A Rewriting-Based Inference System for the NRL Protocol Analyzer
|
|
- Henry White
- 8 years ago
- Views:
Transcription
1 A Rewriting-Based Inference System for the NRL Protocol Analyzer Santiago Escobar Cathy Meadows José Meseguer UIUC NRL UIUC (UPV, Valencia, Spain) PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE 9-10
2 Outline ➀ Motivation ➁ Inference System through the NSPK Example Top Level Grammar Generation Level Reachability Analysis Level ➂ Conclusions & long-term goals PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
3 MOTIVATION Motivation The NRL Protocol Analyzer (NPA) have been used with great effect on a number of complex real-life protocols NPA successful because of its ability to use inductive techniques (formal languages) to drastically limit the infinite search space However, lack of an independent formal specification and model of NPA. Basic techniques are closely intertwined with other features. PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
4 MOTIVATION Motivation The NRL Protocol Analyzer (NPA) have been used with great effect on a number of complex real-life protocols NPA successful because of its ability to use inductive techniques (formal languages) to drastically limit the infinite search space However, lack of an independent formal specification and model of NPA. Basic techniques are closely intertwined with other features. Main Contribution Give a precise formal specification within the rewriting framework: 1. its backwards reachability analysis 2. its grammar-based techniques for invariant generation PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE a
5 MOTIVATION Benefits Formal specification in a system accessible to a large community of researchers Inference system specified as a set of rewrite rules modulo an equational theory describing the behavior of the cryptographic algorithms involved Extension of the equational theory with other algebraic properties of the underlying cryptographic functions Allows us to make use of theorems from rewriting logic to prove open conjectures about properties of the NPA inference system. Comparison with other narrowing-based tools and techniques PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
6 INFERENCE SYSTEM Inference System Parametric on (Σ, R P, E) Σ is a protocol-specific signature (with type information) R P is the rewrite rules describing the protocol E is the equational theory describing the underlying algebraic properties (encryption/decryption) Two things: 1. Protocols (Notation, Semantics, Role in NPA) 2. Grammars (Notation, Semantics, Role in NPA) PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
7 INFERENCE SYSTEM The NSPK Example Signature Σ : pk : Name Msg Enc sk : Name Msg Enc n : Name Integer Nonce r, r : Integer ; : Msg Msg Msg Equational Theory E : pk(y, sk(y, Z)) = Z sk(y, pk(y, Z)) = Z Protocol rules R P : (p1) pk(b, A; n(a, r)) (p2) pk(a, n(a, r); Z) pk(b, Z), final(a, B; n(a, r)) (p3) pk(b, A; Z) pk(a, Z; n(b, r)) (p4) pk(b, A; Z), pk(b, n(b, r )) final(b, A; n(b, r )) (p5) M 1, M 2 M 1 ; M 2 (p7) M sk(y, M) (p6a) M 1 ; M 2 M 1 (p8) M pk(y, M) (p6b) M 1 ; M 2 M 2 PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
8 INFERENCE SYSTEM Grammars Used by the NPA to reduce the search space obtained by narrowing when performing backwards reachability analysis Each grammar starts with a seed term and is generated by backwards narrowing via the protocol rules Grammars are described in terms of constraints: 1. Terms that the intruder is not expected to know (such as secret keys) (Y / I) 2. Instances of the seed term that the intruder may be able to learn (Y t) 3. Recursive calls to know whether some subterm is in the language of the grammar (Y L) PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
9 INFERENCE SYSTEM The NSPK Example Grammars Seed term sd 1 = Y / I X; Y L (g1.0) Y / I, Y A; n(a, r) X; Y L (g1.1) W L pk(a, n(a, r); sk(b, W )) L (g1.2) W L W ; M 2 L (g1.4) W L pk(y, W ) L (g1.3) W L M 1 ; W L (g1.5) W L sk(y, W ) L Seed term sd 2 = Y / I pk(x, Y ) L (g2.0) Z / I, ZZ ; n(b, r) pk(r, Z) L (g2.1) Y / I, Y Z ; n(b, r) pk(a, n(a, r); Y ) L (g2.2a) Y L (Y ; M 2 ) L (g2.3) Y L pk(y, Y ) L (g2.2b) Y L (M 1 ; Y ) L (g2.4) Y L sk(y, Y ) L PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
