Jun Pang - Profile on Academia.edu (original) (raw)
Papers by Jun Pang
2006 Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06), 2006
Guttman and Thayer Fábrega introduced the notion of unsolicited authentication tests, and used it... more Guttman and Thayer Fábrega introduced the notion of unsolicited authentication tests, and used it to prove the correctness of security protocols in which a key server authenticate its clients. As an example, they have applied unsolicited authentication tests to prove the authentication goals of the Otway-Rees protocol. However, unsolicited authentication tests seem not to be fully explored in that case study, and the proofs were complicated. In this paper, we revisit the unsolicited authentication tests, and show how to strengthen and apply them in more general cases. To justify our work, we also use this extension to prove all agents' authentication guarantee of the Otway-Rees protocol.
Extending the Strand Space Method to Verify Kerberos V
Eighth International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2007), 2007
In this paper, we present two extensions of the strand space method to model Kerberos V. First, w... more In this paper, we present two extensions of the strand space method to model Kerberos V. First, we include time and timestamps to model security protocols with times- tamps: we relate a key to a crack time and combine it with timestamps in order to define a notion of recency. Therefore, we can check replay attacks in this new framework.
Journal of Information Security, 2010
In this paper, we show how to use the novel extended strand space method to verify Kerberos V. Fi... more In this paper, we show how to use the novel extended strand space method to verify Kerberos V. First, we formally model novel semantical features in Kerberos V such as timestamps and protocol mixture in this new framework. Second, we apply unsolicited authentication test to prove its secrecy and authentication goals of Kerberos V. Our formalization and proof in this case study have been mechanized using Isabelle/HOL.
Formalizing provable anonymity in Isabelle/HOL
Formal Aspects of Computing, 2014
Nordic Journal of Computing, 2005
We show that, contrary to common belief, Dijkstra's K-state mutual exclusion algorithm on a r... more We show that, contrary to common belief, Dijkstra's K-state mutual exclusion algorithm on a ring also stabilizes when the number K of states per process is one less than the number N+ 1 of processes in the ring. We formalize the algorithm and verify the proof in PVS, based on Qadeer and Shankar's work. We show that K = N
![Fig. 4.1: A counter-example: a ring with K = N- 1 After proving Lemma 6, and reusing (more or less) the lemmas and the PVS proof steps for properties VI and VII in [Qadeer and Shankar 1998], we could mechanically prove self-stabilization of Dijkstra’s K-state algorithm in PVS.](https://figures.academia-assets.com/38121798/figure_001.jpg)
](
Formal Analysis of Privacy in an eHealth Protocol
Lecture Notes in Computer Science, 2012
Lecture Notes in Computer Science, 2011
Social networks have sprung up and become a hot issue of current society. In spite of the fact th... more Social networks have sprung up and become a hot issue of current society. In spite of the fact that these networks provide users with a variety of attractive features, much to users' dismay, however, they are likely to expose users private information (unintentionally). In this paper, we propose an approach which is intended for addressing the problem of collaboratively deciding privacy policies for, but not limited to, shared photos. Our proposed algorithm utilizes trust relations in social networks and combines it with the Condorcet preferential voting scheme. An optimization is developed to improve its efficiency. Experimental results show that our trust-augmented voting scheme performs well. An inference technique is introduced to infer a best privacy policy for a user based on his voting history.
Design and formal verification of a CEM protocol with transparent TTP
Frontiers of Computer Science, 2013
ABSTRACT In certified email (CEM) protocols, trusted third party (TTP) transparency is an importa... more ABSTRACT In certified email (CEM) protocols, trusted third party (TTP) transparency is an important security requirement which helps to avoid bad publicity as well as protecting individual users’ privacy. Cederquist et al. proposed an optimistic certified email protocol, which employs key chains to reduce the storage requirement of the TTP. We extend their protocol to satisfy the property of TTP transparency, using existing verifiably encrypted signature schemes. An implementation with the scheme based on bilinear pairing makes our extension one of the most efficient CEM protocols satisfying strong fairness, timeliness, and TTP transparency. We formally verify the security requirements of the extended protocol. The properties of fairness, timeliness and effectiveness are checked in the model checker Mocha, and TTP transparency is formalised and analysed using the toolsets µCRL and CADP.
IFIP Advances in Information and Communication Technology, 2010
This paper presents simulation-based relations for probabilistic game structures. The first relat... more This paper presents simulation-based relations for probabilistic game structures. The first relation is called probabilistic alternating simulation, and the second called probabilistic alternating forward simulation, following the naming convention of Segala and Lynch. We study these relations with respect to the preservation of properties specified in probabilistic alternating-time temporal logic.
