共查询到20条相似文献,搜索用时 0 毫秒
1.
Cryptographic protocols can be divided into (1) protocols where the protocol steps are simple from a computational point of view and can thus be modeled by simple means, for instance, by single rewrite rules—we call these protocols non-looping—and (2) protocols, such as group protocols, where the protocol steps are complex and typically involve an iterative or recursive computation—we call them recursive. While much is known on the decidability of security for non-looping protocols, only little is known for recursive protocols. In this paper, we prove decidability of security (with respect to the standard Dolev–Yao intruder) for a core class of recursive protocols and undecidability for several extensions. The key ingredient of our protocol model is specifically designed tree transducers which work over infinite signatures and have the ability to generate new constants (which allow us to mimic key generation). The decidability result is based on an automata-theoretic construction which involves a new notion of regularity, designed to work well with the infinite signatures we use. 相似文献
2.
Algebra model and security analysis for cryptographic protocols 总被引:5,自引:0,他引:5
HUAI Jinpeng & LI Xianxian School of Computer Beijing University of Aeronautics Astronautics Beijing China Correspondence should be addressed to Huai Jinpeng 《中国科学F辑(英文版)》2004,47(2):199-220
With the rapid growth of the Internet and the World Wide Web a large number of cryptographic protocols have been deployed in distributed systems for various application requirements, and security problems of distributed systems have become very important issues. There are some natural problems: does the protocol have the right properties as dictated by the requirements of the system? Is it still secure that multiple secure cryptographic protocols are concurrently executed? How shall we analy… 相似文献
3.
Oded Goldreich 《Distributed Computing》2003,16(2-3):177-199
We survey the paradigms, approaches and techniques used to conceptualize, define and provide solutions to natural cryptographic problems. We start by presenting some of the central tools (e.g., computational difficulty, pseudorandomness, and zero-knowledge proofs), and next turn to the treatment of encryption and signature schemes. We conclude with an extensive treatment of secure cryptographic protocols both when executed in a stand-alone manner and when many sessions of various protocols are concurrently executed and controlled by an adversary. The survey is intended for researchers in distributed computing, and assumes no prior familiarity with cryptography.Received: June 2001, Accepted: July 2002, 相似文献
4.
5.
We model security protocols as games using concepts of game semantics. Using this model we ascribe semantics to protocols
written in the standard simple arrow notation. According to the semantics, a protocol is interpreted as a set of strategies
over a game tree that represents the type of the protocol. The model uses abstract computation functions and message frames
in order to model internal computations and knowledge of agents and the intruder. Moreover, in order to specify properties
of the model, a logic that deals with games and strategies is developed. A tableau-based proof system is given for the logic,
which can serve as a basis for a model checking algorithm. This approach allows us to model a wide range of security protocol
types and verify different properties instead of using a variety of methods as is currently the practice. Furthermore, the
analyzed protocols are specified using only the simple arrow notation heavily used by protocol designers and by practitioners. 相似文献
6.
基于Abadi-Rowgaway的形式化加密的计算合理性定理,提出和证明了密码协议形式化分析的计算合理性定理。通过对群密钥分配协议安全性的分析,说明定理对协议的可选择攻击具有较强的分析能力,提出了群密钥分配协议的形式化方法与计算方法下安全性的形式化定义,并证明了其合理性。 相似文献
7.
We present principles for designing cryptographic protocols. The principles are neither necessary nor sufficient for correctness. They are however helpful, in that adherence to them would have prevented a number of published errors. Our principles are informal guidelines; they complement formal methods, but do not assume them. In order to demonstrate the actual applicability of these guidelines, we discuss some instructive examples from the literature 相似文献
8.