10 INFERENCE SYSTEM TOP LEVEL Top Level - NSPK (1) Grammar Generation: where G 0 sd 1 = {sd 1 } and G 0 sd 2 = {sd 2 } G 0 = G 0 sd 1, G 0 sd 2 P,G0 G 1 = G 1 sd 1, G 0 sd 2 P,G1 G 2 = G! sd 1, G 0 sd 2 P,G2 G 3 = G! sd 1, G! sd 2 (2) Reachability Analysis: Useless backwards narrowing derivations are cut by grammars: pk(b, n(b, r)),... M 1 ; pk(b, n(b, r)),... P,G using protocol rule p6b (M 1 ; M 2 ) M 2, but G! sd 1, (pk(b, n(b, r))/ I) (M 1 ; pk(b, n(b, r))) L using g1.0 (Y / I, Y A; n(a, r) X; Y L) PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
11 INFERENCE SYSTEM GRAMMAR GENERATION Grammar Generation - NSPK Consider G 2 = G! sd 1, G 0 sd 2 P,G2 G 3 = G! sd 1, G! sd 2 with G 0 sd 2 = {sd 2 = Y / I pk(x, Y ) L} For each backwards narrowing step sd 2 σ,p,g2,g 0 sd 2 g, apply some heuristics and generate a new grammar rule or constraint to be included in G! sd 2. For example, Z / I pk(r, Z) L σ,p,g2,g 0 Z / I pk(a, n(a, r); Z) L g sd 2 heuristics G 0 sd2,s1(sd 2, id, g ) =, { Y / I pk(a, n(a, r); Y ) L } G! sd 2 = optimize(newgrammar S1 (G 0 sd 2,..., Y / I pk(a, n(a, r); Y ) L,...})) PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
12 INFERENCE SYSTEM GRAMMAR GENERATION Dependencies in Grammar Generation newgrammars(g, C, H) G i P,Gi G i+1 α(g, C) β(g, C) b G removecontrainsts(g) c c optimize(g) removerules(g) G i, D C R 1 G C, H, G P,Gi,G k j,s C, H, G heuristics G k j,s (g, σ, g ) R 1 G k j g σ,p,gi,g k j σ,r 1 P,E P g PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
13 INFERENCE SYSTEM GRAMMAR GENERATION The relation G i P,Gi G i+1 G i P,Gi G i+1 if G i = G! 1,..., G! j 1, Gk j,..., Gk n n, G i+1 = G! 1,..., G! j 1, Gk+1 j,..., G k n n, and G k+1 j G k j ; where,, G k j! P,G i C, H, and,g k j,s = optimize(newgrammar s (G k j, C, H)) G k+1 j PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
14 INFERENCE SYSTEM GRAMMAR GENERATION The Backwards Narrowing Relation g σ,p,gi,g k j g g σ,p,gi,g k j g if g σ,r 1 P,E P g, g! R 1 G k j g, and g is G i -expandable g c 1,..., c k (t 1,..., t n ) L is G i -expandable iff (i) there is no c i and t j such that c i (t j I), (ii) for each c i of the form (ut), θ : θ(u) θ(t), and (iii) for each t j, G i, (c 1,..., c k ) (t i L). PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
15 INFERENCE SYSTEM GRAMMAR GENERATION The Operator heuristics G k j,s(g, σ, g ) H1 s i, p Pos(s i ) : G k j, D (s i p L) heuristics G k j,s(g, σ, g ) =, {Y L s i [Y ] p L} H2a H2b d i D : d i (u / I) u X heuristics G k j,s(g, σ, g ) = {Xu}, σ(t) t c i C : c i (X L) heuristics G k j,s(g, σ, g ) = {tσ(t)}, H3 d i D, s j, p Pos(s j ) : d i (s j p I) heuristics G k j,s(g, σ, g ) =, {Y I s j [Y ] p L} PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
16 INFERENCE SYSTEM GRAMMAR GENERATION Grammar Generation (More Examples) - NSPK For example, sd 2 Z / I pk(r, Z) L id,p,gi,g g Z / I pk(r, Z); M k j 2 L heuristics G0,S1(g, id, g ) =, {Y L Y ; M 2 L} G! sd 2 = optimize(newgrammar S1 (G 0 sd 2,..., Y L Y ; M 2 L,...})) For example, sd 2 Z / I pk(r, Z) L [Z/A;n(A,r)],P,Gi,G g A; n(a, r) / I k j heuristics G0,S1(g, id, g ) = {ZA; n(a, r)}, G! sd 2 = optimize(newgrammar S1 (G 0 sd 2,..., ZA; n(a, r),...})) PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
17 INFERENCE SYSTEM REACHABILITY ANALYSIS Reachability Analysis - NSPK final(b, A; n(b, r)), ɛ P,G (pk(b, A; Z), pk(b, n(b, r))), w 1 P,G pk(b, n(b, r))), w 2 n(b, r), w 3 P,G pk(y, n(b, r)), w 4 P,G pk(a, n(a, P,G r ); n(b, r)), w 5 pk(b, A; n(a, P,G r )), w 6 A; n(a, P,G r ), w 7 1. A I : {N A, A} KI 2. I A B : {K A, A} KB 3. B A : {N A, N B } KA 4. A I : {N B } KI 5. I B : {N B } KB P,G pk(y, A; n(a, r )), w 8 P,G, w 9 PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
18 INFERENCE SYSTEM REACHABILITY ANALYSIS Reachability Analysis t, w P,G t, σ(t p.w) if t p σ,r 1 P,E P t and for each s i t, G, ctr(w) (s i / I) and G, ctr(w) (s i L); where ctr(u 1..u n ) = (u 1 / I,..., u n / I). PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
