Bangalore, 2 Feb 2005Probabilistic security protocols 1 CIMPA School on Security Specification and verification of randomized security protocols Lecture.

Slides:



Advertisements
Similar presentations
Aaron Johnson with Joan Feigenbaum Paul Syverson
Advertisements

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)
Security attacks. - confidentiality: only authorized parties have read access to information - integrity: only authorized parties have write access to.
Quantification of Integrity Michael Clarkson and Fred B. Schneider Cornell University MIT Systems Security and Cryptography Discussion Group October 15,
Modeling and Simulation By Lecturer: Nada Ahmed. Introduction to simulation and Modeling.
08 April PPS - Groupe de Travail en Concurrence The probabilistic asynchronous -calculus Catuscia Palamidessi, INRIA Futurs, France.
BloomUnit Declarative testing for distributed programs Peter Alvaro UC Berkeley.
Paris, 3 Dec 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 12 Probabilistic process calculi Catuscia Palamidessi LIX, Ecole Polytechnique.
Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
1 Non-interference Properties for Probabilistic Processes A Process Algebraic Approach Alessandro Aldini joint work with Mario Bravetti and Roberto Gorrieri.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
1 Reversibility for Recoverability Ivan Lanese Computer Science Department FOCUS research group University of Bologna/INRIA Bologna, Italy.
Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi
1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.
Probabilistic Methods in Concurrency Lecture 3 The pi-calculus hierarchy: separation results Catuscia Palamidessi
Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
An Overview of the BSP Model of Parallel Computation Overview Only.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.
Analysis of Security Protocols (V) John C. Mitchell Stanford University.
Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.
The Power of Simulation Relations Sixty and Beyond Toronto, August 20, 2008 Roberto Segala - University of Verona 1 The Power of Simulation Relations Roberto.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Information Theory and Security Prakash Panangaden McGill University First Canada-France Workshop on Foundations and Practice of Security Montréal 2008.
Untraceable Electronic Mail, Return Addresses, and Digital Pseudonyms David Chaum CACM Vol. 24 No. 2 February 1981 Presented by: Adam Lee 1/24/2006 David.
Yongzhi Wang, Jinpeng Wei VIAF: Verification-based Integrity Assurance Framework for MapReduce.
Lecture #12 Distributed Algorithms (I) CS492 Special Topics in Computer Science: Distributed Algorithms and Systems.
Probabilistic Methods in Concurrency Lecture 4 Problems in distributed systems for which only randomized solutions exist Catuscia Palamidessi
11 February CdP INRIA Futurs Catuscia Palamidessi INRIA Saclay.
Scientific Computing By: Fatima Hallak To: Dr. Guy Tel-Zur.
10 December 2002ENS Cachan1 Generalized dining philosophers Catuscia Palamidessi, INRIA in collaboration with Mihaela Oltea Herescu, IBM Michael Pilquist,
University of Paderborn Software Engineering Group Prof. Dr. Wilhelm Schäfer Towards Verified Model Transformations Holger Giese 1, Sabine Glesner 2, Johannes.
Stochastic Activity Networks ( SAN ) Sharif University of Technology,Computer Engineer Department, Winter 2013 Verification of Reactive Systems Mohammad.
Natallia Kokash (Accepted for PACO’2011) ACG, 31/05/ Input-output conformance testing for channel-based connectors 1.
Major Disciplines in Computer Science Ken Nguyen Department of Information Technology Clayton State University.
MPRI – Course on Concurrency Probabilistic methods in Concurrency Catuscia Palamidessi INRIA Futurs and LIX
Csci5233 computer security & integrity 1 Cryptography: an overview.
CS 395T Game-Based Verification of Contract Signing Protocols.
Probabilistic Anonymity Mohit Bhargava, IIT New Delhi Catuscia Palamidessi, INRIA Futurs & LIX.
Probabilistic and Nondeterministic Aspects of Anonymity Catuscia Palamidessi, INRIA & LIX Based on joint work with Mohit Bhargava, IIT New Delhi Kostas.
Paris, 17 December 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 14 Application of probabilistic process calculi to security Catuscia.
MPRI 3 Dec 2007Catuscia Palamidessi 1 Why Probability and Nondeterminism? Concurrency Theory Nondeterminism –Scheduling within parallel composition –Unknown.
Verification of Security Protocols Lecture 0: admin Sandro Etalle.
MPRI – Course on Concurrency Lectures 11 and 12 The pi-calculus expressiveness hierarchy Catuscia Palamidessi INRIA Futurs and LIX
Lecture 5 1 CSP tools for verification of Sec Prot Overview of the lecture The Casper interface Refinement checking and FDR Model checking Theorem proving.
Lecture 5.1: Message Authentication Codes, and Key Distribution
14 October BASICS'09, Shanghai On the expressive power of synchronization primitives in the π-calculus Catuscia Palamidessi, INRIA Saclay, France.
Concurrency 5 The theory of CCS Specifications and Verification Expressive Power Catuscia Palamidessi
Mix networks with restricted routes PET 2003 Mix Networks with Restricted Routes George Danezis University of Cambridge Computer Laboratory Privacy Enhancing.
Quantification of Integrity Michael Clarkson and Fred B. Schneider Cornell University IEEE Computer Security Foundations Symposium July 17, 2010.
ECE/CS 584: Verification of Embedded Computing Systems Model Checking Timed Automata Sayan Mitra Lecture 09.
Modified Onion Routing GYANRANJAN HAZARIKA AND KARAN MIRANI.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
Probabilistic Methods in Concurrency Lecture 6 Progress statements: A tool for verification of probabilistic automata Catuscia Palamidessi
6 October PPDP / GPCE 2002 Mobile Calculi Catuscia Palamidessi, INRIA Futurs, France joint work with Mihaela Herescu, IBM, Austin for Distributed.
Probabilistic Contract Signing CS 395T. Probabilistic Fair Exchange uTwo parties exchange items of value Signed commitments (contract signing) Signed.
PDEVS Protocol Performance Prediction using Activity Patterns with Finite Probabilistic DEVS DEMO L. Capocchi, J.F. Santucci, B.P. Zeigler University of.
1 Maximality Properties Dr. Mikhail Nesterenko Presented By Ibrahim Motiwala.
Lecture 4 1 Honnor Projects Supervised by Catuscia Palamidessi The  -calculus, a small language for specification and verification of concurrency and.
CS5270 Lecture 41 Timed Automata I CS 5270 Lecture 4.
1 Anonymity. 2 Overview  What is anonymity?  Why should anyone care about anonymity?  Relationship with security and in particular identification 
16 January 2004LIX1 Equipe Comète Concurrency, Mobility, and Transactions Catuscia Palamidessi INRIA-Futurs and LIX.
Modified Onion Routing and its Proof of Concept By: Gyanranjan Hazarika.
Catuscia Palamidessi, INRIA Saclay, France
Probabilistic Methods in Concurrency Lecture 5 Basics of Measure Theory and Probability Theory Probabilistic Automata Catuscia Palamidessi
Probabilistic Methods in Concurrency Lecture 7 The probabilistic asynchronous p-calculus Catuscia Palamidessi
‘Crowds’ through a PRISM
Data science course in Bangalore.
Trust-based Privacy Preservation for Peer-to-peer Data Sharing
Presentation transcript:

