Results 1 
7 of
7
Proving Group Protocols Secure Against Eavesdroppers
, 2008
"... Security protocols are small programs designed to ensure properties such as secrecy of messages or authentication of parties in a hostile environment. In this paper we investigate automated verification of a particular type of security protocols, called group protocols, in the presence of an eavesdr ..."
Abstract

Cited by 5 (0 self)
 Add to MetaCart
(Show Context)
Security protocols are small programs designed to ensure properties such as secrecy of messages or authentication of parties in a hostile environment. In this paper we investigate automated verification of a particular type of security protocols, called group protocols, in the presence of an eavesdropper, i.e., a passive attacker. The specificity of group protocols is that the number of participants is not bounded. Our approach consists in representing an infinite set of messages exchanged during an unbounded number of sessions, one session for each possible number of participants, as well as the infinite set of associated secrets. We use socalled visibly tree automata with memory and structural constraints (introduced recently by ComonLundh et al.) to represent overapproximations of these two sets. We identify restrictions on the specification of protocols which allow us to reduce the attacker capabilities guaranteeing that the above mentioned class of automata is closed under the application of the remaining attacker rules. The class of protocols respecting these restrictions is large enough to cover several existing protocols, such as the GDH family, GKE, and others.
Rank Functions Based Inference System for Group Key Management Protocols Verification
, 2007
"... Design and verification of cryptographic protocols has been under investigation for quite sometime. However, most of the attention has been paid for two parties protocols. In group key management and distribution protocols, keys are computed dynamically through cooperation of all protocol participan ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
(Show Context)
Design and verification of cryptographic protocols has been under investigation for quite sometime. However, most of the attention has been paid for two parties protocols. In group key management and distribution protocols, keys are computed dynamically through cooperation of all protocol participants. Therefore regular approaches for two parties protocols verification cannot be applied on group key protocols. In this paper, we present a framework for formally verifying of group key management and distribution protocols based on the concept of rank functions. We define a class of rank functions that satisfy specific requirements and prove the soundness of these rank functions. Based on the set of sound rank functions, we provide a sound and complete inference system to detect attacks in group key management protocols. The inference system provides an elegant and natural proof strategy for such protocols compared to existing approaches. The above formalizations and rank theorems were implemented using the Prototype Verification System (PVS) theorem prover. We illustrate our approach by applying the inference system on a generic DiffieHellman group protocol and prove it in PVS.
Impossibility results for secret establishment
 In Proceedings of the 23rd IEEE Computer Security Foundations Symposium, CSF 2010
, 2010
"... Abstract—Security protocol design is a creative discipline where the solution space depends on the problem to be solved and the cryptographic operators available. In this paper, we examine the general question of when two agents can create a shared secret. Namely, given an equational theory describi ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract—Security protocol design is a creative discipline where the solution space depends on the problem to be solved and the cryptographic operators available. In this paper, we examine the general question of when two agents can create a shared secret. Namely, given an equational theory describing the cryptographic operators available, is there a protocol that allows the agents to establish a shared secret? We examine this question in several settings. First, we provide necessary and sufficient conditions for secret establishment using subterm convergent theories. This directly yields a decision procedure for this problem. As a consequence, we obtain impossibility results for symmetric encryption and signature schemes. Second, we use algebraic methods to prove impossibility results for two important theories that are not subterm convergent: XOR and abelian groups. Finally, we develop a general combination result that enables modular impossibility proofs. For example, the results for symmetric encryption and XOR can be combined to obtain impossibility for the joint theory. I.
