Abstract: Byzantine agreement requires a set of parties in a distributed system to agree on a value even if some parties are corrupted. A new protocol for Byzantine agreement in a completely asynchronous network is presented that makes use of cryptography, specifically of threshold signatures and coin-tossing protocols. These cryptographic protocols have practical and provably secure implementations in the “random oracle” model. In particular, a coin-tossing protocol based on the Diffie-Hellman problem is presented and analyzed.The resulting asynchronous Byzantine agreement protocol is both practical and nearly matches the known theoretical lower bounds. More precisely, it tolerates the maximum number of corrupted parties, runs in constant expected time, has message and communication complexity close to the maximum, and uses a trusted dealer only in a setup phase, after which it can process a virtually unlimited number of transactions. Novel dual-threshold variants of both cryptographic protocols are used.The protocol is formulated as a transaction processing service in a cryptographic security model, which differs from the standard information-theoretic formalization and may be of independent interest.

Abstract: We present an efficient and fair protocol for secure two-party computation in the optimistic model, where a partially trusted third party T is available, but not involved in normal protocol executions. T is needed only if communication is disrupted or if one of the two parties misbehaves. The protocol guarantees that although one party may terminate the protocol at any time, the computation remains fair for the other party. Communication is over an asynchronous network. All our protocols are based on efficient proofs of knowledge and involve no general zero-knowledge tools. As intermediate steps we describe efficient verifiable oblivious transfer and verifiable secure function evaluation protocols, whose security is proved under the decisional Diffie-Hellman assumption.

Abstract: The Security Process Algebra (SPA) is a CCS-like specification languag e where actions belong to two different levels of confidentiality. It has been used to define several noninterference-like security properties whose verification has been automated by the tool CoSeC. In recent years, a method for analyzing security protocols using SPA and CoSeC has been developed. Even if it has been useful in analyzing small security protocols, this method has shown to be error-prone, as it requires the protocol description and its environment to be written by hand. This problem has been solved by defining a protocol specification language more abstract than SPA, called VSP, and a compiler CVS that automatically generates the SPA specification for a given protocol described in VSP. The VSP/CVS technology is very powerful, and its usefulness is shown with some case studies: the Woo-Lam one-way authentication protocol, for which a new attack to authentication is found, and the Wide Mouthed Frog protocol, where different kinds of attack are detected and analyzed.

Abstract: : We have recently seen the development of a number of new tools for the analysis of cryptographic protocols. Many of them are based on state exploration, that is, they try to find as many paths through the protocol as possible, in the hope that, if there is an error, it will be discovered. But, since the search space offered by a cryptographic protocol is infinite, this search alone cannot guarantee security if no attack is found. However, some state exploration tools do offer the ability to prove security results as well as find flaws by the use of theoretical results about the system that they are examining. In particular, the NRL Protocol Analyzer [4] allows its user to interactively prove lemmas that limit the size of its search space. If the resulting search space is finite, then it too can guarantee that a protocol is secure by performing an exhaustive search. However, the ability to make such guarantees brings with it certain limitations. In particular, most of the systems developed so far model only a very limited set of cryptographic primitives, often only encryption (public and shared key) and concatenation. They also avoid low-level features of cryptographic algorithms, such as the commutativity and distributivity properties of RSA.

Abstract: Inductive proofs of secrecy invariants for cryptographic protocols can be facilitated by separating the protocol dependent part from the protocol-independent part. Our secrecy theorem encapsulates the use of induction so that the discharge of protocol-specific proof obligations is reduced to first-order reasoning. Also, the verification conditions are modularly associated with the protocol messages. Secrecy proofs for Otway-Rees (1987) and the corrected Needham-Schroeder protocol are given.

Abstract: The interprocess communication protocol system provides a generic communication system for communication between specified processes in a complex digital system In accordance with the interprocess communication protocol, a group of pre-defined communication signals are defined, to which all communications between the processes conform Interface hardware is disclosed to provide communication between processes In addition, the communication protocol can be designed into the process as and integral portion of the processes

Abstract: Ad hoc networks consist of a group of wireless nodes that dynamically form a multihop network via shared communication channels. For each node, channel access is managed by a media access control (MAC) protocol. MAC protocols can be classified into three broad categories: contention, allocation, and hybrid protocols that combine the contention and allocation access schemes. ADAPT is a hybrid protocol comprised of two component protocols-an allocation protocol that provides stable operation under strenuous network conditions (e.g., high load and nodal degree), and a contention protocol that dynamically manages the available bandwidth. This paper presents a simulation study that compares the performance of several conventional and hybrid MAC protocols. We examine the relative performance of each protocol under equivalent network conditions, and show that the overall performance of the ADAPT protocol is superior. We also discuss the ability of each protocol to support delay sensitive applications, such as voice, video, and multimedia transmission.

