An Anti-Counterfeiting RFID Privacy Protection Protocol

The privacy problem of many RFID systems has been extensively studied. Yet integrity in RFID has not received much attention as regular computer systems. When we evaluate an identification protocol for an RFID system for anti-counterfeiting, it is important to consider integrity issues. Moreover, many RFID systems are accessed by multiple level trust parties, which makes comprehensive integrity protection even harder. In this paper, we first propose an integrity model for RFID protocols. Then we use the model to analyze the integrity problems in Squealing Euros protocol. Squealing Euros was proposed by Juels and Pappu for RFID enabled banknotes that will support anti-forgery and lawful tracing yet preserve individual＇s privacy. We analyze its integrity, we then discuss the problems that arise and propose some solutions to these problems. Then an improved protocol with integrity protection for the law enforcement is constructed, which includes an unforgeable binding between the banknote serial number and the RF ciphertext only readable to law enforcement. This same protocol can be applied in many other applications which require a privacy protecting anti-counterfeiting mechanism.     

Bayesian mechanism for rational secret sharing scheme

We consider the cooperation of rational parties in secret sharing. We present a new methodology for rational secret sharing both in two-party and multi-party settings based on Bayesian game. Our approach can resolve the impossible solutions to a rational secret sharing model. First, we analyze the 2-out-of-2 rational secret sharing using Bayesian game, which makes us able to consider different classes of the protocol player(for“good” and “bad” players) and model attributes such as any other parties’ preferences and beliefs that may affect the outcome of the game. Thus, the new model makes us able to reason rational secret sharing from the perspective of Bayesian rationality, a notion that may be in some scenarios more appropriate than that defined as per pure rational. According to these analyses, we propose a Bayesian rational protocol of 2-out-of-2 secret sharing. Also, our techniques can be extended to the case of t-out-of-n Bayesian rational secret sharing easily.Our protocol is adopted only by the parties in their decision-making according to beliefs and Bayes rule, without requiring simultaneous channels and can be run over asynchronous networks.     

Model Checking Data Consistency for Cache Coherence Protocols

A method for automatic verification of cache coherence protocols is presented, in which cache coherence protocols are modeled as concurrent value-passing processes, and control and data consistency requirement are described as formulas in first-orderμ-calculus. A model checker is employed to check if the protocol under investigation satisfies the required properties. Using this method a data consistency error has been revealed in a well-known cache coherence protocol. The error has been corrected, and the revised protocol has been shown free from data consistency error for any data domain size, by appealing to data independence technique.     

Synthesizing Distributed Protocol Specifications from a UML State Machine Modeled Service Specification

The object-oriented paradigm is widely applied in designing and implementing communication systems.Unified Modeling Language(UML) is a standard language used to model the design of object-oriented systems.A protocol state machine is a UML adopted diagram that is widely used in designing communication protocols.It has two key attractive advantages over traditional finite state machines:modeling concurrency and modeling nested hierarchical states.In a distributed communication system,each entity of the system has its own protocol that defines when and how the entity exchanges messages with other communicating entities in the system.The order of the exchanged messages must conform to the overall service specifications of the system.In object-oriented systems,both the service and the protocol specifications are modeled in UML protocol state machines.Protocol specification synthesis methods have to be applied to automatically derive the protocol specification from the service specification.Otherwise,a time-consuming process of design,analysis,and error detection and correction has to be applied iteratively until the design of the protocol becomes error-free and consistent with the service specification.Several synthesis methods are proposed in the literature for models other than UML protocol state machines,and therefore,because of the unique features of the protocol state machines,these methods are inapplicable to services modeled in UML protocol state machines.In this paper,we propose a synthesis method that automatically synthesizes the protocol specification of distributed protocol entities from the service specification,given that both types of specifications are modeled in UML protocol state machines.Our method is based on the latest UML version(UML2.3),and it is proven to synthesize protocol specifications that are syntactically and semantically correct.As an example application,the synthesis method is used to derive the protocol specification of the H.323 standard used in Internet calls.     

