Results 1 - 10
of
1,331
Compositional Model Checking
, 1999
"... We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approac ..."
Abstract
-
Cited by 3252 (70 self)
- Add to MetaCart
We describe a method for reducing the complexity of temporal logic model checking in systems composed of many parallel processes. The goal is to check properties of the components of a system and then deduce global properties from these local properties. The main difficulty with this type of approach is that local properties are often not preserved at the global level. We present a general framework for using additional interface processes to model the environment for a component. These interface processes are typically much simpler than the full environment of the component. By composing a component with its interface processes and then checking properties of this composition, we can guarantee that these properties will be preserved at the global level. We give two example compositional systems based on the logic CTL*.
A calculus for cryptographic protocols: The spi calculus
- Information and Computation
, 1999
"... We introduce the spi calculus, an extension of the pi calculus designed for the description and analysis of cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication protocols. The pi calculus (without extension) suffices for some abstract protocols; the ..."
Abstract
-
Cited by 898 (50 self)
- Add to MetaCart
(Show Context)
We introduce the spi calculus, an extension of the pi calculus designed for the description and analysis of cryptographic protocols. We show how to use the spi calculus, particularly for studying authentication protocols. The pi calculus (without extension) suffices for some abstract protocols; the spi calculus enables us to consider cryptographic issues in more detail. We represent protocols as processes in the spi calculus and state their security properties in terms of coarsegrained notions of protocol equivalence.
Breaking and Fixing the Needham-Schroeder Public-Key Protocol using FDR
, 1996
"... In this paper we analyse the well known Needham-Schroeder Public-Key Protocol using FDR, a refinement checker for CSP. We use FDR to discover an attack upon the protocol, which allows an intruder to impersonate another agent. We adapt the protocol, and then use FDR to show that the new protocol is s ..."
Abstract
-
Cited by 719 (13 self)
- Add to MetaCart
(Show Context)
In this paper we analyse the well known Needham-Schroeder Public-Key Protocol using FDR, a refinement checker for CSP. We use FDR to discover an attack upon the protocol, which allows an intruder to impersonate another agent. We adapt the protocol, and then use FDR to show that the new protocol is secure, at least for a small system. Finally we prove a result which tells us that if this small system is secure, then so is a system of arbitrary size. 1 Introduction In a distributed computer system, it is necessary to have some mechanism whereby a pair of agents can be assured of each other's identity---they should become sure that they really are talking to each other, rather than to an intruder impersonating the other agent. This is the role of an authentication protocol. In this paper we use the Failures Divergences Refinement Checker (FDR) [11, 5], a model checker for CSP, to analyse the Needham-Schroeder PublicKey Authentication Protocol [8]. FDR takes as input two CSP processes, ...
Secure Routing for Mobile Ad Hoc Networks
- MOBILE COMPUTING AND COMMUNICATIONS REVIEW
, 2002
"... For such self-organizing infrastructures as mobile ad hoc
networks , envisioned to operate in an open, collaborative,
and highly volatile environment, the importance of secu-
rity cannot be underrated. The provision of comprehen-
sive secure communication mandates that both route dis-
covery and dat ..."
Abstract
-
Cited by 599 (14 self)
- Add to MetaCart
For such self-organizing infrastructures as mobile ad hoc
networks , envisioned to operate in an open, collaborative,
and highly volatile environment, the importance of secu-
rity cannot be underrated. The provision of comprehen-
sive secure communication mandates that both route dis-
covery and data forwarding be safeguarded. The discussed
here Secure Routing Protocol (SRP) [1] counters malicious
behavior that targets the discovery of topological informa-
tion. The protection of the data transmission is a separate
problem: an intermittently misbehaving attacker could first
comply with the route discovery to make itself part of a
route, and then corrupt the in-transit data. Protection of
data transmission is addressed through our related Secure
Message Transmission Protocol (SMT), which provides a
flexible, end-to-end secure data forwarding scheme that
naturally complement SRP. Here we discuss the design of
SRP only, while SMT is the subject of another publication.
