Ioana Boureanu

Learn More
In this paper, we show that many formal and informal security results on distance-bounding (DB) protocols are incorrect/ incomplete. We identify that this inadequacy stems from the fact that the pseudorandom function (PRF) assumption alone, invoked in many security claims, is insufficient. To this end, we identify two distinct shortcomings of invoking the(More)
A secret sharing scheme derives from a given secret certain shares (or shadows) which are distributed to users. The secret can be recovered only by certain predetermined groups. In the first secret sharing schemes only the number of the participants in the reconstruction phase was important for recovering the secret. Such schemes have been referred to as(More)
We present a technique for automatically verifying cryptographic protocols specified in the mainstream specification language CAPSL. Our work is based on model checking multi-agent systems against properties given in AI logics. We present PC2IS, a compiler from CAPSL to ISPL, the input language of MCMAS, a symbolic model checker for MAS. The technique also(More)
Distance-bounding is a practical solution to be used in security-sensitive contexts, to prevent relay attacks. Its applied cryptographic role is definitely spreading fast and it is clearly far reaching, extending from contactless payments to remote car unlocking. However, security models for distance-bounding are not well-established and, as far as we know,(More)
We present a methodology for the automatic verification of multi-agent systems against temporal-epistemic specifications derived from higher-level languages defined over convergent equational theories. We introduce a modality called rewriting knowledge that operates on local equalities. We discuss the conditions under which its interpretation can be(More)
We study the problem of analysing the security for an unbounded number of concurrent sessions of a cryptographic protocol. Our formal model accounts for an arbitrary number of agents involved in a protocol-exchange which is subverted by a Dolev-Yao attacker. We define the parameterised model checking problem with respect to security requirements expressed(More)
The communication between an honest prover and an honest verifier can be intercepted by a malicious man-in-the-middle (MiM), without the legitimate interlocutors noticing the intrusion. The attacker can simply relay messages from one party to another, eventually impersonating the prover to the verifier and possibly gaining the privileges of the former. This(More)