19 INFERENCE SYSTEM REACHABILITY ANALYSIS Conclusions & long-term goals Precise rewriting-based formalization of the NPA inference system: grammar generation mechanisms and narrowing-based backwards reachability analysis. 1. Implementation of our rewrite-rule based inference system in Maude 2. Experimentation with such an implementation, and comparison with the original NPA tool. 3. Generalization of our inference system to handle equational theories for the underlying cryptography 4. Development of a next-generation NPA-like tool based on such a generalized inference system 5. The meta-logical properties of the current inference system PROTOCOL EXCHANGE MEETING 2005, BALTIMORE, JUNE
STATUS REPORT ON MAUDE-NPA TOOL
STATUS REPORT ON MAUDE-NPA TOOL Catherine Meadows Santiago Escobar Jose Meseguer September 28, 2006 1 GOAL Extend standard free algebra model of crypto protocol analysis to deal with algebraic properties
More informationMaude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties
Maude-NPA: Cryptographic Protocol Analysis Modulo Equational Properties Santiago Escobar 1, Catherine Meadows 2, and Jose Meseguer 2 1 Universidad Politecnica de Valencia, Spain. sescobar@dsic.upv.es 2
More informationEffective Symbolic Protocol Analysis via Equational Irreducibility Conditions
Effective Symbolic Protocol Analysis via Equational Irreducibility Conditions Serdar Erbatur 1, Santiago Escobar 2, Deepak Kapur 3, Zhiqiang Liu 4, Christopher Lynch 4, Catherine Meadows 5, José Meseguer
More informationFormal Methods in Security Protocols Analysis
Formal Methods in Security Protocols Analysis Li Zhiwei Aidong Lu Weichao Wang Department of Computer Science Department of Software and Information Systems University of North Carolina at Charlotte Big
More informationFormal Modelling of Network Security Properties (Extended Abstract)
Vol.29 (SecTech 2013), pp.25-29 http://dx.doi.org/10.14257/astl.2013.29.05 Formal Modelling of Network Security Properties (Extended Abstract) Gyesik Lee Hankyong National University, Dept. of Computer
More informationModule: Applied Cryptography. Professor Patrick McDaniel Fall 2010. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Applied Cryptography Professor Patrick McDaniel Fall 2010 Page 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationModel Checking Security Protocols
David Basin, Cas Cremers, Catherine Meadows Model Checking Security Protocols Draft manuscript October 22, 2012 Springer 2 24.1 Introduction Cryptographic protocols are communication protocols that use
More informationStatic Program Transformations for Efficient Software Model Checking
Static Program Transformations for Efficient Software Model Checking Shobha Vasudevan Jacob Abraham The University of Texas at Austin Dependable Systems Large and complex systems Software faults are major
More informationThe Advantages of Automatic Protocol Creation
AUTOMATIC PROTOCOL CREATION FOR INFORMATION SECURITY SYSTEM Mr. Arjun Kumar arjunsingh@abes.ac.in ABES Engineering College, Ghaziabad Master of Computer Application ABSTRACT Now a days, security is very
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More informationHow to Formally Model Features of Network Security Protocols
, pp.423-432 http://dx.doi.org/10.14257/ijsia How to Formally Model Features of Network Security Protocols Gyesik Lee Dept. of Computer & Web Information Engineering Hankyong National University Anseong-si,
More informationDiscovering Attacks on Security Protocols by Refuting Incorrect Inductive Conjectures
Discovering Attacks on Security Protocols by Refuting Incorrect Inductive Conjectures Graham J. Steel E H U N I V E R S I T Y T O H F G R E D I N B U Doctor of Philosophy Centre for Intelligent Systems
More informationPublic Key Encryption Protocols And Their Models
APPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS Catherine Meadows Code 5543 Center for High Assurance Computer Systems US Naval Research Laboratory Washington, DC 20375 meadows@itd.nrl.navy.mil
More informationSummary of Last Lecture. Automated Reasoning. Outline of the Lecture. Definition. Example. Lemma non-redundant superposition inferences are liftable
Summary Automated Reasoning Georg Moser Institute of Computer Science @ UIBK Summary of Last Lecture C A D B (C D)σ C s = t D A[s ] (C D A[t])σ ORe OPm(L) C s = t D u[s ] v SpL (C D u[t] v)σ C s t Cσ ERR