Entity Authentication and Key Distribution
, 1993
"... Entity authentication and key distribution are central cryptographic problems in distributed computing -- but up until now, they have lacked even a meaningful definition. One consequence is that incorrect and inefficient protocols have proliferated. This paper provides the first treatment of these p ..."
Abstract
-
Cited by 578 (13 self)
- Add to MetaCart
Entity authentication and key distribution are central cryptographic problems in distributed computing -- but up until now, they have lacked even a meaningful definition. One consequence is that incorrect and inefficient protocols have proliferated. This paper provides the first treatment of these problems in the complexity-theoretic framework of modern cryptography. Addressed in detail are two problems of the symmetric, two-party setting: mutual authentication and authenticated key exchange. For each we present a definition, protocol, and proof that the protocol meets its goal, assuming the (minimal) assumption of pseudorandom function. When this assumption is appropriately instantiated, the protocols given are practical and efficient.
Authentication in distributed systems: Theory and practice
- ACM Transactions on Computer Systems
, 1992
"... ..."
(Show Context)
Towards an Active Network Architecture
- Computer Communication Review
, 1996
"... Active networks allow their users to inject customized programs into the nodes of the network. An extreme case, in which we are most interested, replaces packets with "capsules" -- program fragments that are executed at each network router/switch they traverse. Active architectures permit ..."
Abstract
-
Cited by 497 (7 self)
- Add to MetaCart
(Show Context)
Active networks allow their users to inject customized programs into the nodes of the network. An extreme case, in which we are most interested, replaces packets with "capsules" -- program fragments that are executed at each network router/switch they traverse. Active architectures permit a massive increase in the sophistication of the computation that is performed within the network. They will enable new applications, especially those based on application-specific multicast, information fusion, and other services that leverage network-based computation and storage. Furthermore, they will accelerate the pace of innovation by decoupling network services from the underlying hardware and allowing new services to be loaded into the infrastructure on demand. In this paper, we describe our vision of an active network architecture, outline our approach to its design, and survey the technologies that can be brought to bear on its implementation. We propose that the research community mount a j...
Non-Malleable Cryptography
- SIAM Journal on Computing
, 2000
"... The notion of non-malleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. ..."
Abstract
-
Cited by 480 (20 self)
- Add to MetaCart
(Show Context)
The notion of non-malleable cryptography, an extension of semantically secure cryptography, is defined. Informally, in the context of encryption the additional requirement is that given the ciphertext it is impossible to generate a different ciphertext so that the respective plaintexts are related. The same concept makes sense in the contexts of string commitment and zero-knowledge proofs of possession of knowledge. Non-malleable schemes for each of these three problems are presented. The schemes do not assume a trusted center; a user need not know anything about the number or identity of other system users. Our cryptosystem is the first proven to be secure against a strong type of chosen ciphertext attack proposed by Rackoff and Simon, in which the attacker knows the ciphertext she wishes to break and can query the decryption oracle on any ciphertext other than the target.
Propagation of Trust and Distrust
, 2004
"... A network of people connected by directed ratings or trust scores, and a model for propagating those trust scores, is a fundamental building block in many of today's most successful e-commerce and recommendation systems. In eBay, such a model of trust has significant influence on the price an i ..."
Abstract
-
Cited by 439 (1 self)
- Add to MetaCart
(Show Context)
A network of people connected by directed ratings or trust scores, and a model for propagating those trust scores, is a fundamental building block in many of today's most successful e-commerce and recommendation systems. In eBay, such a model of trust has significant influence on the price an item may command. In Epinions (epinions.com), conclusions drawn from the web of trust are linked to many behaviors of the system, including decisions on items to which each user is exposed. We develop a framework of trust propagation schemes, each of which may be appropriate in certain circumstances, and evaluate the schemes on a large trust network consisting of 800K trust scores expressed among 130K people. We show that a small number of expressed trusts/distrust per individual allows us to predict reliably trust between any two people in the system with high accuracy: a quadratic increase in actionable information. Our work appears to be the first to incorporate distrust in a computational trust propagation setting.
