密码协议基于遍历的分析方法

文献[1]提出用两方密码协议的运行模式对协议进行分析,文章证明该方法未能列举出全部运行模式,因此一些协议的漏洞不能被发现。文章提出一种遍历分析法,让导致攻击成功的假冒消息遍历攻击者在各种情况下消息接收集来对协议进行分析,从而发现协议漏洞。     

SEAS, a secure e-voting protocol: Design and implementation

This paper presents SEAS, the Secure E-voting Applet System, a protocol for implementing a secure system for polling over computer networks, usable in distributed organizations whose members may range up to dozens of thousands. We consider an architecture requiring the minimum number of servers involved in the validation and voting phases. Sensus, [Cranor L, Cytron RK. Sensor: a security-conscious electronic polling system for the internet. In: Proceedings of HICSS'97. IEEE; 1997. p. 561–70], a well-known e-voting protocol, requires only two servers, namely a validator and a tallier. Even if satisfying most of the security requirements of an e-voting system, Sensus suffers from a vulnerability that allows one of the entities involved in the election process to cast its own votes in place of those that abstain from the vote. SEAS is a portable and flexible system that preserves the limited number of servers of Sensus, but it avoids the mentioned vulnerability. We propose a prototype implementation of SEAS based on Java applet and XML technology.     

A three round authenticated group key agreement protocol for ad hoc networks

Group Key Agreement (GKA) protocols enable the participants to derive a key based on each one’s contribution over a public network without any central authority. They also provide efficient ways to change the key when the participants change. While some of the proposed GKA protocols are too resource consuming for the constraint devices often present in ad hoc networks, others lack a formal security analysis. In this paper, we propose a simple, efficient and secure GKA protocol well-suited to ad hoc networks and present results of our implementation of the same in a prototype application.     

On the Relative Soundness of the Free Algebra Model for Public Key Encryption

Formal systems for cryptographic protocol analysis typically model cryptosystems in terms of free algebras. Modeling the behavior of a cryptosystem in terms of rewrite rules is more expressive, however, and there are some attacks that can only be discovered when rewrite rules are used. But free algebras are more efficient, and appear to be sound for “most” protocols. In [J. Millen, “On the freedom of decryption”, Information Processing Letters 86 (6) (June 2003) 329–333] Millen formalizes this intuition for shared key cryptography and provides conditions under which it holds; that is, conditions under which security for a free algebra version of the protocol implies security of the version using rewrite rules. Moreover, these conditions fit well with accepted best practice for protocol design. However, he left public key cryptography as an open problem. In this paper, we show how Millen's approach can be extended to public key cryptography, giving conditions under which security for the free algebra model implies security for the rewrite rule model. As in the case for shared key cryptography, our conditions correspond to standard best practice for protocol design.     

SHAPA: an interactive software environment for protocol analysis

This paper briefly reviews work on verbal report and describes SHAPA, an interactive program for performing both verbal and non-verbal protocol analysis. To a certain extent, SHAPA is to protocol data what a spreadsheet program is to numerical data or what a word processor is to text it is intelligent about the sorts of things a researcher might want to do with verbal or non-verbal protocols, while being blind to particular domains, contexts, or theories. It has been developed with the idea of affording the researcher the closest possible degree of engagement with protocol data. The researcher can configure SHAPA to encode protocols using a wide variety of theoretical frameworks or vocabularies. SHAPA allows protocol analysis to be performed at any level of analysis, and it supplies many tools for data aggregation, manipulation and analysis. Some of these tools have been imported from a tradition of work on non-verbal protocol analysis that has developed very strong analytical tools. The output generated by SHAPA can be used alone or in combination with other performance variables to get a rich picture of the influences on sequences of verbal or non-verbal behaviour.     

Protocol quality engineering: addressing industry concerns about formal methods

In this paper, we describe a quality-directed perspective on the lifecycle process of designing and assembling communications systems and services. We claim this perspective addresses some of the industrial concerns of quality and productivity for the protocol engineering process, while allowing for some of the best formal techniques known for protocol synthesis, verification, conformance testing and performance assessment. We hope that this perspective will assist in the development of a generic conceptual framework which enables the evolution, integration and practical application of protocol engineering models, methods, languages and tools.     

An approach to cyclic protocol validation

In this paper, the notion of fair reachability is generalized to cyclic protocols with more than two processes, where all the processes in a protocol are connected via a unidirectional ring and each process might contain internal transitions and can be non-deterministic. We identify ‘indefiniteness’ as a new type of logical error due to reachable internal transition cycles. By properly incorporating internal transitions into the formulation, we show that, with a few modifications, all the previous results established for cyclic protocols without non-deterministic and internal transitions still hold in the augmented model. Furthermore, by combining fair progress and maximal progress during state exploration, we prove that the following three problems are all decidable for Q, the class of cyclic protocols with finite fair reachable state spaces: (1) global state reachability; (2) abstract state reachability; and (3) execution cycle reachability. In the course of the investigation, we also show that detection of k-indefiniteness and k-livelock are decidable for Q.     