More informationArchitecture and Design for a Secure IM -Team 04: Discovery. Carl Nayak, Swanand Abhyankar Snowvee Gonsalves Sonali Kudtarkar
Architecture and Design for a Secure IM -Team 04: Discovery Carl Nayak, Swanand Abhyankar Snowvee Gonsalves Sonali Kudtarkar Features Secure Communication : Authentication, Confidentiality and Integrity
More informationTheories of Homomorphic Encryption, Unification, and the Finite Variant Property
Theories of Homomorphic Encryption, Unification, and the Finite Variant Property Fan Yang University of Illinois at Urbana-Champaign, USA fanyang6@illinois.edu Santiago Escobar DSIC-ELP, Universitat Politècnica
More informationAPPLYING FORMAL METHODS TO CRYPTOGRAPHIC PROTOCOL ANALYSIS: EMERGING ISSUES AND TRENDS
PPLYING FORML METHODS TO CRYPTOGRPHIC PROTOCOL NLYSIS: EMERGING ISSUES ND TRENDS Catherine Meadows Code 5543 Center for High ssurance Computer Systems US Naval Research Laboratory Washington, DC 20375
More informationLecture 13 - Basic Number Theory.
Lecture 13 - Basic Number Theory. Boaz Barak March 22, 2010 Divisibility and primes Unless mentioned otherwise throughout this lecture all numbers are non-negative integers. We say that A divides B, denoted
More informationThe Open-source Fixed-point Model Checker for Symbolic Analysis of Security Protocols
The Open-source Fixed-point Model Checker for Symbolic Analysis of Security Protocols Sebastian Mödersheim 1 Luca Viganò 2 1 IBM Zurich Research Laboratory, Switzerland, smo@zurich.ibm.com 2 Department
More informationFACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z
FACTORING POLYNOMIALS IN THE RING OF FORMAL POWER SERIES OVER Z DANIEL BIRMAJER, JUAN B GIL, AND MICHAEL WEINER Abstract We consider polynomials with integer coefficients and discuss their factorization
More informationQ: Why security protocols?
Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:
More informationModeling and verification of security protocols
Modeling and verification of security protocols Part I: Basics of cryptography and introduction to security protocols Dresden University of Technology Martin Pitt martin@piware.de Paper and slides available
More informationOperational Semantics of Security Protocols
Operational Semantics of Security Protocols Cas Cremers and Sjouke Mauw Eindhoven University of Technology, Department of Mathematics and Computer Science, P.O. Box 513, NL-5600 MB Eindhoven, The Netherlands.
More informationTowards the Correctness of Security Protocols
Electronic Notes in Theoretical Computer Science 83 (2004) URL: http://www.elsevier.nl/locate/entcs/volume83.html 46 pages Towards the Correctness of Security Protocols Mourad Debbabi 1 Panasonic Information
More informationInductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting
Inductive Analysis of Security Protocols in Isabelle/HOL with Applications to Electronic Voting Denis Butin 1 / 37 2 / 37 Introduction Network communication sensitive: banking, private correspondence,
More informationUnification and Narrowing in Security Applications
Unification and Narrowing in Security Applications Santiago Escobar Departamento de Sistemas Informáticos y Computación Universitat Politècnica de València sescobar@dsic.upv.es Santiago Escobar (UPValencia)
More informationCoverability for Parallel Programs
2015 http://excel.fit.vutbr.cz Coverability for Parallel Programs Lenka Turoňová* Abstract We improve existing method for the automatic verification of systems with parallel running processes. The technique
More informationCIS 433/533 - Computer and Network Security Public Key Crypto/ Cryptographic Protocols
CIS 433/533 - Computer and Network Security Public Key Crypto/ Cryptographic Protocols Professor Kevin Butler Winter 2010 Computer and Information Science Key Distribution/Agreement Key Distribution is
More informationCourse organization. Security Analysis of Network Protocols. Cryptographic Protocols. Computer Security. Security Analysis. Correctness vs Security
CS 259 Security Analysis of Network Protocols John Mitchell Stanford Vitaly Shmatikov SRI Course organization Lectures Tues, Thurs for approx first six weeks of quarter Project presentations last three
More informationHow to prove security of communication protocols?