Abstract: Independence is a fundamental property needed to achieve security in fault-tolerant distributed computing. In practice, distributed communication networks are neither fully synchronous or fully asynchronous, but rather loosely synchronized. By this, we mean that in a communication protocol, messages at a given round may depend on messages from other players at the same round. These possible dependencies among messages create problems if we need n players to announce independently chosen values. This task is called simultaneous broadcast. In this paper, we present the first constant round protocol for simultaneous broadcast in a reasonable computation model (which includes a common shared random string among the players). The protocol is provably secure under general cryptographic assumptions. In the process, we develop a new and stronger formal definition for this problem. Previously known protocols for this task required either O(log n) or expected constant rounds to complete (depending on the computation model considered).

Abstract: The anti-replay window protocol is used to secure IP against an adversary that can insert (possibly replayed) messages in the message stream from a source computer to a destination computer in the Internet. In this paper, we verify the correctness of this important protocol using standard methods (i.e. auxiliary variables, annotation, and invariants). We show that despite the adversary, the protocol delivers each message at most once, and discards a message only if another copy of this message has already been delivered, or the message has suffered a reorder of degree w or more, where w is the window size. We then develop another variation of this protocol that uses two windows of size w/2 each. This protocol delivers every message at most once, and discards a message only if another copy of this message has already been delivered, or the message has suffered a reorder of degree w+d or more, where d is the sum of current distances between successive windows in the protocol. We argue that the double-window protocol is more effective than the original single-window protocol.

Abstract: We present a case study of how abstractions can be applied to a protocol model, written in Promela, in order to make in amenable for exhaustive state-space exploration, e.g., by SPIN. The protocol is a simple version of the Five Packet Handshake Protocol, which is used in TCP for transmission of single messages. We present techniques for abstracting from actual values of messages, sequence numbers, and identifiers in the protocol. Instead, an abstract model of the protocol is constructed of variables which record whether variables and parameters of messages are equal or unequal. The abstraction works because the protocol handles identifiers and parameters of messages in a simple way. The abstracted model contains only on the order of a thousand states, and safety properties have been analyzed by SPIN.

Abstract: A novel protocol for load balancing in distributed multiserver queuing systems is proposed. The protocol is based on an anonymous multicast communication in a network of servers or workers. A formal description of the protocol in terms of a state diagram is given. The complexity issues of the protocol are considered. The protocol was investigated by the use of a simulation model in terms of a class of the extended Petri nets and implemented as a prototype system on a group of computers in a LAN of Ethernet type. The results of simulation and prototype-system studies of a distributed queuing system with the proposed protocol are compared to the behavior of an ideal, centralized queuing system. Limitations and possible extensions to the protocol are outlined.

