Results

**11 - 17**of**17**### Quantitative Analysis of a Probabilistic Non-Repudiation Protocol through Model Checking

"... Abstract. In the probabilistic non-repudiation protocol without a trusted third party as presented in [5], the recipient of a service can cheat the originator of the service with some probability. This probability indicates the degree of fairness of the protocol and is referred as ɛ-fairness. In thi ..."

Abstract
- Add to MetaCart

(Show Context)
Abstract. In the probabilistic non-repudiation protocol without a trusted third party as presented in [5], the recipient of a service can cheat the originator of the service with some probability. This probability indicates the degree of fairness of the protocol and is referred as ɛ-fairness. In this paper, we analyze the protocol quantitatively through probabilistic model checking. The ɛ-fairness is quantitatively measured by modeling the protocol in PRISM model checker and verifying appropriate property specified in PCTL. Moreover, our analysis gives proper insight to choose proper values for different parameters associated with the protocol in such a way that certain degree of fairness can be achieved and therefore answers the reverse question, given the degree of fairness ɛ, how should one choose the protocol parameters to ensure fairness. 1

### ROSSIGNOL Projet ACI Sécurité Informatique: 2003-2006 Rapport d’Activité Final

"... The Rossignol project aims at investigating issues involved in the verification of cryptographic protocols. The focus has been put on research directions that go beyond the classical approach devised for far, known as the Dolev-Yao model, which has been extensively studied in the last years. The con ..."

Abstract
- Add to MetaCart

(Show Context)
The Rossignol project aims at investigating issues involved in the verification of cryptographic protocols. The focus has been put on research directions that go beyond the classical approach devised for far, known as the Dolev-Yao model, which has been extensively studied in the last years. The contributions of the project cover the following topics: – Extensions of the Dolev-Yao model that retains the basics of this formalization, but modify the model of the insecure environment (which we refer below as the intruder capabilities) to reflect more closely the real world. This can be done by adding or modifying axioms that express the properties of the operations used by the protocols or to express weak secret that can be broken by guessing attacks. – To deal with other security properties than secrecy or authentication, like anonymity or opacity that are used for instance in e-voting protocols. – Models of probabilistic protocols in a variant of π-calculus and testing the model against real protocols. To devise sound and convincing models for this class of

### Under consideration for publication in Formal Aspects of Computing Parametric Probabilistic Transition Systems for System Design and Analysis 1

"... Abstract. We develop a model of Parametric Probabilistic Transition Systems, where probabilities associated with transitions may be parameters. We show how to find instances of the parameters that satisfy a given property and instances that either maximize or minimize the probability of reaching a c ..."

Abstract
- Add to MetaCart

Abstract. We develop a model of Parametric Probabilistic Transition Systems, where probabilities associated with transitions may be parameters. We show how to find instances of the parameters that satisfy a given property and instances that either maximize or minimize the probability of reaching a certain state. As an application, we model a probabilistic non–repudiation protocol with a Parametric Probabilistic Transition System. The theory we develop allows us to find instances that maximize the probability that the protocol ends in a fair state (no participant has an advantage over the others).

### A Framework for Analyzing Probabilistic

, 2007

"... HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte p ..."

Abstract
- Add to MetaCart

(Show Context)
HAL is a multi-disciplinary open access archive for the deposit and dissemination of sci-entific research documents, whether they are pub-lished or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L’archive ouverte pluridisciplinaire HAL, est destinée au dépôt et a ̀ la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d’enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

### Analysis of Probabilistic Contract Signing*

"... Abstract We present three case studies, investigating the use of probabilistic model checking to automatically analyse properties of probabilistic contract signing protocols. We use the probabilistic model checker PRISM to analyse three protocols: Rabin's probabilistic protocol for fair commitm ..."

Abstract
- Add to MetaCart

(Show Context)
Abstract We present three case studies, investigating the use of probabilistic model checking to automatically analyse properties of probabilistic contract signing protocols. We use the probabilistic model checker PRISM to analyse three protocols: Rabin's probabilistic protocol for fair commitment exchange; the probabilistic contract signing protocol of Ben-Or, Goldreich, Micali, and Rivest; and a randomised protocol for signing contracts of Even, Goldreich, and Lempel. These case studies illustrate the general methodology for applying probabilistic model checking to formal verification of probabilistic security protocols. For the Ben-Or et al. protocol, we demonstrate the difficulty of combining fairness with timeliness. If, as required by timeliness, the judge responds to participants ' messages immediately upon receiving them, then there exists a strategy for a misbehaving participant that brings the protocol to an unfair state with arbitrarily high probability, unless unusually strong assumptions are made about the quality of the communication channels between the judge and honest participants. We quantify the tradeoffs involved in the attack strategy, and discuss possible modifications of the protocol that ensure both fairness and timeliness. For the Even et al. protocol, we demonstrate that the responder enjoys a distinct advantage. With probability 1, the protocol reaches a state in which the responder possesses the initiator's commitment, but the initiator does not possess the responder's commitment. We then analyse several variants of the protocol, exploring the tradeoff between fairness and the number of messages that must be exchanged between participants.

### A Framework for Analyzing Probabilistic Protocols and its Application to the Partial Secrets Exchange ⋆

"... ..."

(Show Context)
### A Calculus for Non Repudiation Protocols

"... We describe a calculus that is specific to non-repudiation protocols. The calculus uses the correspondence assertion of Woo and Lam, that is, if there is a non-repudiation of receipt there should be a corresponding non-repudiation of origin. The main contribution of this work lies in the way we mode ..."

Abstract
- Add to MetaCart

(Show Context)
We describe a calculus that is specific to non-repudiation protocols. The calculus uses the correspondence assertion of Woo and Lam, that is, if there is a non-repudiation of receipt there should be a corresponding non-repudiation of origin. The main contribution of this work lies in the way we model input and output and hence captures non-repudiation properties. The calculus is a subset of the Pi calculus. The basic constructs are modified in order to handle properties of non-repudiation. We offer a formal syntax and an operational semantics of the calculus. We show the usefulness of the calculus by describing Zhou optimistic protocol.