Results 1 - 10
of
23
Secrecy in multiagent systems
"... We introduce a general framework for reasoning about secrecy requirements in multiagent systems. Because secrecy requirements are closely connected with the knowledge of individual agents of a system, our framework employs the modal logic of knowledge within the context of the well-studied runs and ..."
Abstract
-
Cited by 71 (6 self)
- Add to MetaCart
(Show Context)
We introduce a general framework for reasoning about secrecy requirements in multiagent systems. Because secrecy requirements are closely connected with the knowledge of individual agents of a system, our framework employs the modal logic of knowledge within the context of the well-studied runs and systems framework. Put simply, “secrets ” are facts about a system that low-level agents are never allowed to know. The framework presented here allows us to formalize this intuition precisely, in a way that is much in the spirit of Sutherland’s notion of nondeducibility. Several well-known attempts to characterize the absence of information flow, including separability, generalized noninterference, and nondeducibility on strategies, turn out to be special cases of our definition of secrecy. However, our approach lets us go well beyond these definitions. It can handle probabilistic secrecy in a clean way, and it suggests generalizations of secrecy that may be useful for dealing with resource-bounded reasoning and with issues such as downgrading of information.
Securing Vehicular Communications - Assumptions, Requirements, and Principles
- WORKSHOP ON EMBEDDED SECURITY IN CARS
, 2006
"... Among civilian communication systems, vehicular networks emerge as one of the most convincing and yet most challenging instantiations of the mobile ad hoc networking technology. Towards the deployment of vehicular communication systems, security and privacy are critical factors and significant chall ..."
Abstract
-
Cited by 31 (7 self)
- Add to MetaCart
Among civilian communication systems, vehicular networks emerge as one of the most convincing and yet most challenging instantiations of the mobile ad hoc networking technology. Towards the deployment of vehicular communication systems, security and privacy are critical factors and significant challenges to be met. Thanks to the substantial research efforts carried out by the community so far, we make the following contributions in this paper: we outline security requirements for vehicular communication systems, we provide models for the system and the communication, as well as models for the adversaries, and propose a set of design principles for future security and privacy solutions for vehicular communication systems.
Knowledge-based modelling of voting protocols
- In TARK’07: Proceedings of the 11th International Conference on Theoretical Aspects of Rationality and Knowledge
"... We contend that reasoning about knowledge is both natural and pragmatic for verification of electronic voting protocols. We present a model in which desirable properties of elections are naturally expressed using standard knowledge operators, and show that the associated logic is decidable (under re ..."
Abstract
-
Cited by 22 (0 self)
- Add to MetaCart
(Show Context)
We contend that reasoning about knowledge is both natural and pragmatic for verification of electronic voting protocols. We present a model in which desirable properties of elections are naturally expressed using standard knowledge operators, and show that the associated logic is decidable (under reasonable assumptions of bounded agents and nonces). 1
A Complete Axiomatization of Knowledge and Cryptography
"... The combination of first-order epistemic logic and formal cryptography offers a potentially very powerful framework for security protocol verification. In this article, we address two main challenges towards such a combination; First, the expressive power, specifically the epistemic modality, needs ..."
Abstract
-
Cited by 19 (5 self)
- Add to MetaCart
(Show Context)
The combination of first-order epistemic logic and formal cryptography offers a potentially very powerful framework for security protocol verification. In this article, we address two main challenges towards such a combination; First, the expressive power, specifically the epistemic modality, needs to receive concrete computational justification. Second, the logic must be shown to be, in some sense, formally tractable. Addressing the first challenge, we provide a generalized Kripke semantics that uses permutations on the underlying domain of cryptographic messages to reflect agents ’ limited computational power. Using this approach, we obtain logical characterizations of important concepts of knowledge in the security protocol literature, namely Dolev-Yao style message deduction and static equivalence. Answering the second challenge, we exhibit an axiomatization which is sound and complete relative to the underlying theory of cryptographic terms, and to an omega rule for quantifiers. The axiomatization uses largely standard axioms and rules from first-order modal logic. In addition, it includes some novel axioms for the interaction between knowledge and cryptography. To illustrate the usefulness of the logic we consider protocol examples using mixes, a Crowds style protocol, and electronic payments. Furthermore, we provide embedding results for BAN and SVO. 1
Contract Signing, Optimism, and Advantage
"... A contract signing protocol lets two parties exchange digital signatures on a pre-agreed text. Optimistic contract signing protocols enable the signers to do so without invoking a trusted third party. However, an adjudicating third party remains available should one or both signers seek timely re ..."
Abstract
-
Cited by 15 (4 self)
- Add to MetaCart
(Show Context)
A contract signing protocol lets two parties exchange digital signatures on a pre-agreed text. Optimistic contract signing protocols enable the signers to do so without invoking a trusted third party. However, an adjudicating third party remains available should one or both signers seek timely resolution. We analyze optimistic contract signing protocols using a game-theoretic approach and prove a fundamental impossibility result: in any fair, optimistic, timely protocol, an optimistic player yields an advantage to the opponent. The proof relies on a careful characterization of optimistic play that postpones communication to the third party. Since advantage cannot be completely eliminated from optimistic protocols, we argue that the strongest property attainable is the absence of provable advantage, i.e., abuse-freeness in the sense of Garay-Jakobsson-MacKenzie.
