Term-based composition of security protocols



Similar documents
Example What is the minimum bandwidth for transmitting data at a rate of 33.6 kbps without ISI?

Dynamic Magnification Factor of SDOF Oscillators under. Harmonic Loading

Improper Integrals. Dr. Philippe B. laval Kennesaw State University. September 19, f (x) dx over a finite interval [a, b].

Phys222 W12 Quiz 2: Chapters 23, 24. Name: = 80 nc, and q = 30 nc in the figure, what is the magnitude of the total electric force on q?

One Practical Algorithm for Both Stochastic and Adversarial Bandits

STRATEGIC PLANNING COMMITTEE Wednesday, February 17, 2010

Influence of Network Load on the Performance of Opportunistic Scanning

Reuse-Based Test Traceability: Automatic Linking of Test Cases and Requirements

Efficient One-time Signature Schemes for Stream Authentication *

The Application of Multi Shifts and Break Windows in Employees Scheduling

Detecting Network Intrusions via Sampling : A Game Theoretic Approach

Single-machine Scheduling with Periodic Maintenance and both Preemptive and. Non-preemptive jobs in Remanufacturing System 1

TEMPORAL PATTERN IDENTIFICATION OF TIME SERIES DATA USING PATTERN WAVELETS AND GENETIC ALGORITHMS

Regular Sets and Expressions

Inductance and Transient Circuits

Reasoning to Solve Equations and Inequalities

PROFIT TEST MODELLING IN LIFE ASSURANCE USING SPREADSHEETS PART ONE

Module 4. Single-phase AC circuits. Version 2 EE IIT, Kharagpur

Principal components of stock market dynamics. Methodology and applications in brief (to be updated ) Andrei Bouzaev, bouzaev@ya.

Human Body Tracking with Auxiliary Measurements

USE OF EDUCATION TECHNOLOGY IN ENGLISH CLASSES

Appendix A: Area. 1 Find the radius of a circle that has circumference 12 inches.

Duration and Convexity ( ) 20 = Bond B has a maturity of 5 years and also has a required rate of return of 10%. Its price is $613.

3.1. Overview Serial Devices to Ethernet Gateway

Task is a schedulable entity, i.e., a thread

Math 135 Circles and Completing the Square Examples

Chapter 8: Regression with Lagged Explanatory Variables

ANALYSIS AND COMPARISONS OF SOME SOLUTION CONCEPTS FOR STOCHASTIC PROGRAMMING PROBLEMS

4 Convolution. Recommended Problems. x2[n] 1 2[n]

Distributing Human Resources among Software Development Projects 1

Term Structure of Prices of Asian Options

Individual Health Insurance April 30, 2008 Pages

Automatic measurement and detection of GSM interferences

Optimal Contracts in a Continuous-Time Delegated Portfolio Management Problem

Measuring macroeconomic volatility Applications to export revenue data,


Multiprocessor Systems-on-Chips

MTH6121 Introduction to Mathematical Finance Lesson 5

EQUATIONS OF LINES AND PLANES

Photo Modules for PCM Remote Control Systems

Information Technology Investment and Adoption: A Rational Expectations Perspective

Option Put-Call Parity Relations When the Underlying Security Pays Dividends

IR Receiver Module for Light Barrier Systems

Chapter 1.6 Financial Management

Time Series Analysis Using SAS R Part I The Augmented Dickey-Fuller (ADF) Test

Outline. Numerical Analysis Boundary Value Problems & PDE. Exam. Boundary Value Problems. Boundary Value Problems. Solution to BVProblems

GUIDE GOVERNING SMI RISK CONTROL INDICES

17 Laplace transform. Solving linear ODE with piecewise continuous right hand sides


INTRODUCTION TO FORECASTING

Botnet Detection by Monitoring Group Activities in DNS Traffic

Life insurance cash flows with policyholder behaviour

DETERMINISTIC INVENTORY MODEL FOR ITEMS WITH TIME VARYING DEMAND, WEIBULL DISTRIBUTION DETERIORATION AND SHORTAGES KUN-SHAN WU

Caring for trees and your service

TSG-RAN Working Group 1 (Radio Layer 1) meeting #3 Nynashamn, Sweden 22 nd 26 th March 1999

