Automated Verification of Exam , Cash , Reputation , and Routing Protocols

نویسندگان

  • Ali Kassem
  • Yassine Lakhnech
  • Pascal Lafourcade
  • Sébastien Gambs
  • Olivier Pereira
  • Steve Kremer
  • Luca Viganò
چکیده

Security is a crucial requirement in the applications based on information and communication technology, especially when an open network such as the Internet is used. To ensure security in such applications several security protocols have been developed. However, the design of complex security protocols is notoriously difficult and error-prone. Several flaws have been found on protocols that are claimed secure. Hence, security protocols must be verified before they are used. One approach to verify security protocols is the use of formal methods. The use of formal methods has led to the discovery of several flaws on security protocols, as well as, to the proof of some other protocols’ correctness. However, errors can be introduced when the protocols are implemented. Another approach which can be used to verify implementations individual executions is runtime verification. Runtime verification mainly can help in the cases where verifying implementations formally is complex and difficult. In this thesis we contribute to security protocol verification with an emphasis on formal verification and automation. Firstly, we study exam protocols. We propose formal definitions for several authentication and privacy properties in the Applied π-Calculus. We also provide an abstract definitions of verifiability properties. We analyze all these properties automatically using ProVerif on multiple case studies, and identify several flaws. Moreover, we propose several monitors to check exam requirements at runtime. These monitors are validated by analyzing a real exam implementation using MarQ Java based tool. Secondly, we propose a formal framework to verify the security properties of non-transferable electronic cash protocols. We define client privacy and forgery related properties. Again, we illustrate our model by analyzing three case studies using ProVerif, and we re-discover known attacks. Thirdly, we propose formal definitions of authentication, privacy, and verifiability properties of electronic reputation protocols. We discuss the proposed definitions, with the help of ProVerif, on a simple reputation protocol. Finally, we obtain a reduction result to verify route validity of ad-hoc routing protocols in presence of multiple independent attackers.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Vérification automatique de protocoles d'examen, de monnaie, de réputation, et de routage. (Automated Verification of Exam, Cash, aa Reputation, and Routing Protocols)

Security is a crucial requirement in the applications based on information and communication technology, especially when an open network such as the Internet is used. To ensure security in such applications several security protocols have been developed. However, the design of complex security protocols is notoriously difficult and error-prone. Several flaws have been found on protocols that ar...

متن کامل

A Comprehensive Mathematical Model for a Location-routing-inventory Problem under Uncertain Demand: a Numerical Illustration in Cash-in-transit Sector

The purpose of this article is to model and solve an integrated location, routing and inventory problem (LRIP) in cash-in-transit (CIT) sector. In real operation of cash transportation, to decrease total cost and to reduce risk of robbery of such high-value commodity. There must be substantial variation, making problem difficult to formulate. In this paper, to better fit real life applications ...

متن کامل

A Mathematical Programming for a Special Case of 2E-LRP in Cash-In-Transit Sector Having Rich Variants

In this article, we propose a special case of two-echelon location-routing problem (2E-LRP) in cash-in-transit (CIT) sector. To tackle this realistic problem and to make the model applicable, a rich LRP considering several existing real-life variants and characteristics named BO-2E-PCLRPSD-TW including different objective functions, multiple echelons, multiple periods, capacitated vehicles, dis...

متن کامل

Protocols and models for the security of wireless ad-hoc networks. (Protocoles et modèles pour la sécurité des réseaux ad-hoc sans-fil)

In this document, we focus on ways of increasing the security of wireless ad-hoc networks. These networks, and more specifically wireless sensor networks, look increasingly like the right answer to a lot of problem, such as data collection over a large area, or providing emergency network infrastructure after a disaster. They are also inherently exposed to malicious intents due to their collabo...

متن کامل

Secure Bio-Cryptographic Authentication System for Cardless Automated Teller Machines

Security is a vital issue in the usage of Automated Teller Machine (ATM) for cash, cashless and many off the counter banking transactions. Weaknesses in the use of ATM machine could not only lead to loss of customer’s data confidentiality and integrity but also breach in the verification of user’s authentication. Several challenges are associated with the use of ATM smart card such as: card clo...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2015