Verification of Authentication Protocols for Epistemic Goals via SAT Compilation

This paper introduces a new methodology for epistemic logic, to analyze communication protocols that uses knowledge structures, a specific form of Kripke semantics over hostile networks. The paper particularly focuses on automatic verification of authentication protocols. Our approach is based on the actual definitions of a protocol, not on some difficultto-establish justifications. The proposed methodology is different from many previous approaches to automatic verification of security protocols in that it is justification-oriented instead of falsification-oriented, i.e., finding bugs in a protocol. The main idea is based on observations： separating a principal executing a run of protocol from the role in the protocol, and inferring a principal＇s knowledge from the local observations of the principal. And we show analytically and empirically that this model can be easily reduced to Satisfiability （SAT） problem and efficiently implemented by a modern SAT solver.     

A Secure Scalar Product Protocol Against Malicious Adversaries

A secure scalar product protocol is a type of specific secure multi-party computation problem.Using this kind of protocol,two involved parties are able to jointly compute the scalar product of their private vectors,but no party will reveal any information about his/her private vector to another one.The secure scalar product protocol is of great importance in many privacy-preserving applications such as privacy-preserving data mining,privacy-preserving cooperative statistical analysis,and privacy-preserving geometry computation.In this paper,we give an efficient and secure scalar product protocol in the presence of malicious adversaries based on two important tools:the proof of knowledge of a discrete logarithm and the verifiable encryption.The security of the new protocol is proved under the standard simulation-based definitions.Compared with the existing schemes,our scheme offers higher efficiency because of avoiding inefficient cut-and-choose proofs.     

Authenticating tripartite key agreement protocol with pairings

In this paper, an authenticated tripartite key agreement protocol is proposed, which is an ID-based one with pairings. This protocol involves only one round. The authenticity of the protocol is assured by a special signature scheme, so that messages carrying the information of two ephemeral keys can be broadcasted authentically by an entity. Consequently, one instance of the protocol results in eight session keys for three entities. In other word, one instance of the protocol generates a session key, which is eight times longer than those obtained from traditional key agreement protocols. Security attributes of the protocol are presented, and the computational overhead and bandwidth of the broadcast messages are analyzed as well.     

中英文对照

Electronic Commerce, also known as e-commerce, is the buying and selling of goods over the Internet. Have youever bought anything over the Internet? If you have not,there is a very good chance that you will within the next yearor two Shopping on the Internet is growing rapidly and thereseems to be no end in sight. Just like any other type of commerce, electroniccommerce involves two parties, businesses and consumersThere are three basic types of electronic commerce……     

Attacking Fair-Exchange Protocols: Parallel Models vs. Trace Models

Most approaches to formal protocol verification rely on an operational model based on traces of atomic actions. Modulo CSP, CCS, state-exploration, Higher Order Logic or strand spaces frills, authentication or secrecy are analyzed by looking at the existence or the absence of traces with a suitable property.We introduced an alternative operational approach based on parallel actions and an explicit representation of time. Our approach consists in specifying protocols within a logic language ( AL _SP), and associating the existence of an attack to the protocol with the existence of a model for the specifications of both the protocol and the attack.In this paper we show that, for a large class of protocols such as authentication and key exchange protocols, modeling in AL _SP is equivalent - as far as authentication and secrecy attacks are considered - to modeling in trace based models.We then consider fair exchange protocols introduced by N. Asokan et al. showing that parallel attacks may lead the trusted third party of the protocol into an inconsistent state. We show that the trace based model does not allow for the representation of this kind of attacks, whereas our approach can represent them.     