Decidability for Lightweight DiffieHellman Protocols
"... Abstract—Many protocols use DiffieHellman key agreement, combined with certified longterm values or digital signatures for authentication. These protocols aim at security goals such as key secrecy, forward secrecy, resistance to key compromise attacks, and various flavors of authentication. Howeve ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
(Show Context)
Abstract—Many protocols use DiffieHellman key agreement, combined with certified longterm values or digital signatures for authentication. These protocols aim at security goals such as key secrecy, forward secrecy, resistance to key compromise attacks, and various flavors of authentication. However, these protocols are challenging to analyze, both in computational and symbolic models. An obstacle in the symbolic model is the undecidability of unification in many theories in the signature of rings. In this paper, we develop an algebraic version of the symbolic approach, working directly within finite fields, the natural structures for the protocols. The adversary, in giving an attack on a protocol goal in a finite field, may rely on any identity in that field. He defeats the protocol if there are attacks in infinitely many finite fields. We prove that, even for this strong adversary, security goals for a wide class of protocols are decidable. I.
Transport Layer Security Protocol for Intranet
"... Key management is the hardest part of cryptography. Designing secure cryptographic algorithms and protocols isn’t easy. As the Intranet becomes popular, it is important to consider the system security. This is because the data flowing through the network is susceptible to be intercepted and modified ..."
Abstract
 Add to MetaCart
(Show Context)
Key management is the hardest part of cryptography. Designing secure cryptographic algorithms and protocols isn’t easy. As the Intranet becomes popular, it is important to consider the system security. This is because the data flowing through the network is susceptible to be intercepted and modified by a cracker or hacker. So, how to protect personal privacy and preserve a safe online commerce? These are challenges for security protocols. In this paper, a protocol has been developed that depends on the Elliptic key cryptosystem to provide a robust mechanism for key exchange. Also the confidentiality is provided using AES and RC4 with random selection. To satisfy message integrity, SHA1 technique is considered.
On the (Im)possibility of Perennial Message Recognition Protocols without PublicKey Cryptography
, 2011
"... A message recognition protocol (MRP) aims to exchange authenticated information in an insecure channel. During the initialization session of the protocol, the parties exchange some authenticated information which the adversary can passively observe. Then, one party wants to send authenticated messag ..."
Abstract
 Add to MetaCart
A message recognition protocol (MRP) aims to exchange authenticated information in an insecure channel. During the initialization session of the protocol, the parties exchange some authenticated information which the adversary can passively observe. Then, one party wants to send authenticated messages to the other party over an insecure channel. Such security requirements are often found in wireless sensor networks. A perennial MRP is one that is able to recover from the adversarial interference, no matter how long the adversary has been active before it stops. MRPs based on hash chains are not perennial because after fixing the length of the hash chain in the initialization phase, authentic communication is not possible if the adversary interferes until all elements of the hash chain have been consumed. Perennial MRPs can be trivially built from publickey primitives. In this paper we present very strong evidence that they cannot be constructed from “cheap ” primitives. Namely, we show in the symbolic model of cryptography, perennial MRPs cannot be built using just hash functions and XORing. The result also covers other symmetric primitives, e.g. encryption. The result explains why all previous attempts to construct perennial MRPs from those primitives have failed. The result also has interesting implications regarding authentication protocols in general, and the gap between formal and computational models of cryptography.
Theorem Proving based Framework for Verification of Group Key Protocols
"... Abstract. The correctness of group key protocols in communication systems remains a great challenge because of dynamic characteristics of group key construction as we deal with open number of group members. In this paper, we present a combination of three different theoremproving methods to verify ..."
Abstract
 Add to MetaCart
(Show Context)
Abstract. The correctness of group key protocols in communication systems remains a great challenge because of dynamic characteristics of group key construction as we deal with open number of group members. In this paper, we present a combination of three different theoremproving methods to verify security properties for group oriented protocols. In the first method, rank theorems for forward properties are established based on a set of generic formal specification requirements for group key management and distribution protocols. Rank theorems imply the validity of the security property to be proved, and are deduced from a set of rank functions we define over the protocol. In the second, we provide a sound and complete inference system to detect attacks in group key management protocols. The inference system provides an elegant and natural proof strategy for such protocols compared to existing approaches. Finally, in the third method, we use an eventB firstorder proving system to provide invariant checking for group key secrecy property. In our framework, we applied each method on a different group protocol from the literature illustrating the features of each method. 1