Sardaouna Hamadou

A probabilistic energy-aware model for mobile ad-hoc networks

We propose a probabilistic, energy-aware, broadcast calculus for the analysis of mobile ad-hoc networks. The semantics of our model is expressed in terms of Segalas probabilistic automata driven by schedulers to resolve the nondeterministic choice among the probability distributions over target states. We develop a probabilistic observational congruence and a energy-aware preorder semantics. The observational congruence allows us to verify whether two networks exhibit the same observable probabilistic behaviour (connectivity), while the preorder is used to compare the energy consumption of different, but behaviourally equivalent, networks. As an application, we analyse and compare the energy consumption of two well-known automatic repeat request (ARQ)- based error control protocols: stop-and-wait (SW) and go-back-N (GBN).

A flaw in the electronic commerce protocol SET

The Secure Electronic Transaction (SET) protocol has been developed by the major credit card companies in association with some of the top software corporations to secure e-commerce transactions. This paper recalls the basics of the SET protocol and presents a new flaw: a dishonest client may purchase goods from an honest merchant (with the help of another merchant) for which he does not pay. Fortunately, by checking his balance sheet, the merchant may trace with the help of his bank the client and his accomplice. We also propose a modification to fix the flaw.

Trust in anonymity networks

Anonymity is a security property of paramount importance, as we move steadily towards a wired, online community. Its import touches upon subjects as different as eGovernance, eBusiness and eLeisure, as well as personal freedom of speech in authoritarian societies. Trust metrics are used in anonymity networks to support and enhance reliability in the absence of verifiable identities, and a variety of security attacks currently focus on degrading a users trustworthiness in the eyes of the other users. In this paper, we analyse the privacy guarantees of the Crowds anonymity protocol, with and without onion forwarding, for standard and adaptive attacks against the trust level of honest users.

Behavioural equivalences and interference metrics for mobile ad-hoc networks

Connectivity and communication interference are two key aspects in mobile ad-hoc networks (MANETs). This paper proposes a process algebraic model targeted at the analysis of both such aspects. The framework includes a probabilistic process calculus and a suite of analytical techniques based on a probabilistic observational congruence and an interference-sensitive preorder. The former enables the verification of behavioural equivalences; the latter makes it possible to evaluate the interference level of behaviourally equivalent networks. The result is a comprehensive and effective framework for the behavioural analysis and a quantitative assessment of interference for wireless networks in the presence of node mobility. We show our techniques at work on two realistic case studies.

Interference-Sensitive Preorders for MANETs

Connectivity and communication interference are two key aspects in mobile ad-hoc networks (MANETs). We propose a process algebraic model targeted at the analysis of both such aspects of MANETs. The framework includes a probabilistic process calculus and a suite of analytical techniques based on a probabilistic observational congruence and an interference-sensitive preorder. The observational congruence allows us to verify whether two networks exhibit the same behaviour. The preorder makes it possible to evaluate the interference level of different, behaviourally equivalent, networks. We show our framework at work on the analysis of the well-known Alternating Bit Protocol, contrasting the behavior of the standard implementation of the protocol against an alternative implementation that exploits an ideal interference cancellation scheme for CDMA transmissions.

SMT-Based Cost Optimization Approach for the Integration of Avionic Functions in IMA and TTEthernet Architectures

The design of avionic systems is a complex engineering activity. The iterative integration approach helps in controlling the complexity of such activity. On the other hand, using such approach to design evolving systems requires the reconfiguration of scheduling parameters of already integrated parts. This reconfiguration results in a recertification process having a cost that depends on the criticality level of the affected application. We propose a new approach which helps the system designer at each integration step in establishing the new scheduling parameters that minimize such cost. In this work, we focus on the Integrated Modular Avionic (IMA) architecture connected through a Time-Triggered Ethernet (TTEthernet) network. We present a formal model for such systems and we use this model to define a set of constraints that ensure the real-time requirements. These constraints are expressed using an SMTbased language and we used the SMT-solver YICES to find automatically a feasible scheduling parameters that minimize the cost of integration. We show our framework at work by analyzing the iterative integration of some functionalities of the Flight Management System.

Probable Innocence in the Presence of Independent Knowledge

We analyse the Crowds anonymity protocol under the novel assumption that the attacker has independent knowledge on behavioural patterns of individual users. Under such conditions we study, reformulate and extend Reiter and Rubin’s notion of probable innocence, and provide a new formalisation for it based on the concept of protocol vulnerability. Accordingly, we establish new formal relationships between protocol parameters and attackers’ knowledge expressing necessary and sufficient conditions to ensure probable innocence.

Probable innocence in the presence of independent knowledge

We analyse the Crowds anonymity protocol under the novel assumption that the attacker has independent knowledge on behavioural patterns of individual users. Under such conditions we study, reformulate and extend Reiter and Rubin’s notion of probable innocence, and provide a new formalisation for it based on the concept of protocol vulnerability. Accordingly, we establish new formal relationships between protocol parameters and attackers’ knowledge expressing necessary and sufficient conditions to ensure probable innocence.

A Time-Triggered Constraint-Based Calculus for Avionic Systems

The Integrated Modular Avionics (IMA) architecture and the Time-Triggered Ethernet (TTEthernet) network have emerged as the key components of a typical architecture model for recent civil aircrafts. We propose a real-time constraint-based calculus targeted at the analysis of such concepts of avionic embedded systems. We show our framework at work on the modelisation of both the (IMA) architecture and the TTEthernet network, illustrating their behavior by the well-known Flight Management System (FMS).

Some Remarks on the Certificates Registration of the Electronic Commerce Protocol SET

The SET (Secure Electronic Transaction) protocol uses digital signature, encryption primitives and digital certificates to authenticate, hide messages and to authorize transactions. SET claims that by using these cryptographic techniques it ensures the secrecy of the client’s credit card number, the integrity of transmitted data and the authentication of the involved entities. Our analysis shows that, under some considerations, none of these security properties would in fact be guaranteed. This paper describes the SET protocol and presents some interesting remarks about its security: some precautions must be taken when implementing SET, otherwise, it would result in an insecure protocol that would allow a dishonest person to harm both the client and the merchant.