乐观公平交换协议的可追究性分析

可追究性是安全电子商务协议必须遵循的重要原则之一,乐观公平交换协议是一类重要的电子商务协议。目前没有针对乐观公平交换协议的可追究性进行形式化分析的具体方法。文章提出了一种分析乐观公平交换协议可追究性的形式化方法,该方法不再单独定义非否认证据,只是研究协议的目标设计是否能提供实现可追究性的证据,将可追究性证明与公平性等其它安全性质的证明分开讨论,这样不论协议是否满足其它安全性质,都可以讨论协议是否满足可追究性。     

电子商务协议的串空间分析

电子商务协议常常具有复杂结构,协议可能由多个子协议组合而成.因此,电子商务协议的安全分析较认证协议更为复杂.传统的信念逻辑不适宜分析电子商务协议.Kailar逻辑适宜分析电子商务协议的可追究性,但不适宜分析协议的公平性.本文介绍并扩展了串空间逻辑,分析了ISI支付协议的串,并证明其不满足公平性.还提出一种新的串节点路径法,用以分析了ASW协议,该协议系由多个子协议组成的分支结构协议,通过串空间分析证明了该协议的公平性.通过对两个协议的分析,分别提供了对电子商务在线交易协议和离线交易协议的形式化分析方法.     

利用代理签名构造基于身份的优化公平交换协议

为公平交换协议引入了一个自然的范例--基于身份的部分代理签名,给出其形式化的安全模型,同时提出了一个高效可证安全的部分代理签名方案.这是一个完全基于身份的优化公平交换协议.与以前协议不同的是,该方案没有使用任何零知识证明,有效地避免了大量计算.     

普适计算中的跨域认证与密钥建立协议

当服务使用者与提供者位于不同注册域时需要跨域认证,认证成功的实体需要建立一个会话密钥保证后续通信安全。针对该问题,提出一种跨域认证与密钥建立协议,借助各实体的注册服务器完成双向认证,结合签密法建立新的会话密钥。经典SVO逻辑证明,该协议能保证密钥的公平性和隐密性,且能抵抗各种安全攻击。     

安全认证中的协议组合推导系统

针对现有安全认证协议中存在无数学模型、层次结构不清晰、适用范围窄的问题,提出协议组合推导系统。将安全协议按安全目标分为3个层次,第1层是密钥交换与身份认证属性的实现,第2层是效率提升与预防拒绝服务攻击的实现,第3层是安全协议的形式化理论分析与自动化测试工具验证安全协议的安全属性。仿真结果表明,该系统可实现安全协议的形式化设计,并可根据需要予以扩充。     

两个三方口令密钥交换协议的安全性分析

首先对两个基于验证元的三方口令密钥交换协议进行了安全性分析,指出它们都是不安全的。其中,LZC协议不能抵抗服务器泄露攻击、未知密钥共享攻击、内部人攻击和不可发现字典攻击;LWZ协议不能抵抗未知密钥攻击、内部人攻击和重放攻击。对LWZ协议进行了改进,以弥补原LWZ协议的安全漏洞。最后,在DDH假设下,给出了改进协议(NLWZ协议)的安全性证明。与已有协议相比,NLWZ协议降低了计算和通信开销,其潜在的实用性更强。     

基于RSA签名的优化公平交换协议

公平性是电子商务协议的基本安全要求.RSA是应用最为广泛的公钥密码体制之一.公平交换协议可以使得参与交换的双方以公平的方式交换信息,这样,要么任何一方都可以得到对方的信息,要么双方都得不到对方的信息.分析了现有的公平交换协议构造方法、体系结构及其在实用性和效率方面存在的问题.在此基础上,利用精心构造的扩环中可公开验证的、加密的RSA签名,提出了一种完全基于RSA签名方案的优化公平交换协议,并对其安全性和效率进行了证明和分析.分析表明,提出的方案是简洁、高效、安全的.     

离线公平交换协议的子协议分析

离线公平交换协议的子协议对其公平性至关重要。使用串空间方法分析2个重要的离线公平交换协议的子协议对协议公平性的影响,发现保持子协议运行的互斥和结果的同步是离线公平交换协议公平性的重要保证。根据该发现,针对协议中存在的问题,给出协议的改进方案,提出设计两方和多方离线公平交换协议的建议。