Presentation is loading. Please wait.

Presentation is loading. Please wait.

Bangalore, 2 Feb 2005Probabilistic security protocols 1 CIMPA School on Security Specification and verification of randomized security protocols Lecture.

Published byHollie Norman Modified over 9 years ago

Similar presentations

Presentation on theme: "Bangalore, 2 Feb 2005Probabilistic security protocols 1 CIMPA School on Security Specification and verification of randomized security protocols Lecture."— Presentation transcript:

1 Bangalore, 2 Feb 2005Probabilistic security protocols 1 CIMPA School on Security Specification and verification of randomized security protocols Lecture 2 Catuscia Palamidessi, INRIA & LIX catuscia@lix.polytechnique.fr www.lix.polytechnique.fr/~catuscia Page of the course: www.lix.polytechnique.fr/~catuscia/teaching/CIMPA_School_05/

2 Bangalore, 2 Feb 2005Probabilistic security protocols 2 Plan of the course Overview of the basic notions of Probability theory and Measure theory Probabilistic automata Probabilistic  -calculus Applications to the specification and verification of randomized security protocols –Anonymity –Fair exchange

3 Bangalore, 2 Feb 2005Probabilistic security protocols 3 Randomized security protocols A certain number of security protocols use randomized primitives –Anonymity: Crowds [Reiter and Rubin,1998], –anonymous communication (anonymity of the sender) Onion Routing [Syverson, Goldschlag and Reed, 1997] –anonymous communication Freenet [Clarke et al. 2001] –anonymous information storage and retrieval –Fairness Probabilistic Contract Signing protocol [Ben-Or et al., 1990] Probabilistic non-repudiation protocol [Markowitch and Roggeman, 1999] Partial Secrets Exchange protocol [Even, Goldreich and Lempel, 1985]

4 Bangalore, 2 Feb 2005Probabilistic security protocols 4 The probabilistic  -calculus References: O.M. Herescu, C. Palamidessi. Probabilistic asynchronous  - calculus. In J. Tiuryn, ed., Proc. of FOSSACS 2000 (Part of ETAPS 2000), vol. 1784 of LNCS, pages 146--160. Springer- Verlag, 2000. www.lix.polytechnique.fr/~catuscia/ papers/Prob_asy_pi/report.ps www.lix.polytechnique.fr/~catuscia/ papers/Prob_asy_pi/report.ps C. Palamidessi, O.M. Herescu. A Randomized Distributed Encoding of the  -Calculus with Mixed Choice. To appear in Theoretical Computer Science (short version in Proc. of IFIP- TCS 2002, pages 537-549, Kluwer, 2002.) www.lix.polytechnique.fr/~catuscia/ papers/prob_enc/report.ps

5 Bangalore, 2 Feb 2005Probabilistic security protocols 5 The probabilistic  -calculus Originally developed as an intermediate language for the fully distributed implementation of the  -calculus –The mixed choice mechanism of the p-calculus cannot be implemented in a fully distributed way deterministically, but can be done in a randomized way. Correctness is achieved with probability 1. Presently, we use it as a framework to model the correctness of security protocols: –to specify security properties which require a probabilistic formulation, –to represent randomized security protocols –to prove their correctness, i.e. t verify that they satisfy the intended properties

6 Bangalore, 2 Feb 2005Probabilistic security protocols 6 The probabilistic  -calculus: syntax Similar to the asynchronous p-calculus of Amadio,Castellani and Sangiorgi, the only difference is that the input-guarded choice is probabilistic input | silent actioninaction probabilistic choice output parallel new name replication

7 Bangalore, 2 Feb 2005Probabilistic security protocols 7 The probabilistic  -calculus: operational sem Based on the probabilistic automata of Segala and Lynch nondeterministic and probabilistic behavior nondeterminism associated to a scheduler (adversary) probabilistic behavior associated to the choice of the process –groups, probabilistic distributions, steps 1/2 1/3 2/3 1/2 1/3 2/3 1/2 1/3 2/3 steps

8 Bangalore, 2 Feb 2005Probabilistic security protocols 8 The probabilistic  -calculus: operational sem … 11 22 nn p1p1 p2p2 pnpn

