Modelling and Analysing of Security Protocol: Lecture 12 Probabilistic Modelling Checking of Anonymous Systems Tom Chothia CWI.

Slides:

Advertisements

Similar presentations

A Formal Analysis of Onion Routing 10/26/2007 Aaron Johnson (Yale) with Joan Feigenbaum (Yale) Paul Syverson (NRL)

Advertisements

Modelling and Analysing of Security Protocol: Lecture 8 Automatically Checking Protocols II Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 7 Automatically Checking Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking Tom Chothia CWI.

ITIS 6200/ Secure multiparty computation – Alice has x, Bob has y, we want to calculate f(x, y) without disclosing the values – We can only do.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

A Survey Anonymity and Anonymous File-Sharing Tom Chothia (Joint work with Konstantinos Chatzikokolakis)

The Andrew Protocol Corrected 1 A  B : {N A } K AB 2 B  A : {N A,N B } K AB 3 A  B : {N B } K AB 4 B  A : {K AB,N B,N A } K AB.

Probabilistic Methods in Concurrency Lecture 9 Other uses of randomization: a randomized protocol for anonymity Catuscia Palamidessi

Roberto Di Pietro, Luigi V. Mancini and Alessandro Mei.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中日期 :

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

Modelling and Analysing of Security Protocol: Lecture 3 Protocol Goals Tom Chothia CWI.

CSE331: Introduction to Networks and Security Lecture 21 Fall 2002.

Secure Localization using Dynamic Verifiers Nashad A. Safa Joint Work With S. Sarkar, R. Safavi-Naini and M.Ghaderi.

Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 9 Anonymous Protocols: Theory.

S A B D C T = 0 S gets message from above and sends messages to A, C and D S.

Modelling and Analysing of Security Protocol: Lecture 2 Cryptology for Protocols Analysis Tom Chothia CWI.

CSE331: Introduction to Networks and Security Lecture 20 Fall 2002.

Alice and Bob’s Revenge? AliceBob Elvis. If there is a protocol If there is a protocol then there must be a shortest protocol 1.Alice  Bob : ??? 2.Bob.

Learning Routing Paths in Anonymous Wireless Protocols Yu Jin Nishith Pathak.

Modelling and Analysing of Security Protocol: Lecture 5 BAN logic Tom Chothia CWI.

511 Friday Feb Math/Stat 511 R. Sharpley Lecture #15: Computer Simulations of Probabilistic Models.

CS 603 Dining Philosopher’s Problem February 15, 2002.

1 Freenet  Addition goals to file location: -Provide publisher anonymity, security -Resistant to attacks – a third party shouldn’t be able to deny the.

By Jyh-haw Yeh Boise State University ICIKM 2013.

CSC2535 Spring 2013 Lecture 2a: Inference in factor graphs Geoffrey Hinton.

Using Intents to Broadcast Events Intents Can be used to broadcast messages anonymously Between components via the sendBroadcast method As a result Broadcast.

The Computer Communication Lab (236340) Winter Resilient Packet Ring GUI Simulator Developed By: Anton Spirkov Slava

Privacy Enhancing Technologies Spring What is Privacy? “The right to be let alone” Confidentiality Anonymity Access Control Most privacy technologies.

Anonymous Digital Cash  Ashok Reddy  Madhu Tera  Laxminarayan Muktinutalapati (Lux)  Venkat Nagireddy.

Lesson 2-2 Example Solve. SCHOOL STORE The school store sold 22 pencils on Tuesday, 31 pencils on Wednesday, and 19 pencils on Thursday. How many.

A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F

Probabilistic Anonymity Mohit Bhargava, IIT New Delhi Catuscia Palamidessi, INRIA Futurs & LIX.

Probabilistic and Nondeterministic Aspects of Anonymity Catuscia Palamidessi, INRIA & LIX Based on joint work with Mohit Bhargava, IIT New Delhi Kostas.

Paris, 17 December 2007MPRI Course on Concurrency MPRI – Course on Concurrency Lecture 14 Application of probabilistic process calculi to security Catuscia.

LeongHW, SoC, NUS (UIT2201: Networks) Page 1© Leong Hon Wai, (MACP) Medium Access Control Protocol.

Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)

CSE 592 INTERNET CENSORSHIP (FALL 2015) LECTURE 19 PHILLIPA GILL - STONY BROOK U.

Properties of Numbers Vocabulary Distributive Property.

PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.

CS 6204, Spring 2005 Dining Cryptographers, Glenn Fink1 Dining Cryptographers Paper by David Chaum (1988) Presentation by Glenn Fink.

Chapter 11 Resource Allocation by Mikhail Nesterenko “Distributed Algorithms” by Nancy A. Lynch.

Network Architecture Protocol hierarchies Design Issues for the layers

Great Theoretical Ideas In Computer Science Anupam GuptaCS Fall 2006 Lecture 15Oct 17, 2006Carnegie Mellon University Algebraic Structures: Groups,

Software Security Seminar - 1 Chapter 4. Intermediate Protocols 발표자 : 이장원 Applied Cryptography.

Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Reverse Subtraction Objectives:  do a subtract by adding  check your answer by adding.

Activity 2 Keeping Yourself Secure. What Would You Do? Listen to each of the situations and watch the video that goes along with it. Think about what.

Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.

Verifiable Mixing Protocol How can a mixer prove its integrity?

Pigeonhole Principle. If n pigeons fly into m pigeonholes and n > m, then at least one hole must contain two or more pigeons A function from one finite.

Lecture 4 1 Honnor Projects Supervised by Catuscia Palamidessi The  -calculus, a small language for specification and verification of concurrency and.

Voting System Properties Most voting systems assume no collusion between more than one party for keys Most voting systems require a consistency check by.

Advanced Information Security 5 ECC Cryptography

SS 2017 Software Verification Probabilistic modelling – DTMC / MDP

CS154, Lecture 18:.

Analyzing Key Distribution and Authentication Protocols

Types of Angles & Their Relationships

اختر أي شخصية واجعلها تطير!

MIRACL & PBC Yung-Hsiang Liu.

Chapter 12 Section 2.

COMPUTER NETWORKS CS610 Lecture-42 Hammad Khalid Khan.

Add or Subtract? x =.

Objective - To add and subtract decimals.

Addition = 53 Addend - One of the numbers being added.

‘Crowds’ through a PRISM

Ethernet (Medium Access Control Protocol)

Presentation transcript:

Modelling and Analysing of Security Protocol: Lecture 12 Probabilistic Modelling Checking of Anonymous Systems Tom Chothia CWI

Today Model Checking for finite systems Specifying properties in CTL Dinning Philosophers BREAK Probabilistic finite systems Specifying probabilistic properties in PCTL Dinning Cryptographers

PCTL

Probabilistic Model Checking

Dinning Cryptographers

Dining Cryptographers Nodes form a ring Each adjacent pair picks a random number Each node broadcasts the sum (xor) of the adjacent numbers The user who wants to send a message also adds the message The total sum (xor) is: r 1 +r 2 +r 2 +r 3 +r 3 + r 4 +r 4 +r 5 +r 5 +r 1 +m = m r1r1 r4r4 r5r5 r3r3 r2r2 r 1 +r 2 r 5 +r 1 r 4 +r 5 r 3 +r 4 r 2 +r 3 +m

Results of the Model Checking

Result of P(Tails)=0.25

Result of P(Tails)=

Today Model Checking for finite systems Specifying properties in CTL Dinning Philosophers example BREAK Probabilistic finite systems Specifying probabilistic properties in PCTL Dinning Cryptographers