How To Understand The Rules Of The Game Of Chess

Lec 2: Gates and Logic

SEASONAL ADJUSTMENT. 1 Introduction. 2 Methodology. 3 X-11-ARIMA and X-12-ARIMA Methods

STABILITY OF LOAD BALANCING ALGORITHMS IN DYNAMIC ADVERSARIAL SYSTEMS

CLASSIFICATION OF REINSURANCE IN LIFE INSURANCE

Stochastic Optimal Control Problem for Life Insurance

Department of Health & Human Services (DHHS) Centers for Medicare & Medicaid Services (CMS) Transmittal 1151 Date: November 16, 2012

Task-Execution Scheduling Schemes for Network Measurement and Monitoring

DYNAMIC MODELS FOR VALUATION OF WRONGFUL DEATH PAYMENTS

Signal Processing and Linear Systems I

Mortality Variance of the Present Value (PV) of Future Annuity Payments

Age Biased Technical and Organisational Change, Training and Employment Prospects of Older Workers

DDoS Attacks Detection Model and its Application

Analogue and Digital Signal Processing. First Term Third Year CS Engineering By Dr Mukhtiar Ali Unar

2. The econometric model

INTERFEROMETRIC TECHNIQUES FOR TERRASAR-X DATA. Holger Nies, Otmar Loffeld, Baki Dönmez, Amina Ben Hammadi, Robert Wang, Ulrich Gebhardt

A Bayesian Approach for Personalized Booth Recommendation

The Transport Equation

Chapter 2 Problems. 3600s = 25m / s d = s t = 25m / s 0.5s = 12.5m. Δx = x(4) x(0) =12m 0m =12m

On the degrees of irreducible factors of higher order Bernoulli polynomials

Detection of DDoS Attack in SIP Environment with Non-parametric CUSUM Sensor

Small Business Networking

Making a Faster Cryptanalytic Time-Memory Trade-Off

Factoring Polynomials

Resource allocation in multi-server dynamic PERT networks using multi-objective programming and Markov process.

An Empirical Comparison of Asset Pricing Models for the Tokyo Stock Exchange

How To Optimize Time For A Service In 4G Nework

adaptive control; stochastic systems; certainty equivalence principle; long-term

Predicting Stock Market Index Trading Signals Using Neural Networks

2 DIODE CLIPPING and CLAMPING CIRCUITS

Dependent Interest and Transition Rates in Life Insurance

LNG Pricing Differences across the Atlantic - a Comparison between the United States and Europe

Capacitors and inductors

The Grantor Retained Annuity Trust (GRAT)

Mathematics. Vectors. hsn.uk.net. Higher. Contents. Vectors 128 HSN23100

Transcription:

