Jun Pang - Academia.edu (original) (raw)
Papers by Jun Pang
2006 Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06), 2006
Eighth International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2007), 2007
In this paper, we present two extensions of the strand space method to model Kerberos V. First, w... more In this paper, we present two extensions of the strand space method to model Kerberos V. First, we include time and timestamps to model security protocols with times- tamps: we relate a key to a crack time and combine it with timestamps in order to define a notion of recency. Therefore, we can check replay attacks in this new framework.
Journal of Information Security, 2010
Formal Aspects of Computing, 2014
Nordic Journal of Computing, 2005
We show that, contrary to common belief, Dijkstra's K-state mutual exclusion algorithm on a r... more We show that, contrary to common belief, Dijkstra's K-state mutual exclusion algorithm on a ring also stabilizes when the number K of states per process is one less than the number N+ 1 of processes in the ring. We formalize the algorithm and verify the proof in PVS, based on Qadeer and Shankar's work. We show that K = N
Lecture Notes in Computer Science, 2012
Lecture Notes in Computer Science, 2011
Frontiers of Computer Science, 2013
ABSTRACT In certified email (CEM) protocols, trusted third party (TTP) transparency is an importa... more ABSTRACT In certified email (CEM) protocols, trusted third party (TTP) transparency is an important security requirement which helps to avoid bad publicity as well as protecting individual users’ privacy. Cederquist et al. proposed an optimistic certified email protocol, which employs key chains to reduce the storage requirement of the TTP. We extend their protocol to satisfy the property of TTP transparency, using existing verifiably encrypted signature schemes. An implementation with the scheme based on bilinear pairing makes our extension one of the most efficient CEM protocols satisfying strong fairness, timeliness, and TTP transparency. We formally verify the security requirements of the extended protocol. The properties of fairness, timeliness and effectiveness are checked in the model checker Mocha, and TTP transparency is formalised and analysed using the toolsets µCRL and CADP.
IFIP Advances in Information and Communication Technology, 2010
Lecture Notes in Computer Science, 2012
2009 16th Asia-Pacific Software Engineering Conference, 2009
2011 Sixth International Conference on Availability, Reliability and Security, 2011
ABSTRACT We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et ... more ABSTRACT We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et al. Our formalization relies on inductive definitions of message distinguish ability and observational equivalence over observed traces by the intruder. Our theory differs from its original proposal which essentially boils down to the existence of a reinterpretation function. We build our theory in Isabelle/HOL to have a mechanical framework for the analysis of anonymity protocols. Its feasibility is illustrated through the onion routing protocol.
Lecture Notes in Computer Science, 2004
Lecture Notes in Computer Science, 2013
Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13, 2013
ACM Transactions on the Web, 2014
Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12, 2012
ABSTRACT The popularity of location-based services leads to serious concerns on user privacy. A c... more ABSTRACT The popularity of location-based services leads to serious concerns on user privacy. A common mechanism to protect users' location and query privacy is spatial generalisation. As more user information becomes available with the fast growth of Internet applications, e.g., social networks, attackers have the ability to construct users' personal profiles. This gives rise to new challenges and reconsideration of the existing privacy metrics, such as k-anonymity. In this paper, we propose new metrics to measure users' query privacy taking into account user profiles. Furthermore, we design spatial generalisation algorithms to compute regions satisfying users' privacy requirements expressed in these metrics. By experimental results, our metrics and algorithms are shown to be effective and efficient for practical usage.
Lecture Notes in Computer Science, 2007
2006 Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06), 2006
Eighth International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2007), 2007
In this paper, we present two extensions of the strand space method to model Kerberos V. First, w... more In this paper, we present two extensions of the strand space method to model Kerberos V. First, we include time and timestamps to model security protocols with times- tamps: we relate a key to a crack time and combine it with timestamps in order to define a notion of recency. Therefore, we can check replay attacks in this new framework.
Journal of Information Security, 2010
Formal Aspects of Computing, 2014
Nordic Journal of Computing, 2005
We show that, contrary to common belief, Dijkstra's K-state mutual exclusion algorithm on a r... more We show that, contrary to common belief, Dijkstra's K-state mutual exclusion algorithm on a ring also stabilizes when the number K of states per process is one less than the number N+ 1 of processes in the ring. We formalize the algorithm and verify the proof in PVS, based on Qadeer and Shankar's work. We show that K = N
Lecture Notes in Computer Science, 2012
Lecture Notes in Computer Science, 2011
Frontiers of Computer Science, 2013
ABSTRACT In certified email (CEM) protocols, trusted third party (TTP) transparency is an importa... more ABSTRACT In certified email (CEM) protocols, trusted third party (TTP) transparency is an important security requirement which helps to avoid bad publicity as well as protecting individual users’ privacy. Cederquist et al. proposed an optimistic certified email protocol, which employs key chains to reduce the storage requirement of the TTP. We extend their protocol to satisfy the property of TTP transparency, using existing verifiably encrypted signature schemes. An implementation with the scheme based on bilinear pairing makes our extension one of the most efficient CEM protocols satisfying strong fairness, timeliness, and TTP transparency. We formally verify the security requirements of the extended protocol. The properties of fairness, timeliness and effectiveness are checked in the model checker Mocha, and TTP transparency is formalised and analysed using the toolsets µCRL and CADP.
IFIP Advances in Information and Communication Technology, 2010
Lecture Notes in Computer Science, 2012
2009 16th Asia-Pacific Software Engineering Conference, 2009
2011 Sixth International Conference on Availability, Reliability and Security, 2011
ABSTRACT We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et ... more ABSTRACT We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et al. Our formalization relies on inductive definitions of message distinguish ability and observational equivalence over observed traces by the intruder. Our theory differs from its original proposal which essentially boils down to the existence of a reinterpretation function. We build our theory in Isabelle/HOL to have a mechanical framework for the analysis of anonymity protocols. Its feasibility is illustrated through the onion routing protocol.
Lecture Notes in Computer Science, 2004
Lecture Notes in Computer Science, 2013
Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13, 2013
ACM Transactions on the Web, 2014
Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12, 2012
ABSTRACT The popularity of location-based services leads to serious concerns on user privacy. A c... more ABSTRACT The popularity of location-based services leads to serious concerns on user privacy. A common mechanism to protect users' location and query privacy is spatial generalisation. As more user information becomes available with the fast growth of Internet applications, e.g., social networks, attackers have the ability to construct users' personal profiles. This gives rise to new challenges and reconsideration of the existing privacy metrics, such as k-anonymity. In this paper, we propose new metrics to measure users' query privacy taking into account user profiles. Furthermore, we design spatial generalisation algorithms to compute regions satisfying users' privacy requirements expressed in these metrics. By experimental results, our metrics and algorithms are shown to be effective and efficient for practical usage.
Lecture Notes in Computer Science, 2007