Abstract: Adaptivity is a desired feature of the distributed systems. Because many characteristics of the environment (network topology, active process distribution, etc.) may change from time to time, a good system should be able to adapt itself and perform sufficiently well under different conditions.Modern distributed systems are generally built from a set of components. Such a system has the freedom to adapt itself by switching from using one component to another. Because most components in the distributed systems are running protocols, an agreement must be achieved among the processes when doing the adaptation.The traditional approach to do the protocol switch is by using the two-phase-commit algorithm, in which a coordinator first broadcasts a “prepare” message, and all the other processes pause their work and send back acknowledgments. Each process is buffering messages from its own application at this point. After the coordinator receives all the acknowledgments, it broadcasts a “switch” message, and upon receiving which all the processes resume working using the new configuration. This approach is clean and easy to implement. However, it has two shortcomings: (1) the reconfiguration is not “smooth”, i.e.,, the overhead is large; (2) it is not scalable due to the centralized scheme.We propose a method which allows the protocol switch with very little overhead. It is scalable as well. The method is based on the fact that if two protocols P1 and P2 are derived from the same abstract specification AS, there exist converting functions ƒ and ƒ′ that can convert the local state of a process in one protocol to another. We can then build a hybrid protocol based on P1, P2, ƒ and ƒ′ that can make smooth adaptation at runtime.We briefly describe the generic algorithm of the hybrid protocol in three steps: (1) One process initiates the protocol switch by broadcasting a “switch” message; (2) When a process learns about the switching, it stops the current protocol by starting buffering application messages. It then sends out its information that other processes may need in order to convert their local states; (3) When a process gets all the needed information, it converts its local state to that of the new protocol using the converting function provided. It then starts working using the new protocol immediately. Each configuration is associated with a timestamp, which is tagged to the messages sent in that configuration. When a message with a timestamp greater than the local timestamp arrives, it gets buffered, and is processed after the local conversion finishes. To ensure that there is only one reconfiguration at any time, a token mechanism is being used. The hybrid protocol is smooth, because the protocol switch is not depend on the slowest process as in the two-phase-commit approach. It is efficient because the local state conversion saves many unnecessary memory operations.As an example, we apply our algorithm to two types of atomic broadcast protocols, namely, sequencer (S-)protocol and token (T-)protocol. In the S-protocol, each process has a buffer (Sbuƒ) holding the messages yet to be ordered by the sequencer. In the T-protocol, each process has a buffer (Tbuƒ) holding the messages to be broadcast when the token arrives. When switching from S-protocol to T-protocol, the sequencer sends out the information including the number of the messages from each process that have been ordered so far. Other processes convert by transferring the unordered messages from Sbuƒ to Tbuƒ. When switching from T-protocol to S-protocol, the process with the token sends the ordered information to the sequencer, and all the processes will transfer the messages in Tbuƒ to Sbuƒ by sending the message proposals to the sequencer.We implement the algorithm with our group communication toolkit. The following table shows the performance of the hybrid protocol (HY B) versus that of the two-phase-commit protocol (2pc). In the test, each process broadcasts 100 messages in each round, when a process receives all the messages in this round, it starts a new round. We switch the protocol every 3 rounds. The result being shown (in msec/round) is the average round latency of 100 rounds for 3 processes. The S-protocol and T-protocol data is of no protocol switch and just for the comparison. The algorithm works much better when the number of processes increases.Our algorithm provides a generic way of building efficient and scalable adaptive protocols. We believe it is a step towards the modular approach to adding new functionalities, such as adaptation, to the distributed systems.

Abstract: We present an efficient and fair protocol for secure two-party computation in the optimistic model, where a partially trusted third party T is available, but not involved in normal protocol executions. T is needed only if communication is disrupted or if one of the two parties misbehaves. The protocol guarantees that although one party may termi- nate the protocol at any time, the computation remains fair for the other party. Communication is over an asynchronous network. All our proto- cols are based on efficient proofs of knowledge and involve no general zero-knowledge tools. As intermediate steps we describe efficient verifi- able oblivious transfer and verifiable secure function evaluation protocols, whose security is proved under the decisional Diffie-Hellman assumption.

Abstract: We propose a new multiple access control (MAC) protocol for wireless ATM systems, in which user demands are highly heterogeneous and can be classified as CBR, VBR, and ABR. Our protocol is motivated by two of the most significant drawbacks of existing protocols: (1) the channel condition is ignored or not exploited, and (2) inflexible or biased time slots allocation algorithms are used. Indeed, existing protocols mostly ignore the burst errors due to fading and shadowing, which are inevitable in a mobile and wireless communication environment. A few protocols take into account the burst errors but just "handle" the errors in a passive manner. On the other hand, most of the existing protocols employ an inflexible or biased allocation algorithm such that over-provisioning may occur for a certain class of users at the expense of the poor service quality received by other users. Our proposed protocol, called SCAMA (synergistic channel adaptive multiple access), does not have these two drawbacks. The proposed protocol works closely with the underlying physical layer in that through observing the channel state information (CSI) of each mobile user, the MAC protocol first segregates a set of users with good CSI from requests gathered in the request contention phase of an uplink frame. The MAC protocol then judiciously allocates information time slots to the users according to their traffic types, CSI, urgency, and throughput, which are collectively represented by a novel and flexible priority function. Extensive simulations have been conducted to evaluate the SCAMA protocol.

