Identity-based deniable authentication for ad hoc networks

Deniable authentication is an important security requirement for ad hoc networks. However, all known identity-based deniable authentication (IBDA) protocols are lack of formal security proof which is very important for cryptographic protocol design. In this paper, we propose a non-interactive IBDA protocol using bilinear pairings. Our protocol admits formal security proof in the random oracle model under the bilinear Diffie-Hellman assumption. Our protocol is faster than all known IBDA protocols of its type. In addition, our protocol supports batch verification that can speed up the verification of authenticators. This characteristic makes our protocol useful in ad hoc networks.     

A formal methodology for integral security design and verification of network protocols

In this work we propose a methodology for incorporating the verification of the security properties of network protocols as a fundamental component of their design. This methodology can be separated in two main parts: context and requirements analysis along with its informal verification; and formal representation of protocols and the corresponding procedural verification. Although the procedural verification phase does not require any specific tool or approach, automated tools for model checking and/or theorem proving offer a good trade-off between effort and results. In general, any security protocol design methodology should be an iterative process addressing in each step critical contexts of increasing complexity as result of the considered protocol goals and the underlying threats. The effort required for detecting flaws is proportional to the complexity of the critical context under evaluation, and thus our methodology avoids wasting valuable system resources by analyzing simple flaws in the first stages of the design process. In this work we provide a methodology in coherence with the step-by-step goals definition and threat analysis using informal and formal procedures, being our main concern to highlight the adequacy of such a methodology for promoting trust in the accordingly implemented communication protocols. Our proposal is illustrated by its application to three communication protocols: MANA III, WEP's Shared Key Authentication and CHAT-SRP.     

一种基于贝叶斯网络的随机测试方法在Cache一致性验证中的设计与实现

随着集成电路设计复杂度指数级增长,功能验证已经越来越成为大规模芯片设计的瓶颈,而在多核处理器中,Cache一致性协议十分复杂,验证难度大。针对Cache一致性协议验证提出基于模拟验证的一种基于贝叶斯网络的随机测试生成方法,解决Cache一致性协议状态空间爆炸的问题。首先分析了Cache一致性协议及基于贝叶斯网络推理的CDG方法,并将CDG方法应用于Cache一致性的验证。以FT处理器中的Cache一致性协议验证为例,对比伪随机测试,使用CDG方法将覆盖率提高近30%。     

Requirements for a Practical Network Event Recognition Language

We propose a run-time monitoring and checking architecture for network protocols called Network Event Recognition. Our framework is based on passively monitoring the packet trace produced by a protocol implementation and checking it for properties written in a formal specification language, NERL. In this paper, we describe the design requirements for NERL. We show how the unique requirements of network protocol monitoring impact design and implementation options. Finally we outline our prototype implementation of NERL and discuss two case studies: checking the correctness of network protocol simulations and privacy issues in packet-mode surveillance.     

一种多项式时间复杂度的密码协议秘密性验证方法

密码协议的秘密性验证是网络安全领域的一个难题,本文在提出协议行为结构的基础上,通过对协议行为及其结构的分析,提出了一种新的密码协议的秘密性验证算法,该算法的时间复杂度是多项式时间的,从而简化了秘密性验证过程,文中最后,作为实例,给出了TMN密码协议的秘密性验证。     

共识协议的形式化验证研究现状与展望

分布式系统在计算环境中发挥重要的作用,其中的共识协议算法用于保证节点间行为的一致性.共识协议的设计错误可能导致系统运行故障,严重时可能对人员和环境造成灾难性的后果,因此保证共识协议设计的正确性非常重要.形式化验证能够严格证明设计模型中目标性质的正确性,适合用于验证共识协议.然而,随着分布式系统的规模增大,问题复杂度提升,使得分布式共识协议的形式化验证更为困难.采用什么方法对共识协议的设计进行形式化验证、如何提升验证规模,是共识协议形式化验证的重要研究问题.对目前采用形式化方法验证共识协议的研究工作进行调研,总结其中提出的重要建模方法和关键验证技术,并展望该领域未来有潜力的研究方向.     

Formal component-based modeling and synthesis for PLC systems

Programmable Logic Controllers (PLCs) are widely used in industry. PLC systems are reactive systems which run cyclically. In each cycle, the system state is checked and the program is executed once to determine the system behavior for a single cycle. Development of PLC systems conventionally follows the V-model, but increasing demand for efficiency and reliability requires a new rigorous and rapid design flow. In this paper, we propose a component-based formal modeling and synthesis method for cyclic execution platforms and apply it to PLC. Our method consists of three main phases: modeling, verification and code synthesis. In the modeling phase, the BIP (Behavior–Interaction–Priority) framework which is flexible and expressive is used as the modeling language. Real-time behavior, which is intensely concerned in PLC systems, can be modeled as well. In the verification phase, the system model is translated to timed automata and checked by Uppaal. Verification helps to ensure correctness of the model and further increases reliability of the implementation. In the code synthesis phase, the software part of the system model is extracted and synthesized to cyclic code. Although the PLC software runs cyclically, the software model is not necessarily given in a cyclic manner. We propose an algorithm which can generate high-performance cyclic code from a model which describes the business work-flow. This feature significantly simplifies program development. A set of tools is implemented to support our design flow and they are applied to an industrial case study for a PLC system that controls dozens of physical devices in a huge palace.     