1/37 Introduction on security protocols Modeling Verification Towards cryptographic guarantees How to prove security of communication protocols? Véronique Cortier, LORIA - CNRS, Nancy Colloquium Morgenstern,
More informationTowards a Metalogic for Security Protocol Analysis
Towards a Metalogic for Security Protocol Analysis (Extended Abstract) Carlos Caleiro 1 Luca Viganò 2 David Basin 2 1 CLC, Department of Mathematics, IST, Lisbon, Portugal cs.math.ist.utl.pt/ccal.html
More informationVerifying security protocols using theorem provers
1562 2007 79-86 79 Verifying security protocols using theorem provers Miki Tanaka National Institute of Information and Communications Technology Koganei, Tokyo 184-8795, Japan Email: miki.tanaka@nict.go.jp
More informationRSA and Primality Testing
and Primality Testing Joan Boyar, IMADA, University of Southern Denmark Studieretningsprojekter 2010 1 / 81 Correctness of cryptography cryptography Introduction to number theory Correctness of with 2
More informationSOLUTIONS FOR PROBLEM SET 2
SOLUTIONS FOR PROBLEM SET 2 A: There exist primes p such that p+6k is also prime for k = 1,2 and 3. One such prime is p = 11. Another such prime is p = 41. Prove that there exists exactly one prime p such
More informationLogic in general. Inference rules and theorem proving
Logical Agents Knowledge-based agents Logic in general Propositional logic Inference rules and theorem proving First order logic Knowledge-based agents Inference engine Knowledge base Domain-independent
More informationTo Infinity And Beyond or, Avoiding the infinite in security protocol analysis
To Infinity And Beyond or, Avoiding the infinite in security protocol analysis ABSTRACT James Heather Department of Computing University of Surrey Guildford, UK j.heather@surrey.ac.uk We investigate conditions
More informationSymbolic Protocol Analysis With an Abelian Group Operator or Diffie-Hellman Exponentiation
Symbolic Protocol Analysis With an Abelian Group Operator or Diffie-Hellman Exponentiation Jonathan Millen and Vitaly Shmatikov Computer Science Laboratory SRI International millen,shmat@csl.sri.com Abstract
More informationChapter 2 Remodulization of Congruences Proceedings NCUR VI. è1992è, Vol. II, pp. 1036í1041. Jeærey F. Gold Department of Mathematics, Department of Physics University of Utah Don H. Tucker Department
More informationNSPK Protocol Security Model Checking System Builder
, pp.307-316 http://dx.doi.org/10.14257/ijsia.2015.9.7.28 NSPK Protocol Security Model Checking System Builder Wang Yan, Liu Ying Information Engineering College, Zhongzhou University, Zhengzhou 450044;
More informationComputational Soundness of Symbolic Security and Implicit Complexity
Computational Soundness of Symbolic Security and Implicit Complexity Bruce Kapron Computer Science Department University of Victoria Victoria, British Columbia NII Shonan Meeting, November 3-7, 2013 Overview
More informationAN INDUSTRIAL AND ACADEMIC JOINT EXPERIMENT ON AUTOMATED VERIFICATION OF A SECURITY PROTOCOL
AN INDUSTRIAL AND ACADEMIC JOINT EXPERIMENT ON AUTOMATED VERIFICATION OF A SECURITY PROTOCOL OLIVIER HEEN IRISA, Lande Project, Rennes, France THOMAS GENET IRISA, Lande Project, Rennes, France STEPHANE
More informationCHAPTER 5. Number Theory. 1. Integers and Division. Discussion
CHAPTER 5 Number Theory 1. Integers and Division 1.1. Divisibility. Definition 1.1.1. Given two integers a and b we say a divides b if there is an integer c such that b = ac. If a divides b, we write a
More informationGrade Level Year Total Points Core Points % At Standard 9 2003 10 5 7 %
Performance Assessment Task Number Towers Grade 9 The task challenges a student to demonstrate understanding of the concepts of algebraic properties and representations. A student must make sense of the
More informationScalable Automated Symbolic Analysis of Administrative Role-Based Access Control Policies by SMT solving
Scalable Automated Symbolic Analysis of Administrative Role-Based Access Control Policies by SMT solving Alessandro Armando 1,2 and Silvio Ranise 2, 1 DIST, Università degli Studi di Genova, Italia 2 Security
More informationOverview. Essential Questions. Precalculus, Quarter 4, Unit 4.5 Build Arithmetic and Geometric Sequences and Series
Sequences and Series Overview Number of instruction days: 4 6 (1 day = 53 minutes) Content to Be Learned Write arithmetic and geometric sequences both recursively and with an explicit formula, use them
More informationU.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009. Notes on Algebra
U.C. Berkeley CS276: Cryptography Handout 0.1 Luca Trevisan January, 2009 Notes on Algebra These notes contain as little theory as possible, and most results are stated without proof. Any introductory
More informationA New Generic Digital Signature Algorithm
Groups Complex. Cryptol.? (????), 1 16 DOI 10.1515/GCC.????.??? de Gruyter???? A New Generic Digital Signature Algorithm Jennifer Seberry, Vinhbuu To and Dongvu Tonien Abstract. In this paper, we study
More informationCIS 5371 Cryptography. 8. Encryption --
CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.