Term-sed composiion of securiy proocols B Genge P Hller R Ovidiu I Ign Peru ior Universiy of Trgu ures Romni genge@upmro phller@upmro oroi@engineeringupmro Technicl Universiy of Cluj poc Romni IosifIgn@csuclujro Asrc-In he conex of securiy proocol prllel composiion where messges elonging o differen proocols cn inersec ech oher we inroduce new prdigm: ermsed composiion (ie he composiion of messge componens lso nown s erms Firs we cree proocol specificion model y exending he originl srnd spces Then we provide erm composiion lgorihm sed on which new erms cn e consruced To ensure h securiy properies re minined we inroduce he concep of erm connecions o express he exising connecions eween erms nd encrypion conexs We illusre he proposed composiion process y using wo exising proocols I ITRODUCTIO Securiy proocols re communicion proocols in which pricipns use encrypion o send ech oher encoded informion Wih he rpid growh of he Inerne nd despere need o secure communicion in he ls few decdes he enion of mny reserchers hs een led owrds he nlysis of securiy proocols [] [] [3] [4] [5] [6] Recenly here hve een severl proposls developed o help he process of securiy proocol design using forml mehods nd ools [7] [8] [9] [0] [] [] [3] os of he proposed echniques use modulr pproch in he design process where he user is given se of smll proocols from which more complex proocols cn e consruced process lso nown s composiion [9] [0] [] In he exising composiion echniques uhors minly del wih he sequenil nd prllel composiion of securiy properies viewed s se of informion rnsmied over messges However he composiion of messge componens hs no een ddressed in proper mnner mening h users hve o solve he prolem of creing new messges on heir own Solving his prolem pprenly insignificn cn led o proocols which execue in hlf he ime he originl composed proocols do In ddiion he composiion process cn led o muliple resuls which mus e crefully nlyzed on messge level o increse proocol performnce In his pper we inroduce novel composiion prdigm: erm-sed composiion The composiion prolem is ddressed he messge level sed on syncicl consrucions nd nlysis This new prdigm is ddressed in he conex of prllel composiion where proocol messges inersec ech oher The resuling proocol conins no only se of unified messges u lso unified se of securiy properies (eg secrecy uhenicion inegriy The pper is srucured s follows Secion II inroduces he concep of -srnds used o model securiy proocols Securiy requiremens re ddressed in secion III In secion IV we presen he prolem of genering proocols using prllel composiion nd erm-sed composiion nd we propose erm composiion lgorihm We exemplify he composiion process y composing wo proocols II KOWLEDGE STRADS In his secion we riefly presen he concep of nowledge srnds (-srnds For more deiled presenion he reder is direced o consul he uhors previous wor [6] [7] A srnd is sequence of rnsmission nd recepion evens used o model proocol pricipns A collecion of srnds is clled srnd spce The srnd spce model ws inroduced y Freg Herzog nd Gumn in [5] nd exended y he uhors wih pricipn nowledge specilized sic ses nd explici erm consrucion in [5] [6] The resuling model is clled -srnd spce The res of his secion formlly defines he -srnd nd - srnd spce conceps By nlyzing he proocol specificions from he SPORE lirry [0] we cn conclude h proocol pricipns communice y exchnging erms consruced from elemens elonging o he following ses: R denoing he se of pricipn nmes; denoing he se of nonces (ie numer once used nd K denoing he se of crypogrphic eys If required oher ses cn e esily dded wihou ffecing he oher componens To denoe he encrypion ype used o cree crypogrphic erms we define he following funcion nmes: Funcme ::= s (secre ey ( p (pulic ey pv (prive ey h (hsh The ove-defined sic ses nd funcion nmes re used in he definiion of erms where we lso inroduce consrucors for piring nd encrypion: T :: = R K ( T T { T } ( Funcme( T where he symol is used o denoe n empy erm We use he symolt o denoe he se of ll suses of erms -444-577-8/08/$000 008 IEEE

