Results 1  10
of
44
Secrecy by Typing in Security Protocols
 Journal of the ACM
, 1998
"... We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle concurrent processes that use sharedkey cryptography. The rules have the form of typing rules for a basic co ..."
Abstract

Cited by 256 (15 self)
 Add to MetaCart
We develop principles and rules for achieving secrecy properties in security protocols. Our approach is based on traditional classification techniques, and extends those techniques to handle concurrent processes that use sharedkey cryptography. The rules have the form of typing rules for a basic concurrent language with cryptographic primitives, the spi calculus. They guarantee that, if a protocol typechecks, then it does not leak its secret inputs.
A Bisimulation Method for Cryptographic Protocols
, 1998
"... We introduce a definition of bisimulation for cryptographic protocols. The definition includes a simple and precise model of the knowledge of the environment with which a protocol interacts. Bisimulation is the basis of an effective proof technique, which yields proofs of classical security properti ..."
Abstract

Cited by 85 (5 self)
 Add to MetaCart
We introduce a definition of bisimulation for cryptographic protocols. The definition includes a simple and precise model of the knowledge of the environment with which a protocol interacts. Bisimulation is the basis of an effective proof technique, which yields proofs of classical security properties of protocols and also justifies certain protocol optimizations. The setting for our work is the spi calculus, an extension of the pi calculus with cryptographic primitives. We prove the soundness of the bisimulation proof technique within the spi calculus.
Opacity generalised to transition systems
 in &quot;Revised Selected Papers of the 3rd International Workshop on Formal Aspects in Security and Trust (FAST’05), Newcastle upon
, 2005
"... Abstract. Recently, opacity has proved to be a promising technique for describing security properties. Much of the work has been couched in terms of Petri nets. Here, we extend the notion of opacity to the model of labelled transition systems and generalise opacity in order to better represent conce ..."
Abstract

Cited by 41 (5 self)
 Add to MetaCart
Abstract. Recently, opacity has proved to be a promising technique for describing security properties. Much of the work has been couched in terms of Petri nets. Here, we extend the notion of opacity to the model of labelled transition systems and generalise opacity in order to better represent concepts from the work on information flow. In particular, we establish links between opacity and the information flow concepts of anonymity and noninterference such as noninference. We also investigate ways of verifying opacity when working with Petri nets. Our work is illustrated by an example modelling requirements upon a simple voting system.
Security Protocols and their Properties
 Foundations of Secure Computation, NATO Science Series
, 2000
"... Specifications for security protocols range from informal narrations of message flows to formal assertions of protocol properties. This paper discusses those specifications, emphasizing authenticity and secrecy properties. It also suggests some gaps and some opportunities for further work. Some of t ..."
Abstract

Cited by 41 (4 self)
 Add to MetaCart
Specifications for security protocols range from informal narrations of message flows to formal assertions of protocol properties. This paper discusses those specifications, emphasizing authenticity and secrecy properties. It also suggests some gaps and some opportunities for further work. Some of them pertain to the traditional core of the field; others appear when we examine the context in which protocols operate.
Static validation of security protocols
 Journal of Computer Security
, 2005
"... We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suf ..."
Abstract

Cited by 38 (14 self)
 Add to MetaCart
We methodically expand protocol narrations into terms of a process algebra in order to specify some of the checks that need to be made in a protocol. We then apply static analysis technology to develop an automatic validation procedure for protocols. Finally, we demonstrate that these techniques suffice to identify several authentication flaws in symmetric and asymmetric key protocols such as NeedhamSchroeder symmetric key, OtwayRees, Yahalom, Andrew Secure RPC, NeedhamSchroeder asymmetric key, and BellerChangYacobi MSR.
Information flow analysis in a discretetime process algebra
 in Proc. IEEE Computer Security Foundations Workshop
, 2000
"... ..."
Analysis of security protocols as open systems
 Theoretical Computer Science
, 2003
"... We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represe ..."
Abstract

Cited by 27 (13 self)
 Add to MetaCart
We propose a methodology for the formal analysis of security protocols. This originates from the observation that the verification of security protocols can be conveniently treated as the verification of open systems, i.e. systems which may have unspecified components. These might be used to represent a hostile environment wherein the protocol runs and whose behavior cannot be predicted a priori. We define a language for the description of security protocols, namely CryptoCCS, and a logical language for expressing their properties. We provide an effective verification method for security protocols which is based on a suitable extension of partial model checking. Indeed, we obtain a decidability result for the secrecy analysis of protocols with a finite number of sessions, bounded message size and new nonce generation.
Weak Bisimulation for Probabilistic Timed Automata
 PROC. OF SEFM’03, IEEE CS
, 2003
"... We are interested in describing timed systems that exhibit probabilistic behaviour. To this purpose, we consider a model of Probabilistic Timed Automata and introduce a concept of weak bisimulation for these automata, together with an algorithm to decide it. The weak bisimulation relation is shown t ..."
Abstract

Cited by 17 (6 self)
 Add to MetaCart
We are interested in describing timed systems that exhibit probabilistic behaviour. To this purpose, we consider a model of Probabilistic Timed Automata and introduce a concept of weak bisimulation for these automata, together with an algorithm to decide it. The weak bisimulation relation is shown to be preserved when either time, or probability are abstracted away. As an application, we use weak bisimulation for Probabilistic Timed Automata to model and analyze a timing attack on the dining cryptographers protocol.
Security Analysis of a Probabilistic Nonrepudiation Protocol
 Proc. of PAPMPROBMIV ’02, LNCS 2399
, 2002
"... Abstract. Noninterference is a definition of security introduced for the analysis of confidential information flow in computer systems. In this paper, a probabilistic notion of noninterference is used to reveal information leakage which derives from the probabilistic behavior of systems. In partic ..."
Abstract

Cited by 13 (3 self)
 Add to MetaCart
Abstract. Noninterference is a definition of security introduced for the analysis of confidential information flow in computer systems. In this paper, a probabilistic notion of noninterference is used to reveal information leakage which derives from the probabilistic behavior of systems. In particular, as a case study, we model and analyze a nonrepudiation protocol which employs a probabilistic algorithm to achieve a fairness property. The analysis, conducted by resorting to a definition of probabilistic noninterference in the context of process algebras, confirms that a solely nondeterministic approach to the information flow theory is not enough to study the security guarantees of cryptographic protocols. 1
A comparison of semantic models for noninterference
 In Proc. Workshop on Formal Aspects of Security and Trust
, 2006
"... Abstract. The literature on definitions of security based on causalitylike notions such as noninterference has used several distinct semantic models for systems. Early work was based on statemachine and traceset definitions; more recent work has dealt with definitions of security in two distinct pr ..."
Abstract

Cited by 8 (7 self)
 Add to MetaCart
Abstract. The literature on definitions of security based on causalitylike notions such as noninterference has used several distinct semantic models for systems. Early work was based on statemachine and traceset definitions; more recent work has dealt with definitions of security in two distinct process algebraic settings. Comparisons between the definitions has been carried out mainly within semantic frameworks. This paper studies the relationship between semantic frameworks, by defining mappings between a number of semantic models and studying the relationship between notions of noninterference under these mappings. 1