Abstract: A secure electronic auction scheme is designed based on an improved secure multiparty computation protocol and bit commitment protocol. The scheme is characterized by the fact that all bids of the losing bidders are secret except the winning bidder.

Abstract: The cooperation of different processes may be lost by mistake when a protocol is executed. The protocol cannot be normally operated under this condition. In this paper, the self fault-tolerance of protocols is discussed, and a semantics-based approach for achieving self fault-tolerance of protocols is presented. Some main characteristics of self fault-tolerance of protocols concerning liveness, nontermination and infinity are also presented. Meanwhile, the sufficient and necessary conditions for achieving self fault-tolerance of protocols are given. Finally, a typical protocol that does not satisfy the self fault-tolerance is investigated, and a new redesign version of this existing protocol using the proposed approach is given.

Abstract: Presents a mobile agent-based three-tier protocol to improve the data transmission while accessing distributed databases. When a mobile agent is employed to fulfil a distributed query, it has many choices for travelling in the network. The master/slave pattern can be applied to mobile agents on the basis of a centralized two-phase commit (2PC) protocol to allow the parallel execution of mobile agents. In this paper, a three-tier protocol is proposed, which clusters all the slave agents to strengthen the parallelism. This three-tier protocol can significantly weaken the data transmission bottleneck and reduce the response time. This paper describes the protocol and a performance evaluation of it.

Abstract: This paper outlines a Meta-Object Protocol for secure composition of cryptography-aware meta objects. This MOP intends to be language independent so that it can be easily constructed over simple facilities for meta object composition. We have partially implemented the MOP described below over a free, reflective flavor for the Java programming language. The interesting design issues of this implementation are discussed below.

Abstract: It is an important and hard problem in the area of computer network security to analyze cryptographic protocols. A methodology is presented using a model checke r of formal methods, SMV (symbolic model verifier), to analyze the well known Ne edham-Schroeder Public-Key Protocol. The SMV is used to discover an attack upo n the protocol, which has never been discovered by BAN logic. Finally, the proto col is adapted, and then the SMV is used to show that the new protocol is secure .

Abstract: Cooperation between the members of a virtual manufacturing organization can be described as following a certain protocol, similar to communication protocols in distributed systems. We investigate how it is possible to model such protocols explicitly, for an organization modeled as a client-server system where one member (a client) can request another (a server) to fulfill a certain production goal. The goal is given in an abstract way: the type of the product and its required quantity. It is up to the server to decide if and how to implement this goal. We present several protocols how the servers can react to such requests and the clients receive their responses. We also discuss how the choice of a protocol affects the behavior of the whole organization.

Abstract: Data transmission over wireless communication networks is increasing rapidly and security has become a very important issue. The main considerations of secure communication systems are authentication, key distribution, and data transfer. This paper describes a secure communication protocol (SCP), which provides privacy and data integrity for end-to-end data transmission over wireless communication systems.

Abstract: The formal specification and mechanical verification of an atomic commitment protocol (ACP) for distributed real-time and fault-tolerant databases is presented. As an example, the non-blocking ACP of Babaoglu and Toueg (1993) is analyzed. An error in their termination protocol for recovered participants has been detected. We propose a new termination protocol which has been proved correct formally. To stay close to the original formulation of the protocol, timed state machines are used to specify the processes, whereas the communication mechanism between processes is defined using assertions. Formal verification has been performed incrementally: adding recovery from crashes only after having proved the basic protocol. The verification system PVS was used to deal with the complexity of this fault-tolerant protocol.

Abstract: Recently, many different protocols have been proposed for software Distributed Shared Memory (DSM) that can provide a shared-memory programming model for distributed memory hardware The adaptive protocols of these protocols attempt to allow the system to choose between different protocols based on the access patterns it observes in an application This paper describes several problems that deteriorate the performance of a hybrid protocol[6], an adaptive invalidate/update protocol To address these problems, this paper then presents a working-set based adaptive invalidate/update protocol that uses a working-set model as the criteria for determining whether to update or invalidate The proposed protocol was implemented in CVM [7], a software DSM system, and evaluated using eight nodes of an IBM SP2 After experimenting with various working-set window sizes, it was confirmed that the proposed protocol could track an access pattern better than the hybrid protocol, plus with a very small window size the protocol was able to optimize the over-all performance