Results 1 
8 of
8
Relating two standard notions of secrecy
, 2006
"... Two styles of definitions are usually considered to express that a security protocol preserves the confidentiality of a data s. Reachabilitybased secrecy means that s should never be disclosed while equivalencebased secrecy states that two executions of a protocol with distinct instances for s sho ..."
Abstract

Cited by 19 (0 self)
 Add to MetaCart
(Show Context)
Two styles of definitions are usually considered to express that a security protocol preserves the confidentiality of a data s. Reachabilitybased secrecy means that s should never be disclosed while equivalencebased secrecy states that two executions of a protocol with distinct instances for s should be indistinguishable to an attacker. Although the second formulation ensures a higher level of security and is closer to cryptographic notions of secrecy, decidability results and automatic tools have mainly focused on the first definition so far. This paper initiates a systematic investigation of situations where syntactic secrecy entails strong secrecy. We show that in the passive case, reachabilitybased secrecy actually implies equivalencebased secrecy for signatures, symmetric and asymmetric encryption provided that the primitives are probabilistic. For active adversaries in the case of symmetric encryption, we provide sufficient (and rather tight) conditions on the protocol for this implication to hold.
ContextSensitive Equivalences for NonInterference based Protocol Analysis
 In Proc. of the 14th International Symposium on Fundamentals of Computation Theory, FCT 2003, LNCS 2751
, 2003
"... Abstract. We develop new proof techniques, based on noninterference, for the analysis of safety and liveness properties of cryptographic protocols expressed as terms of the process algebra CryptoSPA. Our approach draws on new notions of behavioral equivalence, built on top of a contextsensitive la ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
(Show Context)
Abstract. We develop new proof techniques, based on noninterference, for the analysis of safety and liveness properties of cryptographic protocols expressed as terms of the process algebra CryptoSPA. Our approach draws on new notions of behavioral equivalence, built on top of a contextsensitive labelled transition system, that allow us to characterize the behavior of a process in the presence of any attacker with a given initial knowledge. We demonstrate the effectiveness of the approach with an example of a protocol of fair exchange. 1
Process Calculi and the Verification of Security Protocols
, 2002
"... Recently there has been much interest towards using formal methods in the analysis of security protocols. Some recent approaches take advantage of concepts and techniques from the field of process calculi. Process calculi can be given a formal yet simple semantics, which permits rigorous definitions ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Recently there has been much interest towards using formal methods in the analysis of security protocols. Some recent approaches take advantage of concepts and techniques from the field of process calculi. Process calculi can be given a formal yet simple semantics, which permits rigorous definitions of such concepts as `attacker', `secrecy' and `authentication'. This feature has led to the development of solid reasoning methods and verification techniques, a few of which we outline in this paper. 1.
Abstract Open bisimulation, revisited
"... In the context of the πcalculus, open bisimulation is prominent and popular due to its congruence properties and its easy implementability. Motivated by the attempt to generalise it to the spicalculus, we offer a new, more refined definition and show in how far it coincides with the original one. ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
In the context of the πcalculus, open bisimulation is prominent and popular due to its congruence properties and its easy implementability. Motivated by the attempt to generalise it to the spicalculus, we offer a new, more refined definition and show in how far it coincides with the original one. Key words: πcalculus, spicalculus, open bisimulation 1
NonInterference Proof Techniques for the Analysis of Cryptographic Protocols
 In Proceedings of 2003 IFIP WG 1.7, ACM SIGPLAN and GI FoMSESS Workshop on Issues in the Theory of Security (WITS'03), April 5  6
, 2003
"... Noninterference has been advocated by various authors as a uniform framework for the formal specification of security properties in cryptographic protocols. Unfortunately, specifications based on noninterference are often noneffective, as they require protocol analyses in the presence of all poss ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Noninterference has been advocated by various authors as a uniform framework for the formal specification of security properties in cryptographic protocols. Unfortunately, specifications based on noninterference are often noneffective, as they require protocol analyses in the presence of all possible intruders. This paper develops new characterizations of noninterference that rely on a finitary representation of intruders. These characterizations draw on equivalence relations built on top of labelled transition systems in which the presence of intruders is accounted for, indirectly, in terms of their (the intruders’) knowledge of the protocols ’ initial data. The new characterizations apply uniformly to trace and bisimulation noninterference, yielding proof techniques for the analysis of various security properties. We demonstrate the effectiveness of such techniques in the analysis of different properties of a fair exchange protocol. 1
ComponentOriented Verification of Noninterference
"... Componentbased software engineering often relies on libraries of trusted components that are combined to build dependable and secure software systems. Resource dependences, constraint conflicts, and information flow interferences arising from component combination that may violate security requir ..."
Abstract
 Add to MetaCart
(Show Context)
Componentbased software engineering often relies on libraries of trusted components that are combined to build dependable and secure software systems. Resource dependences, constraint conflicts, and information flow interferences arising from component combination that may violate security requirements can be revealed by means of the noninterference approach to information flow analysis. However, the security of large componentbased systems may be hard to assess in an efficient and systematic way. In this paper, we propose a componentoriented formulation of noninterference that enables compositional security verification driven by system topology. This is realized by implementing scalable noninterference checks in the formal framework of a process algebraic architectural description language equipped with equivalence checking techniques. Key words: componentbased software systems, noninterference analysis, architectural description languages, process algebra, equivalence checking. 1.
Under consideration for publication in Math. Struct. in Comp. Science On Bisimulations for the Spi Calculus †
, 2004
"... The spi calculus is an extension of the pi calculus with cryptographic primitives, designed for the verification of cryptographic protocols. Due to the extension, the naive adaptation of labeled bisimulations for the pi calculus is too strong to be useful for the purpose of verification. Instead, as ..."
Abstract
 Add to MetaCart
(Show Context)
The spi calculus is an extension of the pi calculus with cryptographic primitives, designed for the verification of cryptographic protocols. Due to the extension, the naive adaptation of labeled bisimulations for the pi calculus is too strong to be useful for the purpose of verification. Instead, as a viable alternative, several “environmentsensitive” bisimulations have been proposed. In this paper we formally study the differences between these bisimulations. 1.