The composiion process of wo erms nd ino noher erm implies h hs su-erms The su-erm relion is inducively defined s follows Definiion The su-erm relion is he smlles relion on erms such h: ; if or ; { } f ( 3 ( if or Before defining he concep of nowledge srnds we need o define noher elemen: clssifiers As suggesed y heir nmes clssifiers re used o clssify or cegorize nowledge srnds The cegories re creed sed on he ype of operion modeled y given nowledge srnd Formlly clssifiers re defined s: C :: C = R C ( Pricipn clssifier ( emory clssifier To denoe he rnsmission nd recepion of erms we use signed erms The occurrence of erm wih posiive sign denoes rnsmission while he occurrence of erm wih negive sign denoes recepion The se of rnsmission nd recepion sequences is denoed y ( ±T Definiion A -srnd (ie nowledge srnd is uple K c r s where K T denoes he nowledge corresponding o he modeled pricipn c C denoes he clssifier r R denoes he pricipn nme nd ( s ±T denoes he sequence of rnsmissions nd recepions A se of -srnds is clled -srnd spce The se of ll -srnd spces is denoed y Σ Le ς e - srnd spce nd s ς -srnd hen: We define he following mpping funcions: now s o mp he nowledge componen; ( clss ( s o mp he clssifier componen; pr ( s o mp he nme componen; srnd ( s o mp he erm sequence componen; A node is ny rnsmission or recepion of erm wrien s n = srnd ( s i where i is n ineger sisfying he condiion i lengh( s We define he erm( n funcion o mp he erm corresponding o given node; 3 Le n = srnd ( s i nd ( n = srnd s i + e wo consecuive nodes from he sme -srnd Then here exiss n edge n n in he sme -srnd; 4 Le n n e wo nodes If n is posiive node nd n is negive node elonging o differen - srnds hen here exiss n edge n n We define he sign( n funcion o mp he sign of given node (3 Fig shows n exmple specificion of Lowe s BA Concree Secure RPC [4] proocol in he descried - srnd spce model III SECURITY REQUIREETS The composiion of securiy proocols cn no e mde y simply dding messges o one proocol By inspecing he rher lrge numer of repored cs in he lierure [4] [8] [0] we cn gree h ny modificion rough upon proocol cn influence is exising securiy properies Bsed on hese concerns he uhors hve developed in previous pper [7] frmewor for verifying he composiliy of securiy proocols The mehod developed y he uhors requires he execuion of wo seps Firs we mus verify if secre erms from one proocol cn e found in insecure erms in he oher proocol By he concep insecure we men erms encryped wih insecure eys (eg session eys or erms h re sen ou clerly Second we mus verify if erms encryped wih he sme ey re srucurlly independen In oher words we mus verify if pricipns sed on erm srucures nd nowledge cn disinguish eween he given erms The firs requiremen is fulfilled y conducing syncicl verificion of he given proocol erms The proocol model used is he one presened in he previous secion Alongside he specificion he user hs o provide he erms considered o e secre for ech proocol For he second requiremen o e fulfilled we mus consruc he cnonicl specificion model proposed y he uhors in he sme pper This model elimines insniion-sed informion (eg A B K leving only essenil informion needed in he srucurl independence verificion process (eg n r r IV COPOSITIO A Genering proocols By using prllel composiion we cn produce severl disinc proocols For exmple given wo proocols P nd P ech of hem wih wo messges he proocols h cn e consruced re lised in Tle where Pi nd i j denoe messge indexes corresponding o Pj he wo proocols nd PxiPyj x y { } denoes concenion P P P P P P TLE I PROTOCOL AD ESSAGE SEQUECES GEERATED USIG PARALLEL ESSAGE COPOSITIO Wihou erm Wih erm composiion composiion P P P P P P P P P P - - P P P P P P P P P P -

A { A B K } B { B A K K } Figure Lowe s BA Concree Andrew Secure RPC represenion in he -srnd spce model ore formlly given wo proocols modeled in he - srnd spce ς ς Σ we genere new proocols using operions such s messge inerclion nd erm concenion essge inerclion denoes he process y which severl messges elonging o differen proocols re comined ogeher mininig he sme ime heir originl order of ppernce On he oher hnd erm concenion simply concenes wo erms wihou performing ny opimisions on he resuling erm The genered proocols re denoed y he se GenProPirs Ech elemen of his se conins sequence of erm pirs x y i j where he firs componen denoes erms rnsmied in he firs proocol nd he second componen denoes erms rnsmied in he second proocol ore formlly xi senterms ( ς y j senterms ( ς i senterms ( ς ( = j = senterms ς where senterms : Σ T is funcion mpping he se of sen erms in given proocol specificion defined s: senterms A { K B } s ( K { } s ( K = s ς i= lengh( srnd ( s ni = srnd ( s i sign( ni =+ ( ς erm( ni {} (4 This funcion lso mpps empy componens denoed y o model siuions where he second operion (ie erm concenion is no pplied As finl sep for he proocol generion process we mus chec h concened messges hve he sme source nd desinion pricipns If we find les one messge h does no sisfy his requiremen he enire proocol is removed from he lis B Securiy propery definiion The erm composiion process consrucs ll possile cominions of erms using wo given erms y modifying exising erms In he conex of securiy proocols hese cominions mus no desroy exising securiy properies In order o provide correc composiion we mus define he concep of securiy propery Becuse securiy proocols consis of pricipns exchnging erms securiy properies re creed y he rnsmied nd received erms ore specificlly i is he crypogrphic conex of ech erm in conjuncion wih he exchnge of erms from which securiy properies re consruced To formlly define securiy properies we inroduce wo new conceps: pril nd complee erm connecion Connecions eween erms denoe he exisence of se of common erms Pril connecions denoe he connecions eween free (ie unencryped erm nd n encryped one while complee connecions denoe he connecions eween wo encryped erms To express he exisence of pril nd complee connecion we inroduce wo operors ( ( _ _ : ± T T Σ ± T T Σ nd P ( ( _ _ : ± T T Σ ± T T Σ respecively C These operors denoe he connecion eween one node erm nd -srnd o noher node erm nd -srnd The firs componen of hese operors is clled pre-condiion nd he second is clled pos-condiion We define he following funcions cnode cerm csrnd o mp he node erm nd -srnd corresponding o pre-condiion or pos-condiion We sy h here is pril connecion eween wo erms nd if is su-erm of is no encryped nd hs crypogrphic consrucion or vicevers Formlly n s P n s if where (5 ( { } ( = { } ( f f ( = { } ( { } f f ( erm ( n erm( n n { ni i lengh ( srnd ( s } n ni i lengh( srnd ( s A complee connecion eween wo erms nd exiss only if is n encryped su-erm of nd hs crypogrphic consrucion or he non-crypogrphic componen of is su-erm of Formlly n s C n s if or where (6 = ( = { } f ( erm ( n erm( n { i ( ( } i ( ( f n n i lengh srnd s n n i lengh srnd s Definiion 3 A securiy propery ξ is collecion of pril nd complee connecions By he definiion given ove securiy propery is se of connecions eween erms This definiion is similr o he definiion of uhenicon ess given y Gumn in [0] The difference is h we define connecions no only eween erms rnsmied y differen nodes u lso eween su-erms This llows us o define complex securiy properies such s uhenicion u lso oher more sule ones such s secrecy By using erm connecions we cn model dependencies eween erms This ey spec is vil in he process of erm composiion ecuse y modifying one erm we mus

