Formal Analysis of Selective Disclosure Attribute-Based Credential System in Applied Pi Calculus

2016 ◽  
Author(s):  
Caimei Wang ◽  
Yan Xiong ◽  
Wenchao Huang ◽  
Huihua Xia ◽  
Jianmeng Huang
Keyword(s):  
Formal Analysis ◽  
Pi Calculus ◽  
Selective Disclosure

scholarly journals Formal analysis of security protocols for wireless sensor networks

2010 ◽  
Vol 47 (1) ◽  
pp. 81-97 ◽  
Author(s):  
Marián Novotný
Keyword(s):  
Sensor Networks ◽  
Formal Model ◽  
Formal Analysis ◽  
Security Protocols ◽  
Data Integrity ◽  
Wireless Sensor ◽  
Semantic Model ◽  
Communication Graph ◽  
Pi Calculus ◽  
Security Properties

Abstract Design of security protocols is notoriously error-prone. For this reason, it is required to use formal methods to analyze their security properties. In the paper we present a formal analysis of the Canvas protocol. The Canvas protocol was developed by Harald Vogt and should provide data integrity inWireless Sensor Networks. However, Dieter Gollmann published an attack on the protocol. We consider the fallacy of the Canvas scheme in different models of the attacker and present a solution for correcting the scheme.We propose a formal model of the fixed Canvas protocol in the applied pi-calculus. This model includes a model of the network topology, communication channels, captured nodes, and capabilities of the attacker. Moreover, we formulate and analyze the data integrity property of the scheme in the semantic model of the applied pi-calculus. We prove that the fixed Canvas scheme, in the presence of an active adversary, provides data integrity of messages assuming that captured nodes are not direct neighbors in the communication graph of a sensor network. Finally, we discuss the applicability of the proposed formal model for analysis of other WSN security protocols.

Types and typechecking for Communicating Quantum Processes

2006 ◽  
Vol 16 (3) ◽  
pp. 375-406 ◽  
Author(s):  
SIMON J. GAY ◽  
RAJAGOPAL NAGARAJAN
Keyword(s):  
Communication Systems ◽  
Quantum Communication ◽  
Formal Analysis ◽  
Operational Semantics ◽  
Type System ◽  
Quantum Processes ◽  
Classical Communication ◽  
Quantum Bits ◽  
Classical Systems ◽  
Pi Calculus

We define a language CQP (Communicating Quantum Processes) for modelling systems that combine quantum and classical communication and computation. CQP combines the communication primitives of the pi-calculus with primitives for measurement and transformation of the quantum state; in particular, quantum bits (qubits) can be transmitted from process to process along communication channels. CQP has a static type system, which classifies channels, distinguishes between quantum and classical data, and controls the use of quantum states. We formally define the syntax, operational semantics and type system of CQP, prove that the semantics preserves typing, and prove that typing guarantees that each qubit is owned by a unique process within a system. We also define a typechecking algorithm and prove that it is sound and complete with respect to the type system. We illustrate CQP by defining models of several quantum communication systems, and outline our plans for using CQP as the foundation for formal analysis and verification of combined quantum and classical systems.

scholarly journals An Extensive Formal Analysis of Multi-factor Authentication Protocols

2021 ◽  
Vol 24 (2) ◽  
pp. 1-34
Author(s):  
Charlie Jacomme ◽  
Steve Kremer
Keyword(s):  
Communication Network ◽  
Protocol Analysis ◽  
Formal Analysis ◽  
Authentication Protocols ◽  
Laboratory Environment ◽  
Threat Model ◽  
Extensive Analysis ◽  
Pi Calculus ◽  
Automated Protocol ◽  
Classical Protocol

Passwords are still the most widespread means for authenticating users, even though they have been shown to create huge security problems. This motivated the use of additional authentication mechanisms in so-called multi-factor authentication protocols. In this article, we define a detailed threat model for this kind of protocol: While in classical protocol analysis attackers control the communication network, we take into account that many communications are performed over TLS channels, that computers may be infected by different kinds of malware, that attackers could perform phishing, and that humans may omit some actions. We formalize this model in the applied pi calculus and perform an extensive analysis and comparison of several widely used protocols—variants of Google 2-step and FIDO’s U2F (Yubico’s Security Key token). The analysis is completely automated, generating systematically all combinations of threat scenarios for each of the protocols and using the P ROVERIF tool for automated protocol analysis. To validate our model and attacks, we demonstrate their feasibility in practice, even though our experiments are run in a laboratory environment. Our analysis highlights weaknesses and strengths of the different protocols. It allows us to suggest several small modifications of the existing protocols that are easy to implement, as well as an extension of Google 2-step that improves security in several threat scenarios.

Formal Verification of Control System Software

2019 ◽  
Author(s):  
Pierre-Loïc Garoche
Keyword(s):  
Control System ◽  
Formal Verification ◽  
Formal Analysis ◽  
Critical Systems ◽  
System Software ◽  
Unified Approach ◽  
Verification Methods ◽  
Autonomous Cars ◽  
Computer Scientists ◽  
Verification Techniques

The verification of control system software is critical to a host of technologies and industries, from aeronautics and medical technology to the cars we drive. The failure of controller software can cost people their lives. This book provides control engineers and computer scientists with an introduction to the formal techniques for analyzing and verifying this important class of software. Too often, control engineers are unaware of the issues surrounding the verification of software, while computer scientists tend to be unfamiliar with the specificities of controller software. The book provides a unified approach that is geared to graduate students in both fields, covering formal verification methods as well as the design and verification of controllers. It presents a wealth of new verification techniques for performing exhaustive analysis of controller software. These include new means to compute nonlinear invariants, the use of convex optimization tools, and methods for dealing with numerical imprecisions such as floating point computations occurring in the analyzed software. As the autonomy of critical systems continues to increase—as evidenced by autonomous cars, drones, and satellites and landers—the numerical functions in these systems are growing ever more advanced. The techniques presented here are essential to support the formal analysis of the controller software being used in these new and emerging technologies.

Sign in / Sign up

Export Citation Format

Share Document