Using protean for verifying a complex protocol — A case study

Communication protocols used in the field have always suffered from failures. Some of these faults are the result of design errors; others are the result of implementation errors. These errors dramatically increase maintenance cost and decrease software reliability. The best time to maintain software is during its design stage. A formal approach to developing a protocol is deemed necessary to improve the quality of communication software and to reduce maintenance costs. Protocol verification plays a major role in achieving these objectives; a protocol is first specified formally and then this formal specification is analysed using a computer-aided tool. PROTEAN is a software tool that verifies a protocol specified formally in Numerical Petri Nets. This paper describes the experience and practice of using PROTEAN to verify a complex protocol and then presents an evaluation of PROTEAN and its associated techniques in the light of protocol software development. The ISO FTAM protocol is used as a case study.     

身份认证协议的模型检测分析

提出一个直观、易用的模型来模拟和验证身份认证协议，并给出基于Spin(模型检测工具）的实现，它不仅可以模拟多对参与者同时进行会话，而且还有效缩减了状态空间，从而避免了以前文献中提到的状态爆炸现象，同时该文用Needham-Schroeder公钥协议和TMN协议来说明如何应用该模型。     

F-Ant: an effective routing protocol for ant colony optimization based on fuzzy logic in vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) are a subset of mobile ad hoc networks that provide communication services between nearby vehicles and also between vehicles and roadside infrastructure. These networks improve road safety and accident prevention and provide entertainment for passengers of vehicles. Due to the characteristics of VANET such as self-organization, dynamic nature and fast-moving vehicles, routing in this network is a considerable challenge. Swarm intelligence algorithms (nature-inspired) such as ant colony optimization (ACO) have been proposed for developing routing protocols in VANETs. In this paper, we propose an enhanced framework for ACO protocol based on fuzzy logic for VANETs. To indicate the effectiveness and performance of our proposed protocol, the network simulator NS-2 is used for simulation. The simulation results demonstrate that our proposed protocol achieves high data packet delivery ratio and low end-to-end delay compared to traditional routing algorithms such as ACO and ad hoc on-demand distance vector (AODV).

     

安全协议的规范化设计

提出运用组合方法进行安全协议设计。给出了协议中基件与组件的定义,根据组件的安全属性设计实现相应安全目标的单步协议;定义组合规则,确保不同的单步协议能够组合成为一个复合协议,同时各个单步协议还能实现各自的安全目标。根据具体的应用背景选择合适的单步协议,按照组合规则组合后可得到满足需求的安全协议。该组合方法可将一个复合协议分解为若干基于组件的简单单步协议,使得协议的设计与分析易于实现。     

一种基于并发路径的协议验证方法

通信协议验证方法中 ,可达性分析是一种方便的、易于自动化处理的、有效的协议验证方法 .但是随着通信协议的多样性和复杂性的不断增加 ,状态爆炸问题使得可达性分析变得难以实施 .本文采用分而治之的策略 ,提出一种基于并发路径的协议验证方法 .该方法将协议划分为相互独立的并发路径 ,通过逐一分析验证各并发路径 ,来实现验证整个协议的目的 .由于各并发路径的生成和分析都是相互独立的 ,整个协议验证对内存的需求仅受限于各并发路径的复杂度 ,因此有效地缓解了状态爆炸的问题     

A relational algebraic approach to protocol verification

Communications protocols are usually modeled by a pair of finite-state machines that generate the interaction between processes. Protocol verification is a procedure to validate the logical correctness of these interaction sequences and to detect potential design errors. A relational approach is proposed to represent a finite-state machine as a transition table. On this basis, the well-established theory of relational databases can be utilized to derive the global-state transitions of the system. Furthermore, logical errors of a protocol such as deadlocks, incomplete specifications and nonexecutable interactions can be formulated in terms of relational algebra. This approach has been implemented on the INGRES database system and applied to the verification of several protocols     

Design and Analysis of Sensing Scheduling Algorithms under Partial Coverage for Object Detection in Sensor Networks

Object detection quality and network lifetime are two conflicting aspects of a sensor network, but both are critical to many sensor applications such as military surveillance. Partial coverage, where a sensing field is partially sensed by active sensors at any time, is an appropriate approach to balancing the two conflicting design requirements of monitoring applications. Under partial coverage, we develop an analytical framework for object detection in sensor networks, and mathematically analyze average-case object detection quality in random and synchronized sensing scheduling protocols. Our analytical framework facilitates performance evaluation of a sensing schedule, network deployment, and sensing scheduling protocol design. Furthermore, we propose three wave sensing scheduling protocols to achieve bounded worst-case object detection quality. We justify the correctness of our analyses through rigorous proof, and validate the effectiveness of the proposed protocols through extensive simulation experiments