Lecture Notes in Computer Science, 2012
In probabilistic game structures, probabilistic alternating simulation (PA-simulation) relations ... more In probabilistic game structures, probabilistic alternating simulation (PA-simulation) relations preserve formulas defined in probabilistic alternating-time temporal logic with respect to the behaviour of a subset of players. We propose a partition based algorithm for computing the largest PA-simulation. It is to our knowledge the first such algorithm that works in polynomial time. Our solution extends the generalised coarsest partition problem (GCPP) to a game-based setting with mixed strategies. The algorithm has higher complexities than those in the literature for non-probabilistic simulation and probabilistic simulation without mixed actions, but slightly improves the existing result for computing probabilistic simulation with respect to mixed actions.
2009 16th Asia-Pacific Software Engineering Conference, 2009
Service composition, which provides a more effective way to combine several single services into ... more Service composition, which provides a more effective way to combine several single services into a composite service, is a kind of software reuse techniques. However, one of the most important problems is how to perform service composition correctly and effectively so as to produce high-quality source codes for describing the resulted composite service. In this paper, we propose a model-driven method to solve this problem, where UML 2.0 sequence diagrams are extended to model the composition of Web services, extended statecharts are synthesized from sequence diagrams, then the statecharts are further transferred to the input language of a model checker for behavior consistency checking, and finally verified BPEL codes can be generated from improved sequence diagrams. Case studies have been performed to demonstrate the whole process and illustrate the significance of our approach.
An Inductive Approach to Provable Anonymity
2011 Sixth International Conference on Availability, Reliability and Security, 2011
ABSTRACT We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et ... more ABSTRACT We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et al. Our formalization relies on inductive definitions of message distinguish ability and observational equivalence over observed traces by the intruder. Our theory differs from its original proposal which essentially boils down to the existence of a reinterpretation function. We build our theory in Isabelle/HOL to have a mechanical framework for the analysis of anonymity protocols. Its feasibility is illustrated through the onion routing protocol.
Lecture Notes in Computer Science, 2004
We prove the correctness of a sliding window protocol with an arbitrary finite window size n and ... more We prove the correctness of a sliding window protocol with an arbitrary finite window size n and sequence numbers modulo 2n. We show that the sliding window protocol is branching bisimilar to a queue of capacity 2n. The proof is given entirely on the basis of an axiomatic theory, and was checked with the help of PVS.
Post-hoc User Traceability Analysis in Electronic Toll Pricing Systems
Lecture Notes in Computer Science, 2013
Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13, 2013
Location-based services have been enduring a fast development for almost fifteen years. Due to th... more Location-based services have been enduring a fast development for almost fifteen years. Due to the lack of proper privacy protection, especially in the early stage of the development, an enormous amount of user request records have been collected. This exposes potential threats to users' privacy as new contextual information can be extracted from such records. In this paper, we study query dependency which can be derived from users' request history, and investigate its impact on users' query privacy.
Constructing and Comparing User Mobility Profiles
ACM Transactions on the Web, 2014
Measuring query privacy in location-based services
Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12, 2012
ABSTRACT The popularity of location-based services leads to serious concerns on user privacy. A c... more ABSTRACT The popularity of location-based services leads to serious concerns on user privacy. A common mechanism to protect users' location and query privacy is spatial generalisation. As more user information becomes available with the fast growth of Internet applications, e.g., social networks, attackers have the ability to construct users' personal profiles. This gives rise to new challenges and reconsideration of the existing privacy metrics, such as k-anonymity. In this paper, we propose new metrics to measure users' query privacy taking into account user profiles. Furthermore, we design spatial generalisation algorithms to compute regions satisfying users' privacy requirements expressed in these metrics. By experimental results, our metrics and algorithms are shown to be effective and efficient for practical usage.
Verifying a sliding window protocol in muCRL
Lecture Notes in Computer Science, 2007
Untraceability and unreuseability are essential security properties for electronic cash protocols... more Untraceability and unreuseability are essential security properties for electronic cash protocols. Many protocols have been proposed to meet these two properties. However, most of them have not been formally proved to be untraceable and unreuseable. In this paper we propose to use the applied pi calculus as a framework for describing and analyzing electronic cash protocols, and we analyze Ferguson's electronic cash protocol as a case study. We believe that this approach is suitable for many different electronic cash protocols.
Lecture Notes in Computer Science, 2005
We study a process algebra which combines both nondeterministic and probabilistic behavior in the... more We study a process algebra which combines both nondeterministic and probabilistic behavior in the style of Segala and Lynch's simple probabilistic automata. We consider strong bisimulation and observational equivalence, and provide complete axiomatizations for a language that includes a restricted form of parallel composition and (guarded) recursion. The presence of the parallel composition, in particular, introduces various technical difficulties, but we believe that a "good" compositional semantics should take it into account since it is an essential operator to specify concurrent systems.
