The Experts below are selected from a list of 4428 Experts worldwide ranked by ideXlab platform
Lida Wang - One of the best experts on this subject based on the ideXlab platform.
-
A Unification Algorithm for Analysis of Protocols with Blinded Signatures
Mechanizing Mathematical Reasoning, 2005Co-Authors: Deepak Kapur, Paliath Narendran, Lida WangAbstract:Analysis of authentication cryptographic Protocols, particularly finding flaws in them and determining a sequence of actions that an intruder can take to gain access to the information which a given Protocol purports not to reveal, has recently received considerable attention. One effective way of detecting flaws is to hypothesize an insecure state and determine whether it is possible to get to that state by a legal sequence of actions permitted by the Protocol from some legal initial state which captures the knowledge of the principals and the assumptions made about an intruder’s behavior. Relations among encryption and decryption functions as well as properties of number theoretic functions used in encryption and decryption can be specified as rewrite rules. This, for example, is the approach used by the NRL Protocol Analyzer, which uses narrowing to reason about such properties of cryptographic and number-theoretic functions.Following [15], a related approach is proposed here in which equation solving modulo most of these properties of cryptographic and number-theoretic functions is done by developing new unification algorithms for such theories. A new unification algorithm for an equational theory needed to reason about Protocols that use the Diffie-Hellman algorithm is developed. In this theory, multiplication forms an abelian group; exponentiation function distributes over multiplication, and exponents can commute. This theory is useful for analyzing Protocols which use blinded signatures. It is proved that the unification problem over this equational theory can be reduced to the unification problem modulo the theory of abelian groups with commuting homomorphisms with an additional constraint. Baader’s unification algorithm for the theory of abelian groups with commuting homomorphisms, which reduces the unification problem to solving equations over the polynomial ring over the integers with the commuting homomorphisms serving as indeterminates, is generalized to give a unification algorithm over the theory of abelian groups with commuting homomorphism with a linear constraint.It is also shown that the unification problem over a (simple) extension of the equational theory considered here (which is also an extension of the equational theory considered in [15]) is undecidable.
-
an e unification algorithm for analyzing Protocols that use modular exponentiation
Lecture Notes in Computer Science, 2003Co-Authors: Deepak Kapur, Paliath Narendran, Lida WangAbstract:Modular multiplication and exponentiation are common operations in modern cryptography. Unification problems with respect to some equational theories that these operations satisfy are investigated. Two different but related equational theories are analyzed. A unification algorithm is given for one of the theories which relies on solving syzygies over multivariate integral polynomials with noncommuting indeterminates. For the other theory, in which the distributivity property of exponentiation over multiplication is assumed, the unifiability problem is shown to be undecidable by adapting a construction developed by one of the authors to reduce Hilbert's 10th problem to the solvability problem for linear equations over semi-rings. A new algorithm for computing strong Grobner bases of right ideals over the polynomial ring Z is proposed; unlike earlier algorithms proposed by Baader as well as by Madlener and Reinert which work only for right admissible term orderings with the boundedness property, this algorithm works for any right admissible term ordering. The algorithms for some of these unification problems are expected to be integrated into Naval Research Lab.'s Protocol Analyzer (NPA), a tool developed by Catherine Meadows, which has been successfully used to analyze cryptographic Protocols, particularly emerging standards such as the Internet Engineering Task Force's (IETF) Internet Key Exchange [11] and Group Domain of Interpretation [12] Protocols. Techniques from several different fields - particularly symbolic computation (ideal theory and Groebner basis algorithms) and unification theory - are thus used to address problems arising in state-based cryptographic Protocol analysis.
Ir Sholeh Hadi Pramono - One of the best experts on this subject based on the ideXlab platform.