Jan Jürjens 《The Journal of Logic and Algebraic Programming》2009,78(2):54-73
Developing security-critical systems is difficult and there are many well-known examples of security weaknesses exploited in practice. Thus a sound methodology supporting secure systems development is urgently needed. In particular, an important missing link in the construction of secure systems is finding a practical way to create reliably secure crypto protocol implementations. We present an approach that aims to address this need by making use of a domain-specific language for crypto protocol implementations. One can use this language to construct a compact and precise yet executable representation of a cryptographic protocol. This high-level program can be verified against the security goals using automated theorem provers for first order logic. One can then use it to provide assurance for legacy implementations of crypto protocols by generating test-cases. 相似文献
9.
Protocol narrations are widely used in security as semi-formal notations to specify conversations between roles. We define a translation from a protocol narration to the sequences of operations to be performed by each role. Unlike previous works, we reduce this compilation process to well-known decision problems in formal protocol analysis. This allows one to define a natural notion of prudent translation and to reuse many known results from the literature in order to cover more crypto-primitives. In particular this work is the first one to show how to compile protocols parameterised by the properties of the available operations. 相似文献
10.
针对常用仿真工具在进行面向密码协议的半实物(Hardware-in-the-loop,HIL)网络仿真时接口不支持、密码协议仿真资源缺失、无法实现密码协议处理等问题,提出一种面向密码协议的HIL网络仿真方法。在形式化分析面向密码协议HIL网络仿真建模环境的基础上,给出了密码协议HIL网络仿真过程中用到的关键技术,构建了基于OMNeT 的HIL网络仿真模型。然后,就仿真过程中存在的关键问题进行了分析,提出了有效的解决方案。最后,以网际控制报文协议(Internet Control Message Protocol,ICMP)在测试主机连通性中的应用为例,基于封装安全载荷(Encapsulate Security Payload,ESP)协议,对面向密码协议的HIL网络仿真方法进行了仿真测试。实验结果表明,与现有HIL网络仿真方法相比,该方法可以对经ESP协议处理后的ICMP询问报文进行响应,有效地使虚实主机基于密码协议进行保密通信。 相似文献
11.
12.
13.
Consider a face-down card lying on the table such that we do not know whether its suit color is black or red. Then, how do we make identical copies of the card while keeping its color secret? A partial solution has been devised: using a number of additional black and red cards, Niemi and Renvall proposed an excellent protocol which can copy a face-down card while allowing only a small probability of revealing its color. In contrast, this paper shows the nonexistence of a perfect solution, namely, the impossibility of copying a face-down card with perfect secrecy. To prove such an impossibility result, we construct a rigorous mathematical model of card-based cryptographic protocols; giving this general computational model is the main result of this paper. 相似文献
14.
Norman C. Hutchinson Shivakant Mishra Larry L. Peterson Vicraj T. Thomas 《Software》1989,19(9):895-916
This paper describes two software tools—a message manager and a map manager—used to implement network protocols. The tools are provided as part of the x-kernel, an operating system kernel designed to support the construction and composition of protocols. For each tool, we briefly motivate the network task that needs to be done, give a high-level specification of the tool, outline the algorithms and data structures used to implement the tool and give concrete examples of how the tool is used to implement real protocols. We also demonstrate how the tools, even though they are designed for general use, perform efficiently. 相似文献
15.
提出了一种基于问题求解理论的密码协议模型,给出了模型的基本语法以及基于ρ演算的形式语义,明确了模型推理过程中涉及到的一些关键性的概念和命题。该模型具有以下特点:能够对密码协议进行精确的形式化描述;具有合理可靠的可证明语义;对密码协议安全性的定义精确合理;便于实现自动化推理。所有这些均确保了基于该模型的密码协议安全性分析的合理性和有效性,为正确的分析密码协议的安全性提供了可靠依据。 相似文献
16.
Narrowing was introduced, and has traditionally been used, to solve equations in initial and free algebras modulo a set of equations E. This paper proposes a generalization of narrowing which can be used to solve reachability goals in initial and free models of a rewrite theory ?. We show that narrowing is sound and weakly complete (i.e., complete for normalized solutions) under appropriate executability assumptions about ?. We also show that in general narrowing is not strongly complete, that is, not complete when some solutions can be further rewritten by ?. We then identify several large classes of rewrite theories, covering many practical applications, for which narrowing is strongly complete. Finally, we illustrate an application of narrowing to analysis of cryptographic protocols. 相似文献
17.