lso modify oher dependen erms o minin exising securiy properies C odeling dynmic nowledge As opposed o he sic (ie iniil nowledge here is noher ype of nowledge h cn e consruced y proocol pricipns: dynmic nowledge This ype of nowledge grows wih every erm h is received Dynmic nowledge is modeled s -srnd h communices wih he pricipn s -srnd using erm rnsmissions nd recepions Pricipns re modeled s pir of -srnds consising of one min pricipn -srnd nd memory - srnd modeling dynmic nowledge In he composiion process erms cn e modified For exmple hey cn e included in crypogrphic conex h cn no e creed y pricipn ecuse he given node crypogrphic eys hve no ye een received By modeling dynmic nowledge we re le o decide if he erms h mus e rnsmied y node cn e consruced In order o provide persisen model of he dynmic nowledge we consider h erms from his nowledge re sored in memory region h cn only e ccessed y he corresponding pricipn This memory region s menioned erlier is modeled s -srnd However ecuse communicion eween ech pricipn nd is ched memory mus e prive we consider n encryped communicion model using new funcion ype m nd ey The funcion is he sme while he ey is unique for ech user ex we propose n lgorihm for creing memory - srnds idenified y he clssc Given n iniil - srnd s h models he operions corresponding o pricipn y running he lgorihm we genere wo new -srnds pricipn -srnd s nd memory - srnd s The newly genered pricipn -srnd ddiionlly conins nodes modeling communicion wih he ched memory -srnd Receiving erm from he memory -srnd corresponds o he dynmic nowledge The erms received y memory -srnds re decoded rnsformed ino new nowledge nd dded o he exising nowledge The proposed lgorihm mes use of he genknow : T T T funcion o genere new nowledge sed on exising nowledge (sored s erm nd new received erm Algorihm emory -srnd generion: Genere memory communicion encrypion ey K m Iniilize he new -srnds: s = { now( s Km} C R r s = { now( s Km} C r For every posiive node n = srnd ( s i dd posiive node o s : ( C ( s now s r srnd s n = R 3 For every negive node n = srnd ( s i dd negive node o s nd genere new nowledge: ( C R ( { ( } ( s = now s r srnd s n + erm n m K m ( C ( { ( } ( s = now s r srnd s erm n m K m Le n e he ls posiive node from s Le = now( s K = now s K nd ( Le now = genknow( erm( n erm( n ( ( s = K C r srnd s R now m K m ( ( s = K C r srnd s + now m K m D Term composiion lgorihm In he proocol generion process descried secion A erms h re concened mus e composed in order o genere more performn proocols The composiion process cn ler erms minining he sme ime exising securiy properies Firs we consruc he connecion sequences eween proocol erms for he involved proocols Then we iniilize new -srnd spce y creing -srnds corresponding o pricipns The iniilizion process lso crees unified sic nowledge ses for every pricipn ex for every pir of concened erms resuled in he proocol generion phse we run he composiion lgorihm By modifying one erm we mus ensure h he erms from he connecion sequence re lso modified We ensure h pril connecions re minined y no modifying he crypogrphic conex of erms inining complee connecions however requires susequen modificion of dependen erms Afer performing ech erm composiion he memory - srnd lgorihm from secion C is run o consruc he memory -srnds Then for every erm rnsmied y pricipn -srnd we use he Consrucle : T T T predice o verify if he rnsmied erm cn e consruced from he exising sic nd dynmic nowledge senterms ς For wo concened erms ( ( ( senterms ς he composiion lgorihm is he following Algorihm Composiion: Consruc connecion sequences s securiy properies: ξ = n s n s s s ς Le { C P } Le ξ = { n s C P n s s s ς } Iniilize new -srnd spce: Le ς e he resuling -srnd spce For ech s ς ς do If ( s ς role( s role( s Le s = now( s role( s C R ς = ς { s } <> hen Le s ς : role( s role( s = nd s = K r c s