2006 Seventh International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT'06), 2006
Guttman and Thayer Fábrega introduced the notion of unsolicited authentication tests, and used it... more Guttman and Thayer Fábrega introduced the notion of unsolicited authentication tests, and used it to prove the correctness of security protocols in which a key server authenticate its clients. As an example, they have applied unsolicited authentication tests to prove the authentication goals of the Otway-Rees protocol. However, unsolicited authentication tests seem not to be fully explored in that case study, and the proofs were complicated. In this paper, we revisit the unsolicited authentication tests, and show how to strengthen and apply them in more general cases. To justify our work, we also use this extension to prove all agents' authentication guarantee of the Otway-Rees protocol.
Extending the Strand Space Method to Verify Kerberos V
Eighth International Conference on Parallel and Distributed Computing, Applications and Technologies (PDCAT 2007), 2007
In this paper, we present two extensions of the strand space method to model Kerberos V. First, w... more In this paper, we present two extensions of the strand space method to model Kerberos V. First, we include time and timestamps to model security protocols with times- tamps: we relate a key to a crack time and combine it with timestamps in order to define a notion of recency. Therefore, we can check replay attacks in this new framework.
Journal of Information Security, 2010
In this paper, we show how to use the novel extended strand space method to verify Kerberos V. Fi... more In this paper, we show how to use the novel extended strand space method to verify Kerberos V. First, we formally model novel semantical features in Kerberos V such as timestamps and protocol mixture in this new framework. Second, we apply unsolicited authentication test to prove its secrecy and authentication goals of Kerberos V. Our formalization and proof in this case study have been mechanized using Isabelle/HOL.
Formalizing provable anonymity in Isabelle/HOL
Formal Aspects of Computing, 2014
Nordic Journal of Computing, 2005
We show that, contrary to common belief, Dijkstra's K-state mutual exclusion algorithm on a r... more We show that, contrary to common belief, Dijkstra's K-state mutual exclusion algorithm on a ring also stabilizes when the number K of states per process is one less than the number N+ 1 of processes in the ring. We formalize the algorithm and verify the proof in PVS, based on Qadeer and Shankar's work. We show that K = N
Formal Analysis of Privacy in an eHealth Protocol
Lecture Notes in Computer Science, 2012
Lecture Notes in Computer Science, 2011
Social networks have sprung up and become a hot issue of current society. In spite of the fact th... more Social networks have sprung up and become a hot issue of current society. In spite of the fact that these networks provide users with a variety of attractive features, much to users' dismay, however, they are likely to expose users private information (unintentionally). In this paper, we propose an approach which is intended for addressing the problem of collaboratively deciding privacy policies for, but not limited to, shared photos. Our proposed algorithm utilizes trust relations in social networks and combines it with the Condorcet preferential voting scheme. An optimization is developed to improve its efficiency. Experimental results show that our trust-augmented voting scheme performs well. An inference technique is introduced to infer a best privacy policy for a user based on his voting history.
Design and formal verification of a CEM protocol with transparent TTP
Frontiers of Computer Science, 2013
ABSTRACT In certified email (CEM) protocols, trusted third party (TTP) transparency is an importa... more ABSTRACT In certified email (CEM) protocols, trusted third party (TTP) transparency is an important security requirement which helps to avoid bad publicity as well as protecting individual users’ privacy. Cederquist et al. proposed an optimistic certified email protocol, which employs key chains to reduce the storage requirement of the TTP. We extend their protocol to satisfy the property of TTP transparency, using existing verifiably encrypted signature schemes. An implementation with the scheme based on bilinear pairing makes our extension one of the most efficient CEM protocols satisfying strong fairness, timeliness, and TTP transparency. We formally verify the security requirements of the extended protocol. The properties of fairness, timeliness and effectiveness are checked in the model checker Mocha, and TTP transparency is formalised and analysed using the toolsets µCRL and CADP.
IFIP Advances in Information and Communication Technology, 2010
This paper presents simulation-based relations for probabilistic game structures. The first relat... more This paper presents simulation-based relations for probabilistic game structures. The first relation is called probabilistic alternating simulation, and the second called probabilistic alternating forward simulation, following the naming convention of Segala and Lynch. We study these relations with respect to the preservation of properties specified in probabilistic alternating-time temporal logic.
Lecture Notes in Computer Science, 2012
In probabilistic game structures, probabilistic alternating simulation (PA-simulation) relations ... more In probabilistic game structures, probabilistic alternating simulation (PA-simulation) relations preserve formulas defined in probabilistic alternating-time temporal logic with respect to the behaviour of a subset of players. We propose a partition based algorithm for computing the largest PA-simulation. It is to our knowledge the first such algorithm that works in polynomial time. Our solution extends the generalised coarsest partition problem (GCPP) to a game-based setting with mixed strategies. The algorithm has higher complexities than those in the literature for non-probabilistic simulation and probabilistic simulation without mixed actions, but slightly improves the existing result for computing probabilistic simulation with respect to mixed actions.