Bangalore, 2 Feb 2005Probabilistic security protocols 1 CIMPA School on Security Specification and verification of randomized security protocols Lecture 2 Catuscia Palamidessi, INRIA & LIX Page of the course:

Bangalore, 2 Feb 2005Probabilistic security protocols 2 Plan of the course Overview of the basic notions of Probability theory and Measure theory Probabilistic automata Probabilistic  -calculus Applications to the specification and verification of randomized security protocols –Anonymity –Fair exchange

Bangalore, 2 Feb 2005Probabilistic security protocols 3 Randomized security protocols A certain number of security protocols use randomized primitives –Anonymity: Crowds [Reiter and Rubin,1998], –anonymous communication (anonymity of the sender) Onion Routing [Syverson, Goldschlag and Reed, 1997] –anonymous communication Freenet [Clarke et al. 2001] –anonymous information storage and retrieval –Fairness Probabilistic Contract Signing protocol [Ben-Or et al., 1990] Probabilistic non-repudiation protocol [Markowitch and Roggeman, 1999] Partial Secrets Exchange protocol [Even, Goldreich and Lempel, 1985]

Bangalore, 2 Feb 2005Probabilistic security protocols 4 The probabilistic  -calculus References: O.M. Herescu, C. Palamidessi. Probabilistic asynchronous  - calculus. In J. Tiuryn, ed., Proc. of FOSSACS 2000 (Part of ETAPS 2000), vol of LNCS, pages Springer- Verlag, papers/Prob_asy_pi/report.ps papers/Prob_asy_pi/report.ps C. Palamidessi, O.M. Herescu. A Randomized Distributed Encoding of the  -Calculus with Mixed Choice. To appear in Theoretical Computer Science (short version in Proc. of IFIP- TCS 2002, pages , Kluwer, 2002.) papers/prob_enc/report.ps

Bangalore, 2 Feb 2005Probabilistic security protocols 5 The probabilistic  -calculus Originally developed as an intermediate language for the fully distributed implementation of the  -calculus –The mixed choice mechanism of the p-calculus cannot be implemented in a fully distributed way deterministically, but can be done in a randomized way. Correctness is achieved with probability 1. Presently, we use it as a framework to model the correctness of security protocols: –to specify security properties which require a probabilistic formulation, –to represent randomized security protocols –to prove their correctness, i.e. t verify that they satisfy the intended properties

Bangalore, 2 Feb 2005Probabilistic security protocols 6 The probabilistic  -calculus: syntax Similar to the asynchronous p-calculus of Amadio,Castellani and Sangiorgi, the only difference is that the input-guarded choice is probabilistic input | silent actioninaction probabilistic choice output parallel new name replication

Bangalore, 2 Feb 2005Probabilistic security protocols 7 The probabilistic  -calculus: operational sem Based on the probabilistic automata of Segala and Lynch nondeterministic and probabilistic behavior nondeterminism associated to a scheduler (adversary) probabilistic behavior associated to the choice of the process –groups, probabilistic distributions, steps 1/2 1/3 2/3 1/2 1/3 2/3 1/2 1/3 2/3 steps

Bangalore, 2 Feb 2005Probabilistic security protocols 8 The probabilistic  -calculus: operational sem … 11 22 nn p1p1 p2p2 pnpn

Bangalore, 2 Feb 2005Probabilistic security protocols 9 The probabilistic  -calculus: operational sem

Bangalore, 2 Feb 2005Probabilistic security protocols 10 The probabilistic  -calculus: operational sem

Bangalore, 2 Feb 2005Probabilistic security protocols 11 The probabilistic  -calculus: operational sem

Bangalore, 2 Feb 2005Probabilistic security protocols 12 The probabilistic  -calculus: operational sem

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.