TY - JOUR
T1 - Analyzing security protocols using time-bounded task-PIOAs
AU - Canetti, Ran
AU - Cheung, Ling
AU - Kaynar, Dilsun
AU - Liskov, Moses
AU - Lynch, Nancy
AU - Pereira, Olivier
AU - Segala, Roberto
N1 - Funding Information:
Canetti’s work on this project was supported by NSF CyberTrust Grant #0430450. Cheung was supported by DFG/NWO bilateral cooperation project 600.050.011.01 Validation of Stochastic Systems (VOSS) and by NSF Award #CCR-0326227. Kaynar and Lynch were supported by DARPA/AFOSR MURI Award #F49620-02-1-0325, MURI AFOSR Award #SA2796PO 1-0000243658, NSF Awards #CCR-0326277 and #CCR-0121277, and USAF, AFRL Award #FA9550-04-1-0121, and Kaynar was supported by US Army Research Office grant #DAAD19-01-1-0485. Pereira was supported by the Belgian National Fund for Scientific Research (F.R.S.-FNRS), and Segala by MIUR project AIDA and by INRIA ARC project ProNoBiS.
PY - 2008/3
Y1 - 2008/3
N2 - This paper presents the time-bounded task-PIOA modeling framework, an extension of the probabilistic input/output automata (PIOA) framework that can be used for modeling and verifying security protocols. Time-bounded task-PIOAs can describe probabilistic and nondeterministic behavior, as well as time-bounded computation. Together, these features support modeling of important aspects of security protocols, including secrecy requirements and limitations on the computational power of adversarial parties. They also support security protocol verification using methods that are compatible with less formal approaches used in the computational cryptography research community. We illustrate the use of our framework by outlining a proof of functional correctness and security properties for a well-known oblivious transfer protocol.
AB - This paper presents the time-bounded task-PIOA modeling framework, an extension of the probabilistic input/output automata (PIOA) framework that can be used for modeling and verifying security protocols. Time-bounded task-PIOAs can describe probabilistic and nondeterministic behavior, as well as time-bounded computation. Together, these features support modeling of important aspects of security protocols, including secrecy requirements and limitations on the computational power of adversarial parties. They also support security protocol verification using methods that are compatible with less formal approaches used in the computational cryptography research community. We illustrate the use of our framework by outlining a proof of functional correctness and security properties for a well-known oblivious transfer protocol.
KW - Oblivious transfer
KW - Probabilistic input/output automata
KW - Security protocols
KW - Time-bounded task-PIOAs
UR - http://www.scopus.com/inward/record.url?scp=39549105169&partnerID=8YFLogxK
U2 - 10.1007/s10626-007-0032-1
DO - 10.1007/s10626-007-0032-1
M3 - ???researchoutput.researchoutputtypes.contributiontojournal.article???
AN - SCOPUS:39549105169
SN - 0924-6703
VL - 18
SP - 111
EP - 159
JO - Discrete Event Dynamic Systems: Theory and Applications
JF - Discrete Event Dynamic Systems: Theory and Applications
IS - 1
ER -