和YACC,设计出解析器程序,将密码协议及其安全性的形式化描述解析为自动化安全性证明系统的初始数据结构,并用实例来说明这种方法的可行性。