安全协议的形式化分析技术与方法

对于安全协议的形式化分析方法从技术特点上做了分类和分析．对于安全协议分析技术的发展历史、目前的状况以及将来的趋势作了总体的介绍和总结．根据作者的体会，从纵向和横向两个角度进行了总结．纵向方面主要是从用于分析安全协议的形式化方法的出现和发展的历史角度加以总结．横向方面主要从所应用的技术手段、技术特点入手，进行总结分析．说明了目前协议形式化分析发展的主要方向．对于目前国际流行的方法和模型进行了例解．

对几类重要网络安全协议形式模型的分析

该文根据建模基础的不同,对目前处在研究热点中的几个重要协议形式模型进行了分类分析.它们可以分为4类:基于知识演化系统的模型;基于规则推理系统的模型;基于代数演算系统的模型及基于计算复杂性理论的模型.对每类模型作者提出了相应的抽象特征体系,并在该体系下分析了有代表性的模型,指出了这些模型的优缺点及进一步改进的思路.抽象体系的提出不仅使模型的本质变得清晰,而且还使同类模型中的不同模型之间的联系变得易于理解;分析了不同类型模型之间可能存在的联系,特别是用基于规则推理的模型的思路改进了Woo-Lam模型,在提出B模型抽象结构的同时,分析指出它极有可能发展成为一个统一各类模型的模型.

运用ASM描述安全协议

介绍了抽象状态机（ASM）,建立了基于这种形式化方法的协议描述于验证的环境,并建立了一般意义上的入侵者模型.作为应用实例,给出了 Helsinki协议的 ASM规约,说明利用这个规约可以直观的演绎 Horng-Hsu攻击.

Cryopreservation of Kunming mouse oocytes using slow cooling, ultrarapid cooling and vitrification protocols

The cryopreservation of oocytes has been only marginally successful with any of the current protocols, including slow cooling, rapid cooling and vitrification. We wished to test the hypothesis that oocytes from a single mouse strain would freeze successfully by 1 of the 3 mentioned protocols. Unfertilized Kunming mouse oocytes obtained 14 h after PMSG/hCG administration were randomly assigned to be cryopreserved after slow cooling, ultra rapid cooling and vitrification. Oocytes were thawed by straws being placed into 37 degrees C water, and their morphological appearance and in vitro fertilization capability were compared with that of oocytes that had not undergone cryopreservation. Survival of oocytes was indicated by the absence of darkened ooplasm or by broken membranes or zona pellucida. Functional integrity was evaluated by the formation of a 2-cell embryo after IVF. Survival rate of slow cooled oocytes did not differ from that seen in vitrified oocytes (55.1 vs 65.9%) but was significantly lower in the rapidly cooled oocytes (24.2%; P<0.01). The results of NF of slow cooled and vitrified oocytes were similar to those of the control group (72 and 73 vs 77%; P>0.05). It appears that Kunming mouse oocytes can be successfully cryopreserved using the slow cooling method with 1,2-propanediol and vitrification, which contains both permeating and nonpermeating cryoprotectants. (C) 1997 by Elsevier Science Inc.

Compensatory growth response in three-spined stickleback in relation to feed-deprivation protocols

Different protocols of food deprivation were used to bring two groups of juvenile three-spined sticklebacks Gaslerosteus aculeatus to the same reduced body mass in comparison with a control group fed daily ad libitum. One group experienced I week or deprivation then 2 weeks on maintenance rations. The second group experienced I week of ad lithium feeding followed by 2 weeks of deprivation. The deprived groups were reduced to a mean mass ore. 80% of controls. The compensatory growth response shown when ad libitum feeding was resumed was independent of the trajectory by which the three-spined sticklebacks had reached the reduced body mass. The compensatory response was Sufficient to return the deprived groups to the mass and length trajectories shown by the control group within 4 weeks. There was full compensation for dry mass and total lipid, but incomplete compensation for lipid-free dry mass. Hyperphagia and increased growth efficiency were present in the re-feeding phase, but there was a lag of a week before the hyperphagia was established. The consistency of the compensatory response of immature three-spined sticklebacks provides a potential model system for the analysis and prediction of appetite and growth in teleosts. (C) 2003 The Fisheries Society of the British isles.