抗原语分析的密码协议设计原则

列举了一个因密钥破解造成的协议失败案例,提出了协议设计的唯密文原则以最大限度地保证长期密钥的安全性,同时唯密文原则还可以抵抗重放、初始化和剪切粘贴攻击。     

A Formal Semantics for DAI Language NUML

Traditional AI systems are brittle in the sense that they fail miserably when presented with problems even sliphtly outside of their limited range of expertise.A powerful,extensible strategy of Distributed Artificial Intelligence (DAI) for overcoming such bounds is to put the system in a society of systems.So the ability to coordinate group activities of individuals and to communicate between each other is necessary for a language describing DAI systems.Agent-oriented language NUML is such a language.It is a specific kind of object-oriented language.To give formal semantics to NUML,there is the problem to formalise object-oriented programming paradigm which is still open.The theory of higher-order π-calculus is a concurrent computation model with sufficient capability,which provides us a mathematical tool to do the formalization.This paper tries to use higher-order π-calculus to formalise NUML.     

Cryptographic protocol logic: Satisfaction for (timed) Dolev–Yao cryptography

This article is about a breadth-first exploration of logical concepts in cryptography and their linguistic abstraction and model-theoretic combination in a comprehensive logical system, called CPL (for Cryptographic Protocol Logic). We focus on two fundamental aspects of cryptography. Namely, the security of communication (as opposed to security of storage) and cryptographic protocols (as opposed to cryptographic operators). The logical concepts explored are the following. Primary concepts The modal concepts of knowledge, norms, provability, space, and time. Secondary concepts Individual and propositional knowledge, confidentiality norms, truth-functional and relevant (in particular, intuitionistic) implication, multiple and complex truth values, and program types. The distinguishing feature of CPL is that it unifies and refines a variety of existing approaches. This feature is the result of our wholistic conception of property-based (modal logics) and model-based (process algebra) formalisms. We illustrate the expressiveness of CPL on representative requirements engineering case studies. Further, we extend (core) CPL (qualitative time) with rational-valued time, i.e. time stamps, timed keys, and potentially drifting local clocks, to tCPL (quantitative time). Our extension is conservative and provides further evidence for Lamport’s claim that adding real time to an untimed formalism is really simple.     

一种挂号电子邮件协议的设计及其形式化分析

挂号电子邮件协议需要具备保密性、不可否认性及公平性。提出了一种基于在线第三方的挂号电子邮件协议,以满足挂号电子邮件的一般安全特性。利用扩展Kailar逻辑对该协议进行分析,说明该协议满足不可否认性及公平性,并具有抗篡改、重放等攻击及第三方无法获得邮件内容等优点。     

A formal semantics for an active functional DBPL

We describe how the functional database programming language PFL is extended with an active component without compromising either its declarative semantics or its syntax. We give a formal specification of the active component using PFL itself, including event specification and detection, parameter-binding, reaction scheduling and abort handling. We describe how a user-specified function can be cast as a primitive event, and discuss the expressiveness of events and the optimisation of event detection.     

Symbolic protocol analysis in the union of disjoint intruder theories: Combining decision procedures

Most of the decision procedures for symbolic analysis of protocols are limited to a fixed set of algebraic operators associated with a fixed intruder theory. Examples of such sets of operators comprise XOR, multiplication, abstract encryption/decryption. In this report we give an algorithm for combining decision procedures for arbitrary intruder theories with disjoint sets of operators, provided that solvability of ordered intruder constraints, a slight generalization of intruder constraints, can be decided in each theory. This is the case for most of the intruder theories for which a decision procedure has been given. In particular our result allows us to decide trace-based security properties of protocols that employ any combination of the above mentioned operators with a bounded number of sessions.     

An executable formal semantics for UML-RT

We propose a formal semantics for UML-RT, a UML profile for real-time and embedded systems. The formal semantics is given by mapping UML-RT models into a language called kiltera, a real-time extension of the \(\pi \)-calculus. Previous attempts to formalize the semantics of UML-RT have fallen short by considering only a very small subset of the language and providing fundamentally incomplete semantics based on incorrect assumptions, such as a one-to-one correspondence between “capsules” and threads. Our semantics is novel in several ways: (1) it deals with both state machine diagrams and capsule diagrams; (2) it deals with aspects of UML-RT that have not been formalized before, such as thread allocation, service provision points, and service access points; (3) it supports an action language; and (4) the translation has been implemented in the form of a transformation from UML-RT models created with IBM’s RSA-RTE tool, into kiltera code. To our knowledge, this is the most comprehensive formal semantics for UML-RT to date.     

基于类型的密码协议验证方法

探讨使用一组形式化的规则来验证密码协议安全属性的方法.这些规则基于传统的等级和信息流的思想,通过将其扩展后用来处理密码协议中的并发进程.通过这些规则可以向用户提供一种检测方法,该方法用于判断:如果协议通过了检测,则可以认为该协议没有泄漏任何秘密的消息.     

A formal semantics for the Taverna 2 workflow model

This paper presents a formal semantics for the Taverna 2 scientific workflow system. Taverna 2 is a successor to Taverna, an open-source workflow system broadly adopted within the e-science community worldwide. The new version improves upon the existing model in two main ways: (i) by adding support for data pipelining, which in turns enables input streams of indefinite length to be processed efficiently; and (ii) by providing new extensibility points that make it possible to add new operators to the workflow model. Consistent with previous work by some of the authors, we use trace semantics to describe the effect of workflow computations, and we show how they can be used to describe the new features in the Taverna 2 model.     

一种新的基于有色Petri网的安全协议建模方法

密码协议安全性的分析是网络安全的一个难题，运用形式化方法对密码协议进行分析一直是该领域的研究热点。本文提出了一种新的基于有色Petri网的安全协议建模方法，并以TMN密码协议为例，说明了这一方法的建模过程。