{ K ( } s = now s r c s EndFor 3 Compose wo erms: = Le = { } f ( { } f ( erm( n erm( n If f = f = hen If / ( c C c ξ : ( cerm( c = cnode( c = n ( cerm ( c = cnode( c = n hen = { } f ( / c c ξ If ( C : ( cerm( c cnode( c n = { } f ( = = hen @upde erm connecion sequence = { } f ( @upde erm connecion sequence 4 Genere memory -srnds @run Algorihm o consruc ς iniilized sep 5 Verify erm generion s s ς : clss s = C clss s = C Le ( R ( pr ( s = pr ( s Le n n e he ls posiive node from s nd s respecively If ( ( ( ( Consrucle erm n now s erm n hen @Accep ς @Rejec ς V COPOSITIO EXAPLE To illusre he composiion process we use wo proocols: Woo nd Lm Pi3 [6] nd Lowe s modified version of he Yhlom [8 9] proocol The -srnd represenion of he wo proocols cn e seen in Fig nd Fig 3 We use ς o model he -srnd spce corresponding o he Woo nd Lm Pi3 nd ς o model he - srnd spce corresponding o Lowe s Yhlom proocol The firs sep owrds he composiion of hese proocols consiss in verifying he ey-secrecy independence securiy requiremen formuled y he uhors in [7] To chieve his we specify he secre erms for he wo involved proocols For he firs proocol hese re no secre erms while he secre erms for he K (we consider h second proocol re pricipn nmes re pulic B { A B S K } A { A B S K } A s K Figure Woo nd Lm Pi3 represenion in he -srnd spce model A A B S K A { } s ( K A { A B S } s ( K Figure 3 Lowe s modified version of Yhlom s represenion in he - srnd spce model Becuse ( : senterms ς nd is no encryped he firs requiremen is no sisfied To llow he composiion of he wo proocols in he firs proocol mus e differen from in he second proocol We emphsize his spec y replcing wih in ς Becuse of spce considerions we only consruc complee connecions which ply crucil role in he composiion process In proocol ς we hve only one complee connecion: ( s K s ( K + s { A { } s ( K } s ( K ( B A B S K A C ( s K s ( K s ( K + A s B Becuse of erm srucure vrieies in proocol ς here re no complee connecions By using he seps descried in secion IVB we genere ll possile sequences of proocols resuling ol numer of 683 proocols Afer filering proocols for which concened erms hve differen source-desinion pricipns here remin ol numer of 408 proocols For ech proocol we cn pply he erm composiion lgorihm resuling new se of proocols One of he resuling proocols is shown in Fig 4 In order o selec he mos performn proocols we cn pply he minimum numer of messges principle A B S K S K K A { } s ( K { B K } s ( K { A K } ( S A B S K K s K