2009 16th Asia-Pacific Software Engineering Conference, 2009
Service composition, which provides a more effective way to combine several single services into ... more Service composition, which provides a more effective way to combine several single services into a composite service, is a kind of software reuse techniques. However, one of the most important problems is how to perform service composition correctly and effectively so as to produce high-quality source codes for describing the resulted composite service. In this paper, we propose a model-driven method to solve this problem, where UML 2.0 sequence diagrams are extended to model the composition of Web services, extended statecharts are synthesized from sequence diagrams, then the statecharts are further transferred to the input language of a model checker for behavior consistency checking, and finally verified BPEL codes can be generated from improved sequence diagrams. Case studies have been performed to demonstrate the whole process and illustrate the significance of our approach.
An Inductive Approach to Provable Anonymity
2011 Sixth International Conference on Availability, Reliability and Security, 2011
ABSTRACT We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et ... more ABSTRACT We formalise in a theorem prover the notion of provable anonymity proposed by Garcia et al. Our formalization relies on inductive definitions of message distinguish ability and observational equivalence over observed traces by the intruder. Our theory differs from its original proposal which essentially boils down to the existence of a reinterpretation function. We build our theory in Isabelle/HOL to have a mechanical framework for the analysis of anonymity protocols. Its feasibility is illustrated through the onion routing protocol.
Lecture Notes in Computer Science, 2004
We prove the correctness of a sliding window protocol with an arbitrary finite window size n and ... more We prove the correctness of a sliding window protocol with an arbitrary finite window size n and sequence numbers modulo 2n. We show that the sliding window protocol is branching bisimilar to a queue of capacity 2n. The proof is given entirely on the basis of an axiomatic theory, and was checked with the help of PVS.
Post-hoc User Traceability Analysis in Electronic Toll Pricing Systems
Lecture Notes in Computer Science, 2013
Proceedings of the third ACM conference on Data and application security and privacy - CODASPY '13, 2013
Location-based services have been enduring a fast development for almost fifteen years. Due to th... more Location-based services have been enduring a fast development for almost fifteen years. Due to the lack of proper privacy protection, especially in the early stage of the development, an enormous amount of user request records have been collected. This exposes potential threats to users' privacy as new contextual information can be extracted from such records. In this paper, we study query dependency which can be derived from users' request history, and investigate its impact on users' query privacy.
Constructing and Comparing User Mobility Profiles
ACM Transactions on the Web, 2014
Measuring query privacy in location-based services
Proceedings of the second ACM conference on Data and Application Security and Privacy - CODASKY '12, 2012
ABSTRACT The popularity of location-based services leads to serious concerns on user privacy. A c... more ABSTRACT The popularity of location-based services leads to serious concerns on user privacy. A common mechanism to protect users' location and query privacy is spatial generalisation. As more user information becomes available with the fast growth of Internet applications, e.g., social networks, attackers have the ability to construct users' personal profiles. This gives rise to new challenges and reconsideration of the existing privacy metrics, such as k-anonymity. In this paper, we propose new metrics to measure users' query privacy taking into account user profiles. Furthermore, we design spatial generalisation algorithms to compute regions satisfying users' privacy requirements expressed in these metrics. By experimental results, our metrics and algorithms are shown to be effective and efficient for practical usage.
Verifying a sliding window protocol in muCRL
Lecture Notes in Computer Science, 2007
Untraceability and unreuseability are essential security properties for electronic cash protocols... more Untraceability and unreuseability are essential security properties for electronic cash protocols. Many protocols have been proposed to meet these two properties. However, most of them have not been formally proved to be untraceable and unreuseable. In this paper we propose to use the applied pi calculus as a framework for describing and analyzing electronic cash protocols, and we analyze Ferguson's electronic cash protocol as a case study. We believe that this approach is suitable for many different electronic cash protocols.
Lecture Notes in Computer Science, 2005
We study a process algebra which combines both nondeterministic and probabilistic behavior in the... more We study a process algebra which combines both nondeterministic and probabilistic behavior in the style of Segala and Lynch's simple probabilistic automata. We consider strong bisimulation and observational equivalence, and provide complete axiomatizations for a language that includes a restricted form of parallel composition and (guarded) recursion. The presence of the parallel composition, in particular, introduces various technical difficulties, but we believe that a "good" compositional semantics should take it into account since it is an essential operator to specify concurrent systems.