Tango: Declarative Semantics for Multiagent Communication Protocols

A flexible communication protocol is necessary to build a decentralized multiagent system whose member agents are not coupled to each other's decision making. Information-based protocol languages capture a protocol in terms of causality and integrity constraints based on the information exchanged by the agents. Thus, they enable highly flexible enactments in which the agents proceed asynchronously and messages may be arbitrarily reordered. However, the existing semantics for such languages can produce a large number of protocol enactments, which makes verification of a protocol property intractable. This paper formulates a protocol semantics declaratively via inference rules that determine when a message emission or reception becomes enabled during an enactment, and its effect on the local state of an agent. The semantics enables heuristics for determining when alternative extensions of a current enactment would be equivalent, thereby helping produce parsimonious models and yielding improved protocol verification methods.

A SAT-Based Planning Approach for Finding Logical Attacks on Cryptographic Protocols

Cryptographic protocols form the backbone of digital society. They are concurrent multiparty communication protocols that use cryptography to achieve security goals such as confidentiality, authenticity, integrity, etc., in the presence of adversaries. Unfortunately, protocol verification still represents a critical task and a major cost to engineer attack-free security protocols. Model checking and SAT-based techniques proved quite effective in this context. This article proposes an efficient automatic model checking approach that exemplifies a security property violation. In this approach, a protocol verification is abstracted as a compact planning problem, which is efficiently solved by a state-of-the-art SAT solver. The experiments performed on some real-world cryptographic protocols succeeded in detecting new logical attacks, violating some security properties. Those attacks encompass both “type flaw” and “replay” attacks, which are difficult to tackle with the existing planning-based approaches.

A novel FPGA-based test-bench framework for SDI stream verification

This paper presents a framework for complete simulation and verification of Serial Digital Interface (SDI) video using a verilog test-bench and geared toward FPGAs. This framework permits simulating the entire process: from test video signal generation to protocol verification in the FPGA which implements the Device Under Test (DUT). The novelty in the design is the combination of a customized test video signal generator with an implementation clone of DUT transceiver for in-depth protocol debugging. Identical input test patterns of the video protocol under test are generated and fed to DUT for verification. Thus, the model not only permits to evaluate the SDI transport layer but also validates the implementation at ultra low pixel level of the video format. This approach provides two advantages: cost saving in terms of additional lab test equipment and delivering all-in-one test solution to verify design and implementation. A practical implementation using a test example of a macroblock processing chain using SDI video interface shows the viability of the proposed framework for video protocol testing.

New Authentication Scheme to Secure against the Phishing Attack in the Mobile Cloud Computing

A phishing attack is one of the severe threats to the smartphone users. As per the recent lookout report, mobile phishing attack is increasing 85% year to year and going to become a significant threat to the smartphone users. This social engineering attack attempts to get the user’s password by disguising as trusted service provider. Most of the smartphone users are using the Internet services outside of the traditional firewall. Cloud-based documents are one of the primary targets of this phishing attack in mobile cloud computing. Also, most smartphone users are using the cloud storage in their device. To secure against this password attack in a mobile cloud environment, we propose a new authentication scheme to provide novel security to the mobile cloud services. This scheme will verify the user and service provider without transmitting the password using the Zero-knowledge proof based authentication protocol. Moreover, the proposed scheme will provide mutual authentication between the communication entities. The effectiveness of proposed scheme would be verified using protocol verification tool called Scyther.