Time-bounded task-PIQAs: A framework for analyzing security protocols

Ran Canetti*, Ling Cheung, Dilsun Kaynar, Moses Liskov, Nancy Lynch, Olivier Pereira, Roberto Segala

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review


We present the Time-Bounded Task-PIOA modeling framework, an extension of the Probabilistic I/O Automata (PIOA) framework that is intended to support modeling and verification of security protocols. Time-Bounded Task-PIOAs directly model probabilistic and non-deterministic behavior, partial-information adversarial scheduling, and time-bounded computation. Together, these features are adequate to support modeling of key aspects of security protocols, including secrecy requirements and limitations on the knowledge and computational power of adversarial parties. They also support security protocol verification, using methods that are compatible with informal approaches used in the computational cryptography research community. We illustrate the use of our framework by outlining a proof of functional correctness and security properties for a well-known Oblivious Transfer protocol.

Original languageEnglish
Title of host publicationDistributed Computing - 20th International Symposium, DISC 2006, Proceedings
PublisherSpringer Verlag
Number of pages16
ISBN (Print)3540446249, 9783540446248
StatePublished - 2006
Externally publishedYes
Event20th International Symposium on Distributed Computing, DISC 2006 - Stockholm, Sweden
Duration: 18 Sep 200620 Sep 2006

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume4167 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Conference20th International Symposium on Distributed Computing, DISC 2006


FundersFunder number
Directorate for Computer and Information Science and Engineering0121277, 0326277


    Dive into the research topics of 'Time-bounded task-PIQAs: A framework for analyzing security protocols'. Together they form a unique fingerprint.

    Cite this