Comparison of compensatory growth responses of juvenile three-spined stickleback and minnow following similar food deprivation protocols

The compensatory growth responses of individual juveniles of two co-existing species were compared after identical periods of starvation to determine inter-specific similarities and differences. The carnivorous stickleback Gasterosteus aculeatus was compared with the omnivorous minnow Phoxinus phoxinus. Both species experienced 1 or 2 weeks of starvation before being re-fed ad libitum. The two species differed in their response to the starvation periods, with minnows showing a lower weight-specific loss. Both species showed compensatory responses in appetite, growth and to a lesser extent, growth efficiency. Minnows wholly compensated for 1 and 2 weeks of starvation. At the end of the experiment, sticklebacks starved For 2 weeks were still showing a compensatory response and had nut achieved full compensation. The compensatory responses of the sticklebacks showed a lag of a week before developing in the re-feeding phase, whereas the response of the minnows was immediate. Analysis of lipid and dry matter concentrations suggested that the compensatory response restored reserve lipids while also bringing the fish back to the growth trajectory of continuously fed fish. (C) 2001 The Fisheries Society of the British Isles.

Layered Architecture for Secure E-Commerce Applications

We present a layered architecture for secure e-commerce applications and protocols with fully automated dispute-resolution process, robust to communication failures and malicious faults. Our design is modular, with precise yet general-purpose interfaces and functionalities, and allows usage as an underlying secure service to different e-commerce, e-banking and other distributed systems. The interfaces support diverse, flexible and extensible payment scenarios and instruments, including direct buyer-seller payments as well as (the more common) indirect payments via payment service providers (e.g. banks). Our design is practical, efficient, and ensures reliability and security under realistic failure and delay conditions.

Practical Evaluation of Security against Generalized Interpolation Attack

Interpolation attack was presented by Jakobsen and Knudsen at FSE'97. Interpolation attack is effective against ciphers that have a certain algebraic structure like the PURE cipher which is a prototype cipher, but it is difficult to apply the attack to real-world ciphers. This difficulty is due to the difficulty of deriving a low degree polynomial relation between ciphertexts and plaintexts. In other words, it is difficult to evaluate the security against interpolation attack. This paper generalizes the interpolation attack. The generalization makes easier to evaluate the security against interpolation attack. We call the generalized interpolation attack linear sum attack. We present an algorithm that evaluates the security of byte-oriented ciphers against linear sum attack. Moreover, we show the relationship between linear sum attack and higher order differential attack. In addition, we show the security of CRYPTON, E2, and RIJNDAEL against linear sum attack using the algorithm.

RSA-Based Password-Authenticated Key Exchange, Revisited

The RSA-based Password-Authenticated Key Exchange (PAKE) protocols have been proposed to realize both mutual authentication and generation of secure session keys where a client is sharing his/her password only with a server and the latter should generate its RSA public/private key pair (e, n), (d, n) every time due to the lack of PKI (Public-Key Infrastructures). One of the ways to avoid a special kind of off-line (so called e-residue) attacks in the RSA-based PAKE protocols is to deploy a challenge/response method by which a client verifies the relative primality of e and φ(n) interactively with a server. However, this kind of RSA-based PAKE protocols did not give any proof of the underlying challenge/response method and therefore could not specify the exact complexity of their protocols since there exists another security parameter, needed in the challenge/response method. In this paper, we first present an RSA-based PAKE (RSA-PAKE) protocol that can deploy two different challenge/response methods (denoted by Challenge/Response Method1 and Challenge/Response Method2). The main contributions of this work include: (1) Based on the number theory, we prove that the Challenge/Response Method1 and the Challenge/Response Method2 are secure against e-residue attacks for any odd prime e; (2) With the security parameter for the on-line attacks, we show that the RSA-PAKE protocol is provably secure in the random oracle model where all of the off-line attacks are not more efficient than on-line dictionary attacks; and (3) By considering the Hamming weight of e and its complexity in the RSA-PAKE protocol, we search for primes to be recommended for a practical use. We also compare the RSA-PAKE protocol with the previous ones mainly in terms of computation and communication complexities.

an improved smart card based password authentication scheme with provable security

Password authentication has been adopted as one of the most commonly used solutions in network environment to protect resources from unauthorized access. Recently, Lee–Kim–Yoo [S.W. Lee, H.S. Kim, K.Y. Yoo, Improvement of Chien et al.'s remote user authentication scheme using smart cards, Computer Standards & Interfaces 27 (2) (2005) 181–183] and Lee-Chiu [N.Y. Lee, Y.C. Chiu, Improved remote authentication scheme with smart card, Computer Standards & Interfaces 27 (2) (2005) 177–180] respectively proposed a smart card based password authentication scheme. We show that these two schemes are both subject to forgery attacks provided that the information stored in the smart card is disclosed by the adversary. We also propose an improved scheme with formal security proof.

cryptanalysis of the end-to-end security protocol for mobile communications with end-user identification/authentication

IEEE Computer Society