More informationCORRELATED TO THE SOUTH CAROLINA COLLEGE AND CAREER-READY FOUNDATIONS IN ALGEBRA
We Can Early Learning Curriculum PreK Grades 8 12 INSIDE ALGEBRA, GRADES 8 12 CORRELATED TO THE SOUTH CAROLINA COLLEGE AND CAREER-READY FOUNDATIONS IN ALGEBRA April 2016 www.voyagersopris.com Mathematical
More information[Refer Slide Time: 05:10]
Principles of Programming Languages Prof: S. Arun Kumar Department of Computer Science and Engineering Indian Institute of Technology Delhi Lecture no 7 Lecture Title: Syntactic Classes Welcome to lecture
More informationParametric Attack Graph Construction and Analysis
Parametric Attack Graph Construction and Analysis Leanid Krautsevich Department of Computer Science, University of Pisa Largo Bruno Pontecorvo 3, Pisa 56127, Italy Istituto di Informatica e Telematica,
More informationPart 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext
Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private
More informationNumber Theory Hungarian Style. Cameron Byerley s interpretation of Csaba Szabó s lectures
Number Theory Hungarian Style Cameron Byerley s interpretation of Csaba Szabó s lectures August 20, 2005 2 0.1 introduction Number theory is a beautiful subject and even cooler when you learn about it
More informationChapter 2 Overview of Bluetooth Security
Chapter 2 Overview of Bluetooth Security The basic Bluetooth security configuration is done by the user who decides how a Bluetooth device will implement its connectability and discoverability options.
More informationIntroduction to Cryptography CS 355
Introduction to Cryptography CS 355 Lecture 30 Digital Signatures CS 355 Fall 2005 / Lecture 30 1 Announcements Wednesday s lecture cancelled Friday will be guest lecture by Prof. Cristina Nita- Rotaru
More informationHOMEWORK 5 SOLUTIONS. n!f n (1) lim. ln x n! + xn x. 1 = G n 1 (x). (2) k + 1 n. (n 1)!
Math 7 Fall 205 HOMEWORK 5 SOLUTIONS Problem. 2008 B2 Let F 0 x = ln x. For n 0 and x > 0, let F n+ x = 0 F ntdt. Evaluate n!f n lim n ln n. By directly computing F n x for small n s, we obtain the following
More information2.3. Proposition. There exists an enumeration operator W a such that χ A = W a (A ) for all A N.
THE ω-enumeration DEGREES IVAN N. SOSKOV Abstract. In the present paper we initiate the study of the partial ordering of the ω-enumeration degrees. This ordering is a semi-lattice which extends the semi-lattice
More informationA SOFTWARE COMPARISON OF RSA AND ECC
International Journal Of Computer Science And Applications Vol. 2, No. 1, April / May 29 ISSN: 974-13 A SOFTWARE COMPARISON OF RSA AND ECC Vivek B. Kute Lecturer. CSE Department, SVPCET, Nagpur 9975549138
More informationCUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631
Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.
More informationChapter 16: Authentication in Distributed System
Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal
More informationAutomata and Formal Languages
Automata and Formal Languages Winter 2009-2010 Yacov Hel-Or 1 What this course is all about This course is about mathematical models of computation We ll study different machine models (finite automata,
More informationRecent Developments on Algebraic Specification and Verification with CafeOBJ
Recent Developments on Algebraic Specification and Verification with CafeOBJ FUTATSUGI,Kokichi JAIST Workshop on Logic and Verification Kaga, Ishikawa, Japan 3 December 2015 1 / 33 An Important Key Technology
More informationThe Sieve Re-Imagined: Integer Factorization Methods
The Sieve Re-Imagined: Integer Factorization Methods by Jennifer Smith A research paper presented to the University of Waterloo in partial fulfillment of the requirement for the degree of Master of Mathematics
More informationStochastic Inventory Control
Chapter 3 Stochastic Inventory Control 1 In this chapter, we consider in much greater details certain dynamic inventory control problems of the type already encountered in section 1.3. In addition to the
More informationAdvanced Cryptography
Family Name:... First Name:... Section:... Advanced Cryptography Final Exam July 18 th, 2006 Start at 9:15, End at 12:00 This document consists of 12 pages. Instructions Electronic devices are not allowed.
