Based on the authentication tests and the strand space model, the robust email protocol with perfect forward secrecy is formally analyzed, and the security shortcomings of the protocol is pointed out. Meanwhile, the m...Based on the authentication tests and the strand space model, the robust email protocol with perfect forward secrecy is formally analyzed, and the security shortcomings of the protocol is pointed out. Meanwhile, the man-in-the-middle attack to the protocol is given, where the attacker forges the messages in the receiving phase to cheat the two communication parties and makes them share the wrong session keys with him. Therefore, the protocol is not ensured to provide perfect forward secrecy. In order to overcome the above security shortcomings, an advanced email protocol is proposed, where the corresponding signatures in the receiving phase of the protocol are added to overcome the man-in-the-middle attack and ensure to provide perfect forward secrecy. Finally, the proposed advanced email protocol is formally analyzed with the authentication tests and the strand space model, and it is proved to be secure in authentication of the email sender, the recipient and the server. Therefore, the proposed advanced email protocol can really provide perfect forward secrecy.展开更多
Security analysis of cryptographic protocols has been widely studied for many years.As far as we know,we have not found any methods to effectively analyze group key exchange protocols for the three parties yet,which d...Security analysis of cryptographic protocols has been widely studied for many years.As far as we know,we have not found any methods to effectively analyze group key exchange protocols for the three parties yet,which did not sacrifice the soundness of cryptography.Recently,Canetti and Herzog have proposed Universally Composable Symbolic Analysis(UCSA) of two-party mutual authentication and key exchange protocol which is based on the symmetric encryption schemes.This scheme can analyze the protocols automatically and guarantee the soundness of cryptography.Therefore,we discuss group key exchange protocol which is based on Joux Tripartite Diffie-Hellman(JTDH) using UCSA.Our contribution is analyzing group key exchange protocol effectively without damaging the soundness of cryptography.展开更多
In order to satisfy the safety-critical requirements,the train control system(TCS) often employs a layered safety communication protocol to provide reliable services.However,both description and verification of the sa...In order to satisfy the safety-critical requirements,the train control system(TCS) often employs a layered safety communication protocol to provide reliable services.However,both description and verification of the safety protocols may be formidable due to the system complexity.In this paper,interface automata(IA) are used to describe the safety service interface behaviors of safety communication protocol.A formal verification method is proposed to describe the safety communication protocols using IA and translate IA model into PROMELA model so that the protocols can be verified by the model checker SPIN.A case study of using this method to describe and verify a safety communication protocol is included.The verification results illustrate that the proposed method is effective to describe the safety protocols and verify deadlocks,livelocks and several mandatory consistency properties.A prototype of safety protocols is also developed based on the presented formally verifying method.展开更多
基金The Natural Science Foundation of Jiangsu Province(No.BK2006108)
文摘Based on the authentication tests and the strand space model, the robust email protocol with perfect forward secrecy is formally analyzed, and the security shortcomings of the protocol is pointed out. Meanwhile, the man-in-the-middle attack to the protocol is given, where the attacker forges the messages in the receiving phase to cheat the two communication parties and makes them share the wrong session keys with him. Therefore, the protocol is not ensured to provide perfect forward secrecy. In order to overcome the above security shortcomings, an advanced email protocol is proposed, where the corresponding signatures in the receiving phase of the protocol are added to overcome the man-in-the-middle attack and ensure to provide perfect forward secrecy. Finally, the proposed advanced email protocol is formally analyzed with the authentication tests and the strand space model, and it is proved to be secure in authentication of the email sender, the recipient and the server. Therefore, the proposed advanced email protocol can really provide perfect forward secrecy.
基金supported by the National Natural Science Foundation of China under Grants No.61003262,No.60873237,No.61100205,No.60873001the Fundamental Research Funds for the Central Universities under Grant No.2009RC0212
文摘Security analysis of cryptographic protocols has been widely studied for many years.As far as we know,we have not found any methods to effectively analyze group key exchange protocols for the three parties yet,which did not sacrifice the soundness of cryptography.Recently,Canetti and Herzog have proposed Universally Composable Symbolic Analysis(UCSA) of two-party mutual authentication and key exchange protocol which is based on the symmetric encryption schemes.This scheme can analyze the protocols automatically and guarantee the soundness of cryptography.Therefore,we discuss group key exchange protocol which is based on Joux Tripartite Diffie-Hellman(JTDH) using UCSA.Our contribution is analyzing group key exchange protocol effectively without damaging the soundness of cryptography.
基金supported by the New Century Excellent Researcher Award Program from Ministry of Education of China (Grant No. NCET-07-0059)the Fundamental Research Funds for the Central Universities (Grant No.2011YJS006)+1 种基金the National High Technology Research and DevelopmentProgram of China ("863" Program) (Grant No. 2011AA010104)the State Key Laboratory of Rail Traffic Control and Safety Research Project(Grant Nos. RCS2008ZZ001, RCS2008ZZ005)
文摘In order to satisfy the safety-critical requirements,the train control system(TCS) often employs a layered safety communication protocol to provide reliable services.However,both description and verification of the safety protocols may be formidable due to the system complexity.In this paper,interface automata(IA) are used to describe the safety service interface behaviors of safety communication protocol.A formal verification method is proposed to describe the safety communication protocols using IA and translate IA model into PROMELA model so that the protocols can be verified by the model checker SPIN.A case study of using this method to describe and verify a safety communication protocol is included.The verification results illustrate that the proposed method is effective to describe the safety protocols and verify deadlocks,livelocks and several mandatory consistency properties.A prototype of safety protocols is also developed based on the presented formally verifying method.
