Wyniki wyszukiwania - BazTech

1

Wiarygodna prezentacji danych do podpisania i weryfikacji

Pejaś J., Fray I. E., Hyla T.

Przegląd Elektrotechniczny

|

2015

|

R. 91, nr 11

191-196

PL

Wiarygodna prezentacja danych przed złożeniem podpisu elektronicznego oraz podczas jego weryfikacji jest jednym z kluczowych czynności, które musi być wykonana za pomocą „bezpiecznego urządzenia służącego do składania i weryfikacji podpisu elektronicznego”. Ze złożeniem podpisu elektronicznego pod dokumentem lub jego weryfikacją może być związane określone zobowiązanie prawne podmiotu podpisującego lub weryfikującego dokument. Artykuł zawiera przegląd różnych technicznych sposobów prezentacji danych i ich ocenę pod kątem rzeczywistych zagrożeń ze strony celowych lub niezamierzonych modyfikacji prezentowanych treści. W artykule zaprezentowano także koncepcję wiarygodnego prezentowania dokumentów. Koncepcja ta polega na oddzieleniu treści podpisywanego dokumentu od formy jego prezentacji oraz zastosowaniu szeregu atrybutów związanych z podpisem dokumentów oraz modułów do ich prezentacji, które minimalizują ryzyko zmanipulowania prezentowanej zawartości podpisywanego lub weryfikowanego dokumentu.

EN

The trusted presentation of the signed or being signed data is one of the key problem, which should be solved in so called secure signature creation and verification devices. Electronic signature on the document or its verification results in a legal commitment of a signer or a verifier. The paper provides an overview of the various technical ways to present data and their assessment in terms of real risks from intentional or unintentional modification of the presented content. The paper also presents the concept of a trusted presentation of documents. This concept is based on the separation of the electronic document contents from its presentation and using a number of attributes associated with the document signature and module to its presentation, minimizing the risk to manipulate the contents of a document to be signed or verified.

2

On some specification languages of cryptographic protocols

Dudek P., Kurkowski M.

Scientific Issues of Jan Długosz University in Częstochowa. Mathematics

|

2010

|

Vol. 15

121--130

EN

A key element of the security systems in computer networks are cryptographic protocols (CP). These protocols are concurrent algorithms used to provide relevant system security goals. Their main purpose is, for example, amutual authentication (identification) of communicating parties (users, servers), distribution of new keys and session encryption. Literature indicates numerous errors in protocol constructions. Thus, there is a need to create methods for CP specification and verification. In this paper, we investigate a problem of CP specification. The paper discusses the so-called Common Language - the simplest language of CP specification and HLPSL - a specification language used in the European verification project Avispa. Finally, we introduce PTL - the new language developed for CP specification which allows fully automatic verification.

3

Process calculi and the verification of security protocols

Boreale M., Gorla D.

Journal of Telecommunications and Information Technology

|

2002

|

nr 4

28-39

EN

Recently there has been much interest towards using formal methods in the analysis of security protocols. Some recent approaches take advantage of concepts and techniques from the field of process calculi. Process calculi can be given a formal yet simple semantics, which permits rigorous definitions of such concepts as "attacker", "secrecy"" and "authentication". This feature has led to the development of solid reasoning methods and verification techniques, a few of which we outline in this paper.

4

Is it possible to decide whether a cryptographic protocol is secure or not?

Comon H., Shmatikov V.

Journal of Telecommunications and Information Technology

|

2002

|

nr 4

5-15

EN

We consider the so called "cryptographic protocols" whose aim is to ensure some security properties when communication channels are not reliable. Such protocols usually rely on cryptographic primitives. Even if it is assumed that the cryptographic primitives are perfect, the security goals may not be achieved: the protocol itself may have weaknesses which can be exploited by an attacker. We survey recent work on decision techniques for the cryptographic protocol analysis.

5

CAPSL and MuCAPSL

Millen J.K., Denker G.

Journal of Telecommunications and Information Technology

|

2002

|

nr 4

16-27

EN

Secure communication generally begins with a connection establishment phase in which messages are exchanged by client and server protocol software to generate, share, and use secret data or keys. This message exchange is referred to as an authentication or key distribution cryptographic protocol. CAPSL is a formal language for specifying cryptographic protocols. It is also useful for addressing the correctness of the protocols on an abstract level, rather than the strength of the underlying cryptographic algorithms. We outline the design principles of CAPSL and its integrated specification and analysis environment. Protocols for secure group management are essential in applications that are concerned with confidential authenticated communication among coalition members, authenticated group decisions, or the secure administration of group membership and access control. We will also discuss our progress on designing a new extension of CAPSL for multicast protocols, called MuCAPSL.

6

Analysis of cryptographic protocols using logics of belief: an overview

Monniaux D.

Journal of Telecommunications and Information Technology

|

2002

|

nr 4

57-67

EN

When designing a cryptographic protocol or explaining it, one often uses arguments such as "since this message was signed by machine B, machine A can be sure it came from B" in informal proofs justifying how the protocol works. Since it is, in such informal proofs, often easy to overlook an essential assumption, such as a trust relation or the belief that a message is not a replay from a previous session, it seems desirable to write such proofs in a formal system. While such logics do not replace the recent techniques of automatic proofs of safety properties, they help in pointing the weaknesses of the system. In this paper, we present briefly the BAN (Burrows-Abadi-Needham) formal system [10, 11] as well as some derivative. We show how to prove some properties of a simple protocol, as well as detecting undesirable assumptions. We then explain how the manual search for proofs can be made automatic. Finally, we explain how the lack of proper semantics can be a bit worrying.

7

Formalne metody analizy kryptograficznych protokołów uwierzytelniania przy zastosowaniu kolorowych sieci Petriego

Jakubowska G., Pejaś J.

Zeszyty Naukowe. Automatyka / Politechnika Śląska

|

2000

|

z. 130

53-64

PL

W artykule została przedstawiona propozycja zastosowania kolorowanych sieci Petri do opisu modeli protokołów uwierzytelniania, oraz modeli intruzów, atakujących analizowany protokół. Narzędzia będące rezultatem ich zastosowania wymagają jednak aktywnej współpracy weryfikatora, który na ich podstawie jest w stanie ocenić stopień bezpieczeństwa protokołu oraz budować bazę wiedzy intruza.

EN

In this paper we present an approach to model authenticating protocols and intruders inside analyzing system using Coloured Petri Nets. However, tools based on the CP-Nets need active human-verifier assistance, who can estimate a degree of security of analyzing protocol and build intruder's database of knowledge.