《Information and Software Technology》2003,45(11):779-790
In this paper, we first define bisimulation-based non-deterministic admissible interference (BNAI), derive its process-theoretic characterisation and present a compositional verification method with respect to the main operators over communicating processes, generalising in this way the similar trace-based results obtained [J. Univ. Comput. Sci. 6 (2000) 1054] into the finer notion of observation-based bisimulation [Logic and Models of Concurrent Systems, 1985]. Like its trace-based version, BNAI admits information flow between secrecy levels only through a downgrader (e.g. a cryptosystem), but is phrased into a generalisation of observational equivalence [Communication and Concurrency, 1989]. We then describe an admissible interference-based method for the analysis of cryptographic protocols, extending, in a non-trivial way, the non-interference-based approach presented by Focardi et al. [Proceedings of DERA/RHUL Workshop on Secure Architectures and Information Flow, 2000]. Confidentiality and authentication for cryptoprotocols are defined in terms of BNAI and their respective bisimulation-based proof methods are derived. Finally, as a significant illustration of the method, we consider simple case studies: the paradigmatic examples of the Wide Mouthed Frog protocol [ACM Trans. Comput. Syst. 8 (1990) 18] and the Woo and Lam one-way authentication protocol [IEEE Comput. 25 (1992) 39]. The original idea of this methodology is to prove that the intruder may interfere with the protocol only through selected channels considered as admissible when leading to harmless interference. 相似文献
18.
《Theoretical computer science》2005,331(1):143-214
We introduce a class of tree automata that perform tests on a memory that is updated using function symbol application and projection. The language emptiness problem for this class of tree automata is shown to be in DEXPTIME.We also introduce a class of set constraints with equality tests and prove its decidability by completion techniques and a reduction to tree automata with one memory.Finally, we show how to apply these results to cryptographic protocols. We introduce a class of cryptographic protocols and show the decidability of secrecy for an arbitrary number of agents and an arbitrary number of (concurrent or successive) sessions, provided that only a bounded number of new data is generated. The hypothesis on the protocol (a restricted copying ability) is shown to be necessary: without this hypothesis, we prove that secrecy is undecidable, even for protocols without nonces. 相似文献
19.
Benjamin Aziz Geoff Hamilton David Gray 《The Journal of Logic and Algebraic Programming》2005,64(2):285
This paper presents a non-uniform static analysis for detecting the term-substitution property in infinite cryptographic processes specified by the language of the spi calculus. The analysis is fully compositional following the denotational approach throughout. This renders the implementation of the analysis straightforward in functional programming. The results are then used to detect certain security breaches, like information leakage and authenticity breaches. As an example of its applicability, we apply the analysis to the SPLICE/AS protocol and the FTP server. 相似文献
20.
There are major challenges in establishing effective communications between nodes in Vehicular Ad Hoc Networks (VANETs). In them the systems are subject to wireless interference and disconnections, thus hindering the availability and reliability of source-destination connections. Another major problem arises when VANETs are sparse, causing excessive retransmissions and delays due to long periods without maintaing connection between pair of vehicles. In these environments traditional routing protocols proposed for VANETs suffer from the absence of end-to-end connections. From intensive studies and analysis, it was found that these problems are best overcome by using Delay Tolerant Network (DTN) routing protocols that can endure huge delays, connection disruptions and embolden applications to use a minimum number of roundtrip response confirmations. DTN routing protocols are considered to be the most suitable alternative to traditional routing protocols in VANET environments. They are designed for storing and forwarding messages through a series of forwarders to maintain network connectivity. Thus, we present a systematic technical survey and a comparative analysis of a taxonomy of DTN routing protocols, which we extended and adapted it to include a new set of VDTN (VANET/DTN) routing protocol categories with results. 相似文献