More informationTranslating Combinatory Reduction Systems into the Rewriting Calculus
RULE 2003 Preliminary Version Translating Combinatory Reduction Systems into the Rewriting Calculus Clara Bertolissi, and Horatiu Cirstea, and Claude Kirchner INPL & University Nancy II & INRIA & LORIA
More informationINTRODUCTORY SET THEORY
M.Sc. program in mathematics INTRODUCTORY SET THEORY Katalin Károlyi Department of Applied Analysis, Eötvös Loránd University H-1088 Budapest, Múzeum krt. 6-8. CONTENTS 1. SETS Set, equal sets, subset,
More informationSecure Reactive Systems
Michael Backes Saarland University, Germany joint work with Birgit Pfitzmann and Michael Waidner Secure Reactive Systems Lecture at Tartu U, 02/27/06 Building Systems on Open Networks E-Government Hospital
More informationCryptography and Network Security, PART IV: Reviews, Patches, and11.2012 Theory 1 / 53
Cryptography and Network Security, PART IV: Reviews, Patches, and Theory Timo Karvi 11.2012 Cryptography and Network Security, PART IV: Reviews, Patches, and11.2012 Theory 1 / 53 Key Lengths I The old
More informationReal-time Streaming Encryption Algorithm. G. Margarov, M.Markosyan, Y. Alaverdyan
Real-time Streaming Encryption Algorithm G. Margarov, M.Markosyan, Y. Alaverdyan NPUA, YeTRI Armenia, Aghveran, 2015 Specifics of Real-Time Systems (RTS) Timely behavior Real-time domains have deadlines
More informationOn-the-fly Model Checking of Fair Non-repudiation Protocols
On-the-fly Model Checking of Fair Non-repudiation Protocols Guoqiang Li and Mizuhito Ogawa Japan Advanced Institute of Science and Technology Asahidai, Nomi, Ishikawa, 923-1292 Japan {guoqiang, mizuhito}@jaist.ac.jp
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationComputer and Network Security. Outline
Computer and Network Security Lecture 10 Certificates and Revocation Outline Key Distribution Certification Authorities Certificate revocation 1 Key Distribution K A, K B E KA ( K AB, E KB (KAB) ) K A
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationA Factoring and Discrete Logarithm based Cryptosystem
Int. J. Contemp. Math. Sciences, Vol. 8, 2013, no. 11, 511-517 HIKARI Ltd, www.m-hikari.com A Factoring and Discrete Logarithm based Cryptosystem Abdoul Aziz Ciss and Ahmed Youssef Ecole doctorale de Mathematiques
More informationIndiana State Core Curriculum Standards updated 2009 Algebra I
Indiana State Core Curriculum Standards updated 2009 Algebra I Strand Description Boardworks High School Algebra presentations Operations With Real Numbers Linear Equations and A1.1 Students simplify and
More informationWhat is Protocol Analysis?
What is Protocol Analysis? Francien Dechesne, Jan van Eijck, Wouter Teepe, Yanjing Wang The following is a transcript of one of the discussion sessions that took place during the Workshop on Games, Action
More informationDirect Methods for Solving Linear Systems. Matrix Factorization
Direct Methods for Solving Linear Systems Matrix Factorization Numerical Analysis (9th Edition) R L Burden & J D Faires Beamer Presentation Slides prepared by John Carroll Dublin City University c 2011
More informationSection 4.2: The Division Algorithm and Greatest Common Divisors
Section 4.2: The Division Algorithm and Greatest Common Divisors The Division Algorithm The Division Algorithm is merely long division restated as an equation. For example, the division 29 r. 20 32 948
More informationAbstraction by Set-Membership
Abstraction by Set-Membership Verifying Security Protocols and Web Services with Databases Sebastian A. Mödersheim Informatics and Mathematical Modelling, Technical University of Denmark, DK-2800 Kongens
More informationKey Management and Distribution
Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationComputing on Encrypted Data
Computing on Encrypted Data Secure Internet of Things Seminar David Wu January, 2015 Smart Homes New Applications in the Internet of Things aggregation + analytics usage statistics and reports report energy
More informationAutomated Theorem Proving - summary of lecture 1
Automated Theorem Proving - summary of lecture 1 1 Introduction Automated Theorem Proving (ATP) deals with the development of computer programs that show that some statement is a logical consequence of
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationComputer Security. Programming Language Methods in Computer Security. Plan. Orientation. Part I. Personal POPL timeline. How did I get here?
