Proving security protocols with model checkers by data independence techniques
Journal of Computer Security
Strand spaces: proving security protocols correct
Journal of Computer Security
Breaking and Fixing the Needham-Schroeder Public-Key Protocol Using FDR
TACAs '96 Proceedings of the Second International Workshop on Tools and Algorithms for Construction and Analysis of Systems
The modelling and analysis of security protocols: the csp approach
The modelling and analysis of security protocols: the csp approach
Exploiting empirical engagement in authentication protocol design
SPC'05 Proceedings of the Second international conference on Security in Pervasive Computing
Key agreement in ad hoc networks
Computer Communications
Two heads are better than one: security and usability of device associations in group scenarios
Proceedings of the Sixth Symposium on Usable Privacy and Security
Multi-channel key agreement using encrypted public key exchange
Proceedings of the 15th international conference on Security protocols
Authentication protocols based on low-bandwidth unspoofable channels: A comparative survey
Journal of Computer Security
Hi-index | 0.00 |
In pervasive-computing scenarios users may wish to achieve some degree of security in their interaction with other people or equipment, in contexts where they cannot be confident of the others' long-term identities and where there may be no reliable PKI. We examine the problem of bootstrapping security in an ad-hoc network formed by a group of users.In [4] a number of protocols using low-bandwidth channels involving the human agent(s) "in the loop" to bootstrap secure communication over an untrusted infrastructure were presented, the point being that the attacker's powers are more limited with regard to these empirical channels in one or more respects than in the standard Dolev-Yao view. The two-party protocols proved easy to verify [3] (relative to those weakened powers) by adapting the CSP/FDR-based approach of Casper[9], but the multi-party network-formation protocol (based on a combination of low bandwidth non-forgeable channels and an ordinary Dolev-Yao communication medium) proved more problematic.Addressing the verification of this protocol [11] led to consideration of a number of simplified variants, which appear interesting in their own right.