B { A B S K } A { A B S K } A { } s ( K Figure 4 Composed proocol or we cn consruc performnce evluion mehod which we consider o e pr of fuure wor As we cn see from Fig 4 he complee connecion is lso minined in he composed proocol In ddiion he second securiy requiremen formuled y he uhors in [7] ie messge independence is lso sisfied ecuse messges hve differen crypogrphicl srucures VI COCLUSIOS AD FUTURE WORK In his pper we proposed mehod for composing securiy proocol erms To define securiy properies emedded in proocols we inroduced he concep of pril nd complee connecions Our pproch modifies erms only in he sense of exending hem wih new componens hus preserving pril connecions Complee connecions re minined y modifying ll susequen erms dependen of he modified erm As fuure wor we inend o exend he proposed erm composiion lgorihm wih performnce-reled informion This would give users he possiiliy o choose he es suied proocol for given environmen However his is rher difficul o chieve sed only on informl specificions This is why we inend o consruc performnce evluion model h llows us o compre proocol performnce rher hn giving n exc ehvior in specific environmen { A { } s ( K } s ( K { A B S } s ( K { A K } s ( K S A B S K K { B K } ( s K REFERECES [] Adi A D Gordon A Clculus for Crypogrphic Proocols: he spi-clculus In Fourh AC Conference on Compuer nd Communicions Securiy AC Press pp 36-47 997 [] Andrew D Gordon Aln Jeffrey Auheniciy y Typing for Securiy Proocols Journl of Compuer Securiy (4 pp 45-50 003 [3] Cremers C Scyher documenion 004 ville hp://wwwwinuenl/~cremers/scyher [4] Cherine edows A Procedure for Verifying Securiy Agins Type Confusion Acs 6h IEEE Compuer Securiy Foundions Worshop (CSFW'03 p 6 003 [5] Genge Bel Iosif Ign An Asrc odel for Securiy Proocol Anlysis WSE TRASACTIOS on COPUTERS Issue Volume 6 pp 07-5 007 [6] Genge Bel Iosif Ign A yped specificion for securiy proocols Proceedings of he 5h WSE In Conf on D ewors Communicions nd Compuers Buchres Romni Ocoer 6-7 pp 3-8 006 [7] Cs J F Cremers Composiionliy of Securiy Proocols: A Reserch Agend Elecr oes Theor Compu Sci 4 pp 99-0 006 [8] S Andov Cs JF Cremers K Gjoseen S uw S jolsnes nd S Rdomirovic A frmewor for composiionl verificion of securiy proocols vier o pper 007 [9] Levene Buyn Building locs for secure services: Auheniced ey rnspor nd Rionl exchnge proocols Thesis 00 [0] Joshu D Gumn Securiy proocol design vi uhenicion ess In Proceedings of he 5h IEEE Compuer Securiy Foundions Worshop IEEE CS Press June 00 [] Hyun-Jin Choi Securiy proocol design y composiion Cmridge Universiy UK Technicl repor r 657 UCA-CL-TR- 657 ISS 476-986 006 [] Rn Cnei Tl Rin Universl Composiion wih Join Se In Proceedings of CRYPTO 003 Lecure oes in Compuer Science vol 79 Springer Verlg ew Yor pp 65-8 003 [3] A D A Dere J C ichell A Roy Proocol Composiion Logic (PCL Elecronic oes in Theoreicl Compuer Science Volume 7 April pp 3-358 007 [4] Gvin Lowe Some new cs upon securiy proocols In Proceedings of he 9 h Compuer Securiy Foundions Worshop IEEE Compuer Sociey Press pp 6-69 996 [5] F Jvier Thyer Freg Jonhn C Herzog Joshu D Gumn Srnd spces: Proving securiy proocols correc Journl of Compuer Securiy 7 9-30 999 [6] TYC Woo nd S S Lm A lesson on uhenicion proocol design Opering Sysems Review 994 [7] Genge Bel Iosif Ign Verifying he Independence of Securiy Proocols IEEE 3 rd Inernionl Conference on Inelligen Compuer Communicion nd Processing Cluj-poc Romni pp55-63 007 [8] Gvin Lowe Towrds compleeness resul for model checing of securiy proocols Technicl Repor 998/6 Dep of hemics nd Compuer Science Universiy of Leiceser 998 [9] Lwrence J Pulson Relions eween secres: Two forml nlyses of he Yhlom proocol Journl of Compuer Science 00 [0] --- SPORE Securiy Proocol Open Reposiory hp://wwwlsvens-cchnfr/spore

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information