Programming Language Methods in Computer Security John Mitchell Stanford University Plan Perspective on computer security Protocol security Protocol examples basic rewriting model Incorporating probability
More informationPUTNAM TRAINING POLYNOMIALS. Exercises 1. Find a polynomial with integral coefficients whose zeros include 2 + 5.
PUTNAM TRAINING POLYNOMIALS (Last updated: November 17, 2015) Remark. This is a list of exercises on polynomials. Miguel A. Lerma Exercises 1. Find a polynomial with integral coefficients whose zeros include
More informationGeorgia Department of Education Kathy Cox, State Superintendent of Schools 7/19/2005 All Rights Reserved 1
Accelerated Mathematics 3 This is a course in precalculus and statistics, designed to prepare students to take AB or BC Advanced Placement Calculus. It includes rational, circular trigonometric, and inverse
More informationFast Automatic Security Protocol Generation
Fast Automatic Security Protocol Generation Hongbin Zhou Simon N. Foley Department of Computer Science University College, Cork, Ireland {zhou,s.foley}@cs.ucc.ie Abstract An automatic security protocol
More information1 = (a 0 + b 0 α) 2 + + (a m 1 + b m 1 α) 2. for certain elements a 0,..., a m 1, b 0,..., b m 1 of F. Multiplying out, we obtain
Notes on real-closed fields These notes develop the algebraic background needed to understand the model theory of real-closed fields. To understand these notes, a standard graduate course in algebra is
More informationApplications of Fermat s Little Theorem and Congruences
Applications of Fermat s Little Theorem and Congruences Definition: Let m be a positive integer. Then integers a and b are congruent modulo m, denoted by a b mod m, if m (a b). Example: 3 1 mod 2, 6 4
More informationAutomated Induction with Constrained Tree Automata,
Automated Induction with Constrained Tree Automata, Adel Bouhoula 1 and Florent Jacquemard 2 1 Higher School of Communications of Tunis (Sup Com), University of November 7th at Carthage, Tunisia adel.bouhoula@supcom.rnu.tn
More informationIs n a Prime Number? Manindra Agrawal. March 27, 2006, Delft. IIT Kanpur
Is n a Prime Number? Manindra Agrawal IIT Kanpur March 27, 2006, Delft Manindra Agrawal (IIT Kanpur) Is n a Prime Number? March 27, 2006, Delft 1 / 47 Overview 1 The Problem 2 Two Simple, and Slow, Methods
More informationCS3235 - Computer Security Third topic: Crypto Support Sys
Systems used with cryptography CS3235 - Computer Security Third topic: Crypto Support Systems National University of Singapore School of Computing (Some slides drawn from Lawrie Brown s, with permission)
More informationRow Echelon Form and Reduced Row Echelon Form
These notes closely follow the presentation of the material given in David C Lay s textbook Linear Algebra and its Applications (3rd edition) These notes are intended primarily for in-class presentation
More informationMathematics Cognitive Domains Framework: TIMSS 2003 Developmental Project Fourth and Eighth Grades
Appendix A Mathematics Cognitive Domains Framework: TIMSS 2003 Developmental Project Fourth and Eighth Grades To respond correctly to TIMSS test items, students need to be familiar with the mathematics
More informationALGEBRA 2 CRA 2 REVIEW - Chapters 1-6 Answer Section
ALGEBRA 2 CRA 2 REVIEW - Chapters 1-6 Answer Section MULTIPLE CHOICE 1. ANS: C 2. ANS: A 3. ANS: A OBJ: 5-3.1 Using Vertex Form SHORT ANSWER 4. ANS: (x + 6)(x 2 6x + 36) OBJ: 6-4.2 Solving Equations by
More informationThis paper is a follow-on to an earlier paper 1 and. An architecture for the Internet Key Exchange Protocol. by P.-C. Cheng
An architecture for the Internet Key Exchange Protocol by P.-C. Cheng In this paper we present the design, rationale, and implementation of the Internet Key Exchange (IKE) Protocol. This protocol is used
More informationMathematics. (www.tiwariacademy.com : Focus on free Education) (Chapter 5) (Complex Numbers and Quadratic Equations) (Class XI)
( : Focus on free Education) Miscellaneous Exercise on chapter 5 Question 1: Evaluate: Answer 1: 1 ( : Focus on free Education) Question 2: For any two complex numbers z1 and z2, prove that Re (z1z2) =
More information= 2 + 1 2 2 = 3 4, Now assume that P (k) is true for some fixed k 2. This means that
Instructions. Answer each of the questions on your own paper, and be sure to show your work so that partial credit can be adequately assessed. Credit will not be given for answers (even correct ones) without
More information