-
analisis pengaruh monitoring menggunakan port mirroring terhadap performansi jaringan untuk layanan video on demand vod melalui media serat optik
Jurnal Mahasiswa TEUB, 2015Co-Authors: Ir Endah Budi Purnomowati, Intan Pranestya Rahayu, Ir Sholeh Hadi PramonoAbstract:Layanan Video on Demand (VoD) adalah salah satu jenis layanan internet video yang setiap tahunnya mengalami kenaikan permintaan bandwidth. Tuntutan tersebut menjadikan serat optik sebagai media tranmisi utama yang digunakan untuk jaringan yang luas. Selain media transmisi, perangkat switching merupakan salah satu bagian utama dari jaringan komputer agar dapat berkomunikasi satu sama lain. Switch Manageable menyediakan fitur port mirroring yang digunakan untuk monitoring trafik switch dengan capturing trafik menggunakan bantuan Network Protocol Analyzer. Konfigurasi port mirroring pada switch berbasis nomor port switch, sehingga trafik pada port switch yang diamati akan diduplikasi oleh switch dan hasil duplikasi tersebut kemudian dikirim ke port mirroring. Hasil penelitian saat jam tidak sibuk dan sibuk menunjukkan bahwa pada penerapan port mirroring terjadi penurunan performansi jaringan saat jumlah port yang diamati melalui port mirroring bertambah. Throughput terkecil pada saat 4 port yang diamati yaitu sebesar 3,361 Mbps dan 3,243 Mbps. Packet Loss terbesar pada saat 4 port yang diamati yaitu sebesar 0,552% dan 4,140%. Delay end-to-end maksimum terbesar pada saat 4 port yang diamati yaitu sebesar 108,43 ms dan 113,03 ms. Kata Kunci – Monitoring, Port Mirroring, VoD, Performansi, Throughput, Packet Loss, Delay.
Rahayu Intanpranestya - One of the best experts on this subject based on the ideXlab platform.
-
Analisis Pengaruh Monitoring Menggunakan Port Mirroring Terhadap Performansi Jaringan Untuk Layanan Video On Demand (Vod) Melalui Media Serat Optik,
2015Co-Authors: Rahayu IntanpranestyaAbstract:Layanan Video On Demand (Vod) Adalah Salah Satu Jenis Layanan Internet Video Yang Setiap Tahunnya Mengalami Kenaikan Permintaan Bandwidth. Tuntutan Tersebut Menjadikan Serat Optik Sebagai Media Tranmisi Utama Yang Digunakan Untuk Jaringan Yang Luas. Selain Media Transmisi, Perangkat Switching Merupakan Salah Satu Bagian Utama Dari Jaringan Komputer Agar Dapat Berkomunikasi Satu Sama Lain. Switch Manageable Menyediakan Fitur Port Mirroring Yang Digunakan Untuk Monitoring Trafik Switch Dengan Capturing Trafik Menggunakan Bantuan Network Protocol Analyzer. Konfigurasi Port Mirroring Pada Switch Berbasis Nomor Port Switch, Sehingga Trafik Pada Port Switch Yang Diamati Akan Diduplikasi Oleh Switch Dan Hasil Duplikasi Tersebut Kemudian Dikirim Ke Port Mirroring. Hasil Penelitian Saat Jam Tidak Sibuk Dan Sibuk Menunjukkan Bahwa Pada Penerapan Port Mirroring Terjadi Penurunan Performansi Jaringan Saat Jumlah Port Yang Diamati Melalui Port Mirroring Bertambah. Throughput Terkecil Pada Saat 4 Port Yang Diamati Yaitu Sebesar 3,361 Mbps Dan 3,243 Mbps. Packet Loss Terbesar Pada Saat 4 Port Yang Diamati Yaitu Sebesar 0,552% Dan 4,140%. Delay End-To-End Maksimum Terbesar Pada Saat 4 Port Yang Diamati Yaitu Sebesar 108,43 Ms Dan 113,03 Ms
Catherine Meadows - One of the best experts on this subject based on the ideXlab platform.
