Unlinkability of an Improved Key Agreement Protocol for EMV 2nd Gen Payments

Scientific Conference (2022, August 10)

To address known privacy problems with the EMV standard, EMVCo have proposed a Blinded Diffie-Hellman key establishment protocol, which is intended to be part of a future 2nd Gen EMV protocol. We point ... [more ▼]

To address known privacy problems with the EMV standard, EMVCo have proposed a Blinded Diffie-Hellman key establishment protocol, which is intended to be part of a future 2nd Gen EMV protocol. We point out that active attackers were not previously accounted for in the privacy requirements of this proposal protocol, and demonstrate that an active attacker can compromise unlinkability within a distance of 100cm. Here, we adopt a strong definition of unlinkability that does account for active attackers and propose an enhancement of the protocol proposed by EMVCo. We prove that our protocol does satisfy strong unlinkability, while preserving authentication. [less ▲]

A Graphical Proof Theory of Logical Time

in Felty, Amy P. (Ed.) Proc. 7th International Conference on Formal Structures for Computation and Deduction (FSCD 2022) (2022)

Logical time is a partial order over events in distributed systems, constraining which events precede others. Special interest has been given to series-parallel orders since they correspond to formulas ... [more ▼]

Logical time is a partial order over events in distributed systems, constraining which events precede others. Special interest has been given to series-parallel orders since they correspond to formulas constructed via the two operations for "series" and "parallel" composition. For this reason, series-parallel orders have received attention from proof theory, leading to pomset logic, the logic BV, and their extensions. However, logical time does not always form a series-parallel order; indeed, ubiquitous structures in distributed systems are beyond current proof theoretic methods. In this paper, we explore how this restriction can be lifted. We design new logics that work directly on graphs instead of formulas, we develop their proof theory, and we show that our logics are conservative extensions of the logic BV. [less ▲]

Discovering ePassport Vulnerabilities using Bisimilarity

in Logical Methods in Computer Science (2021), 17(2), 241--2452

A Characterisation of Open Bisimilarity using an Intuitionistic Modal Logic

in Logical Methods in Computer Science (2021), 17(3), 21240

Session Subtyping and Multiparty Compatibility Using Circular Sequents

in In 31st International Conference on Concurrency Theory (CONCUR 2020). (2020)

Attack-Defence Frameworks: Argumentation-Based Semantics for Attack-Defence Trees.

in Graphical Models for Security - 7th International Workshop (2020)

The Sub-Additives: A Proof Theory for Probabilistic Choice extending Linear Logic

in 4th International Conference on Formal Structures for Computation and Deduction (FSCD 2019). (2019)

Graphical Models for Security - 6th International Workshop, Revised Papers

Scientific Conference (2019)

Global Types with Internal Delegation

in Theoretical Computer Science (2019)

This paper investigates a new form of delegation for multiparty session calculi. Usually, delegation allows a session participant to appoint a participant in another session to act on her behalf. This ... [more ▼]

This paper investigates a new form of delegation for multiparty session calculi. Usually, delegation allows a session participant to appoint a participant in another session to act on her behalf. This means that delegation is inherently an inter-session mechanism, which requires session interleaving. Hence delegation falls outside the descriptive power of global types, which specify single sessions. As a consequence, properties such as deadlock-freedom or lock-freedom are difficult to ensure in the presence of delegation. Here we adopt a different view of delegation, by allowing participants to delegate tasks to each other within the same multiparty session. This way, delegation occurs within a single session (internal delegation) and may be captured by its global type. To increase flexibility in the use of delegation, our calculus uses connecting communications, which allow optional participants in the branches of choices. By these means, we are able to express conditional delegation. We present a session type system based on global types with internal delegation, and show that it ensures the usual safety properties of multiparty sessions, together with a progress property. [less ▲]

Quasi-Open Bisimilarity with Mismatch is Intuitionistic

in Proceedings of LICS '18: 33rd Annual ACM/IEEE Symposium on Logic in Computer Science, Oxford, United Kingdom, July 9-12, 2018 (LICS '18) (2018)

Quasi-open bisimilarity is the coarsest notion of bisimilarity for the π-calculus that is also a congruence. This work extends quasi-open bisimilarity to handle mismatch (guards with inequalities). This ... [more ▼]

Quasi-open bisimilarity is the coarsest notion of bisimilarity for the π-calculus that is also a congruence. This work extends quasi-open bisimilarity to handle mismatch (guards with inequalities). This minimal extension of quasi-open bisimilarity allows fresh names to be manufactured to provide constructive evidence that an inequality holds. The extension of quasi-open bisimilarity is canonical and robust --- coinciding with open barbed bisimilarity (an objective notion of bisimilarity congruence) and characterised by an intuitionistic variant of an established modal logic. The more famous open bisimilarity is also considered, for which the coarsest extension for handling mismatch is identified. Applications to checking privacy properties are highlighted. Examples and soundness results are mechanised using the proof assistant Abella. [less ▲]