9 Bangalore, 2 Feb 2005Probabilistic security protocols 9 The probabilistic  -calculus: operational sem

10 Bangalore, 2 Feb 2005Probabilistic security protocols 10 The probabilistic  -calculus: operational sem

11 Bangalore, 2 Feb 2005Probabilistic security protocols 11 The probabilistic  -calculus: operational sem

12 Bangalore, 2 Feb 2005Probabilistic security protocols 12 The probabilistic  -calculus: operational sem

Download ppt "Bangalore, 2 Feb 2005Probabilistic security protocols 1 CIMPA School on Security Specification and verification of randomized security protocols Lecture."

Similar presentations

Aaron Johnson with Joan Feigenbaum Paul Syverson

Aaron Johnson with Joan Feigenbaum Paul Syverson
A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.

A Probabilistic Analysis of Onion Routing in a Black-box Model 10/29/2007 Workshop on Privacy in the Electronic Society Aaron Johnson (Yale) with Joan.
A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)

A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)
Security attacks. - confidentiality: only authorized parties have read access to information - integrity: only authorized parties have write access to.

Security attacks. - confidentiality: only authorized parties have read access to information - integrity: only authorized parties have write access to.
Quantification of Integrity Michael Clarkson and Fred B. Schneider Cornell University MIT Systems Security and Cryptography Discussion Group October 15,

Quantification of Integrity Michael Clarkson and Fred B. Schneider Cornell University MIT Systems Security and Cryptography Discussion Group October 15,
Modeling and Simulation By Lecturer: Nada Ahmed. Introduction to simulation and Modeling.

Modeling and Simulation By Lecturer: Nada Ahmed. Introduction to simulation and Modeling.
08 April 2004 1 PPS - Groupe de Travail en Concurrence The probabilistic asynchronous -calculus Catuscia Palamidessi, INRIA Futurs, France.

08 April PPS - Groupe de Travail en Concurrence The probabilistic asynchronous -calculus Catuscia Palamidessi, INRIA Futurs, France.
BloomUnit Declarative testing for distributed programs Peter Alvaro UC Berkeley.

BloomUnit Declarative testing for distributed programs Peter Alvaro UC Berkeley.
Paris, 3 Dec 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 12 Probabilistic process calculi Catuscia Palamidessi LIX, Ecole Polytechnique.

Paris, 3 Dec 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 12 Probabilistic process calculi Catuscia Palamidessi LIX, Ecole Polytechnique.
Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.

Distributed Markov Chains P S Thiagarajan School of Computing, National University of Singapore Joint work with Madhavan Mukund, Sumit K Jha and Ratul.
1 Non-interference Properties for Probabilistic Processes A Process Algebraic Approach Alessandro Aldini joint work with Mario Bravetti and Roberto Gorrieri.

1 Non-interference Properties for Probabilistic Processes A Process Algebraic Approach Alessandro Aldini joint work with Mario Bravetti and Roberto Gorrieri.
Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.

Rational Oblivious Transfer KARTIK NAYAK, XIONG FAN.
1 Reversibility for Recoverability Ivan Lanese Computer Science Department FOCUS research group University of Bologna/INRIA Bologna, Italy.

1 Reversibility for Recoverability Ivan Lanese Computer Science Department FOCUS research group University of Bologna/INRIA Bologna, Italy.
Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi

Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi
1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.

1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.
Probabilistic Methods in Concurrency Lecture 3 The pi-calculus hierarchy: separation results Catuscia Palamidessi

Probabilistic Methods in Concurrency Lecture 3 The pi-calculus hierarchy: separation results Catuscia Palamidessi
Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.

Course on Probabilistic Methods in Concurrency (Concurrent Languages for Probabilistic Asynchronous Communication) Lecture 1 The pi-calculus and the asynchronous.
CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.

CS426Fall 2010/Lecture 351 Computer Security CS 426 Lecture 35 Commitment & Zero Knowledge Proofs.
An Overview of the BSP Model of Parallel Computation Overview Only.

An Overview of the BSP Model of Parallel Computation Overview Only.
CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

CSCE 790: Computer Network Security Chin-Tser Huang University of South Carolina.

Similar presentations

Ads by Google