-
maude npa cryptographic Protocol analysis modulo equational properties
Foundations of Security Analysis and Design V, 2009Co-Authors: Santiago Escobar, Catherine Meadows, Jose MeseguerAbstract:In this tutorial, we give an overview of the Maude-NRL Protocol Analyzer (Maude-NPA), a tool for the analysis of cryptographic Protocols using functions that obey different equational theories. We show the reader how to use Maude-NPA, and how it works, and also give some of the theoretical background behind the tool.
-
Equational Cryptographic Reasoning in the Maude-NRL Protocol Analyzer
Electronic Notes in Theoretical Computer Science, 2007Co-Authors: Santiago Escobar, Catherine Meadows, Jose MeseguerAbstract:The NRL Protocol Analyzer (NPA) is a tool for the formal specification and analysis of cryptographic Protocols that has been used with great effect on a number of complex real-life Protocols. One of the most interesting of its features is that it can be used to reason about security in face of attempted attacks on low-level algebraic properties of the functions used in a Protocol. Recently, we have given for the first time a precise formal specification of the main features of the NPA inference system: its grammar-based techniques for (co-)invariant generation and its backwards narrowing reachability analysis method; both implemented in Maude as the Maude-NPA tool. This formal specification is given within the well-known rewriting framework so that the inference system is specified as a set of rewrite rules modulo an equational theory describing the behavior of the cryptographic symbols involved. This paper gives a high-level overview of the Maude-NPA tool and illustrates how it supports equational reasoning about properties of the underlying cryptographic infrastructure by means of a simple, yet nontrivial, example of an attack whose discovery essentially requires equational reasoning. It also shows how rule-based programming languages such as Maude and complex narrowing strategies are useful to model, analyze, and verify Protocols.
-
formal specification and analysis of the group domain of interpretation Protocol using npatrl and the nrl Protocol Analyzer
Computer and Communications Security, 2004Co-Authors: Catherine Meadows, Paul Syverson, Iliano CervesatoAbstract:Although research has been going on in the formal analysis of cryptographic Protocols for a number of years, they are only slowly being integrated into the Protocol design process. In this paper we describe how we furthered the integration of analysis and design by working closely with the Multicast Security Working Group in the Internet Engineering Task Force on the analysis of a proposed Internet Standard, the Group Domain Of Interpretation (GDOI) Protocol. We describe the challenges that had to be met before the analysis could be successfully completed, and some of the challenges that still remain. Perhaps not surprisingly, some of the most challenging work was in understanding the security requirements for group Protocols in general. We give a detailed specification of the requirements for GDOI, describe our formal analysis of the Protocol with respect to these requirements, and show how our analysis impacted the development of GDOI.
-
extending formal cryptographic Protocol analysis techniques for group Protocols and low level cryptographic primitives
2000Co-Authors: Catherine MeadowsAbstract:Abstract : We have recently seen the development of a number of new tools for the analysis of cryptographic Protocols. Many of them are based on state exploration, that is, they try to find as many paths through the Protocol as possible, in the hope that, if there is an error, it will be discovered. But, since the search space offered by a cryptographic Protocol is infinite, this search alone cannot guarantee security if no attack is found. However, some state exploration tools do offer the ability to prove security results as well as find flaws by the use of theoretical results about the system that they are examining. In particular, the NRL Protocol Analyzer [4] allows its user to interactively prove lemmas that limit the size of its search space. If the resulting search space is finite, then it too can guarantee that a Protocol is secure by performing an exhaustive search. However, the ability to make such guarantees brings with it certain limitations. In particular, most of the systems developed so far model only a very limited set of cryptographic primitives, often only encryption (public and shared key) and concatenation. They also avoid low-level features of cryptographic algorithms, such as the commutativity and distributivity properties of RSA.