Deciding knowledge properties of security protocols
"... Logics for specifying properties of security protocols and reasoning about them have received increasing attention over the past few years. In this paper, we propose a propositional logic of knowledge, augmented with tense modalities, in which many important properties of security protocols can b ..."
Abstract
-
Cited by 13 (1 self)
- Add to MetaCart
Logics for specifying properties of security protocols and reasoning about them have received increasing attention over the past few years. In this paper, we propose a propositional logic of knowledge, augmented with tense modalities, in which many important properties of security protocols can be naturally expressed. We also describe in some detail the protocol model, which helps provide a precise and general semantics for the logic. The main technical result is the decidability of the verification problem for the logic.
Logical omniscience in the semantics of BAN logic
- in: Proceedings of the Foundations of Computer Security Workshop
"... BAN logic is an epistemic logic for verification of cryptographic protocols. A number of semantics have been proposed for BAN logic, but none of them capture the intended meaning of the epistemic modality in a satisfactory way. This is due to the so-called logical omniscience problem: Agents are ”id ..."
Abstract
-
Cited by 10 (2 self)
- Add to MetaCart
(Show Context)
BAN logic is an epistemic logic for verification of cryptographic protocols. A number of semantics have been proposed for BAN logic, but none of them capture the intended meaning of the epistemic modality in a satisfactory way. This is due to the so-called logical omniscience problem: Agents are ”ideal reasoners” in existing semantics, while agents in BAN logic have only limited cryptographic reasoning powers. Logical omniscience is unavoidable in Kripke semantics, the standard semantical framework in epistemic logic. Our proposal is to generalize the epistemic accessibility relation of Kripke semantics so that it changes not only the current execution point, but also the currently predicated message. When instantiated on message passing sys-tems, the semantics validates BAN logic. It makes agents introspective (”self-aware”) of their own knowledge and of their own actions of sending, receiving and extracting.
To Know or not to Know: Epistemic Approaches to Security Protocol Verification
- Synthese
, 2010
"... Abstract. Security properties naturally combine temporal aspects of protocols with aspects of knowledge of the agents. Since BAN-logic, there have been several initiatives and attempts to incorporate epistemics into the analysis of security proto-cols. In this paper, we give an overview of work in t ..."
Abstract
-
Cited by 7 (3 self)
- Add to MetaCart
Abstract. Security properties naturally combine temporal aspects of protocols with aspects of knowledge of the agents. Since BAN-logic, there have been several initiatives and attempts to incorporate epistemics into the analysis of security proto-cols. In this paper, we give an overview of work in the field and present it in a unified perspective, with comparisons on technical subtleties that have been employed in different approaches. Also, we study to which degree the use of epistemics is essential for the analysis of security protocols. We look for formal conditions under which knowledge modalities can bring extra expressive power to pure temporal languages. On the other hand, we discuss the cost of the epistemic operators in terms of model checking complexity.
Knowing that, Knowing what, and Public Communication: Public Announcement Logic with Kv Operators
- PROCEEDINGS OF THE TWENTY-THIRD INTERNATIONAL JOINT CONFERENCE ON ARTIFICIAL INTELLIGENCE
"... In his seminal work [Plaza, 1989], Plaza proposed the public announcement logic (PAL), which is considered as the pilot logic in the field of dynamic epistemic logic. In the same paper, Plaza also introduced an interesting “know-value” operator Kv and listed a few valid formulas of PAL+Kv. However, ..."
Abstract
-
Cited by 6 (4 self)
- Add to MetaCart
In his seminal work [Plaza, 1989], Plaza proposed the public announcement logic (PAL), which is considered as the pilot logic in the field of dynamic epistemic logic. In the same paper, Plaza also introduced an interesting “know-value” operator Kv and listed a few valid formulas of PAL+Kv. However, it is unknown that whether these formulas, on top of the axioms for PAL, completely axiomatize PAL+Kv. In this paper, we first give a negative answer to this open problem. Moreover, we generalize the Kv operator and show that in the setting of PAL, replacing the Kv operator with its generalized version does not increase the expressive power of the resulting logic. This suggests that we can simply use the more flexible generalization instead of the original PAL+Kv. As the main result, we give a complete proof system for PAL plus the generalized operator based on a complete axiomatization of epistemic logic with the same operator in the single-agent setting.
LDYIS: a Framework for Model Checking Security Protocols
, 2008
"... We present a formalism for the automatic verification of security protocols based on multi-agent systems semantics. We give the syntax and semantics of a temporal-epistemic securityspecialised logic and provide a lazy-intruder model for the protocol rules that we argue to be particularly suitable f ..."
Abstract
-
Cited by 5 (1 self)
- Add to MetaCart
We present a formalism for the automatic verification of security protocols based on multi-agent systems semantics. We give the syntax and semantics of a temporal-epistemic securityspecialised logic and provide a lazy-intruder model for the protocol rules that we argue to be particularly suitable for verification purposes. We exemplify the technique by finding a (known) bug in the traditional NSPK protocol.