-
analysis of the internet key exchange Protocol using the nrl Protocol Analyzer
IEEE Symposium on Security and Privacy, 1999Co-Authors: Catherine MeadowsAbstract:We show how the NRL Protocol Analyzer, a special-purpose formal methods tool designed for the verification of cryptographic Protocols, was used in the analysis of the Internet Key Exchange (IKE) Protocol. We describe some of the challenges we faced in analyzing IKE, which specifies a set of closely related subProtocols, and we show how this led to a number of improvements to the Analyzer. We also describe the results of our analysis, which uncovered several ambiguities and omissions in the specification which would have made possible attacks on some implementations that conformed to the letter, if not necessarily the intentions, of the specifications.
Deepak Kapur - One of the best experts on this subject based on the ideXlab platform.
-
A Unification Algorithm for Analysis of Protocols with Blinded Signatures
Mechanizing Mathematical Reasoning, 2005Co-Authors: Deepak Kapur, Paliath Narendran, Lida WangAbstract:Analysis of authentication cryptographic Protocols, particularly finding flaws in them and determining a sequence of actions that an intruder can take to gain access to the information which a given Protocol purports not to reveal, has recently received considerable attention. One effective way of detecting flaws is to hypothesize an insecure state and determine whether it is possible to get to that state by a legal sequence of actions permitted by the Protocol from some legal initial state which captures the knowledge of the principals and the assumptions made about an intruder’s behavior. Relations among encryption and decryption functions as well as properties of number theoretic functions used in encryption and decryption can be specified as rewrite rules. This, for example, is the approach used by the NRL Protocol Analyzer, which uses narrowing to reason about such properties of cryptographic and number-theoretic functions.Following [15], a related approach is proposed here in which equation solving modulo most of these properties of cryptographic and number-theoretic functions is done by developing new unification algorithms for such theories. A new unification algorithm for an equational theory needed to reason about Protocols that use the Diffie-Hellman algorithm is developed. In this theory, multiplication forms an abelian group; exponentiation function distributes over multiplication, and exponents can commute. This theory is useful for analyzing Protocols which use blinded signatures. It is proved that the unification problem over this equational theory can be reduced to the unification problem modulo the theory of abelian groups with commuting homomorphisms with an additional constraint. Baader’s unification algorithm for the theory of abelian groups with commuting homomorphisms, which reduces the unification problem to solving equations over the polynomial ring over the integers with the commuting homomorphisms serving as indeterminates, is generalized to give a unification algorithm over the theory of abelian groups with commuting homomorphism with a linear constraint.It is also shown that the unification problem over a (simple) extension of the equational theory considered here (which is also an extension of the equational theory considered in [15]) is undecidable.
-
an e unification algorithm for analyzing Protocols that use modular exponentiation
Lecture Notes in Computer Science, 2003Co-Authors: Deepak Kapur, Paliath Narendran, Lida WangAbstract:Modular multiplication and exponentiation are common operations in modern cryptography. Unification problems with respect to some equational theories that these operations satisfy are investigated. Two different but related equational theories are analyzed. A unification algorithm is given for one of the theories which relies on solving syzygies over multivariate integral polynomials with noncommuting indeterminates. For the other theory, in which the distributivity property of exponentiation over multiplication is assumed, the unifiability problem is shown to be undecidable by adapting a construction developed by one of the authors to reduce Hilbert's 10th problem to the solvability problem for linear equations over semi-rings. A new algorithm for computing strong Grobner bases of right ideals over the polynomial ring Z is proposed; unlike earlier algorithms proposed by Baader as well as by Madlener and Reinert which work only for right admissible term orderings with the boundedness property, this algorithm works for any right admissible term ordering. The algorithms for some of these unification problems are expected to be integrated into Naval Research Lab.'s Protocol Analyzer (NPA), a tool developed by Catherine Meadows, which has been successfully used to analyze cryptographic Protocols, particularly emerging standards such as the Internet Engineering Task Force's (IETF) Internet Key Exchange [11] and Group Domain of Interpretation [12] Protocols. Techniques from several different fields - particularly symbolic computation (ideal theory and Groebner basis algorithms) and unification theory - are thus used to address problems arising in state-based cryptographic Protocol analysis.
