Time-Bounded Task-PIOAs: A Framework for Analyzing Security Protocols

  • Ran Canetti
  • Ling Cheung
  • Dilsun Kaynar
  • Moses Liskov
  • Nancy Lynch
  • Olivier Pereira
  • Roberto Segala
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4167)


We present the Time-Bounded Task-PIOA modeling framework, an extension of the Probabilistic I/O Automata (PIOA) framework that is intended to support modeling and verification of security protocols. Time-Bounded Task-PIOAs directly model probabilistic and nondeterministic behavior, partial-information adversarial scheduling, and time-bounded computation. Together, these features are adequate to support modeling of key aspects of security protocols, including secrecy requirements and limitations on the knowledge and computational power of adversarial parties. They also support security protocol verification, using methods that are compatible with informal approaches used in the computational cryptography research community. We illustrate the use of our framework by outlining a proof of functional correctness and security properties for a well-known Oblivious Transfer protocol.


Task Schedule Security Protocol Cryptographic Protocol Trace Distribution Oblivious Transfer 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BCT04]
    Barthe, G., Cederquist, J., Tarento, S.: A machine-checked formalization of the generic model and the random oracle model. In: Basin, D., Rusinowitch, M. (eds.) IJCAR 2004. LNCS, vol. 3097, pp. 385–399. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  2. [Bla05]
    Blanchet, B.: A computationally sound mechanized prover for security protocols. Cryptology ePrint Archive, Report 2005/401 (2005),
  3. [BPW04]
    Backes, M., Pfitzmann, B., Waidner, M.: Secure asynchronous reactive systems. Cryptology ePrint Archive, Report 2004/082 (2004),
  4. [BR04]
    Bellare, M., Rogaway, P.: The game-playing technique and its application to triple encryption. Cryptology ePrint Archive, Report 2004/331 (2004),
  5. [Can01]
    Canetti, R.: Universally composable security: A new paradigm for cryptographic protocols. In: Proceedings of the 42nd Annual Conference on Foundations of Computer Science (FOCS) (2001), Full version Available at:
  6. [CCK+06a]
    Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, O., Segala, R.: Task-structured probabilistic I/O automata. In: Proceedings of the 8th International Workshop on Discrete Event Systems (WODES), Ann Arbor, Michigan (July 2006)Google Scholar
  7. [CCK+06b]
    Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, O., Segala, R.: Task-structured probabilistic I/O automata. Technical Report MIT-CSAIL-TR-2006-XXX, CSAIL. MIT, Cambridge, MA (2006)Google Scholar
  8. [CCK+06c]
    Canetti, R., Cheung, L., Kaynar, D., Liskov, M., Lynch, N., Pereira, O., Segala, R.: Using task-structured probabilistic I/O automata to analyze an oblivious transfer protocol. Technical Report MIT-CSAIL-TR-2006-047, CSAIL. MIT, Cambridge, MA (June 2006)Google Scholar
  9. [DY83]
    Dolev, D., Yao, A.C.: On the security of public-key protocols. IEEE Transactions on Information Theory 2(29), 198–208 (1983)CrossRefMathSciNetGoogle Scholar
  10. [EGL85]
    Even, S., Goldreich, O., Lempel, A.: A randomized protocol for signing contracts. CACM 28(6), 637–647 (1985)MathSciNetGoogle Scholar
  11. [GMR89]
    Goldwasser, S., Micali, S., Rackoff, C.: The knowledge complexity of interactive proof systems. SIAM Journal on Computing 18(1), 186–208 (1989)MATHCrossRefMathSciNetGoogle Scholar
  12. [GMW87]
    Goldreich, O., Micali, S., Wigderson, A.: How to play any mental game. In: Proceedings of the 19th Symposium on Theory of Computing (STOC), pp. 218–229 (1987)Google Scholar
  13. [Gol01]
    Goldreich, O.: Foundations of Cryptography. Basic Tools, vol. I. Cambridge University Press, Cambridge (2001)MATHCrossRefGoogle Scholar
  14. [Hal05]
    Halevi, S.: A plausible approach to computer-aided cryptographic proofs. Cryptology ePrint Archive, Report 2005/181 (2005),
  15. [LMMS98]
    Lincoln, P.D., Mitchell, J.C., Mitchell, M., Scedrov, A.: A probabilistic poly-time framework for protocol analysis. In: Proceedings of the 5th ACM Conference on Computer and Communications Security (CCS-5), pp. 112–121 (1998)Google Scholar
  16. [MMS03]
    Mateus, P., Mitchell, J.C., Scedrov, A.: Composition of cryptographic protocols in a probabilistic polynomial-time calculus. In: Amadio, R.M., Lugiez, D. (eds.) CONCUR 2003. LNCS, vol. 2761, pp. 327–349. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. [PW00]
    Pfitzmann, B., Waidner, M.: Composition and integrity preservation of secure reactive systems. In: 7th ACM Conference on Computer and Communications Security, pp. 245–254 (2000)Google Scholar
  18. [PW01]
    Pfitzmann, B., Waidner, M.: A model for asynchronous reactive systems and its application to secure message transmission. In: IEEE Symposium on Security and Privacy, pp. 184–200 (2001)Google Scholar
  19. [RMST04]
    Ramanathan, A., Mitchell, J.C., Scedrov, A., Teague, V.: Probabilistic bisimulation and equivalence for security analysis of network protocols. In: Walukiewicz, I. (ed.) FOSSACS 2004. LNCS, vol. 2987, pp. 468–483. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  20. [Seg95]
    Segala, R.: Modeling and Verification of Randomized Distributed Real-Time Systems. Ph.D thesis, Department of Electrical Engineering and Computer Science. MIT (May 1995); Also MIT/LCS/TR-676Google Scholar
  21. [Sho04]
    Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. Cryptology ePrint Archive, Report 2004/332 (2004),
  22. [SL95]
    Segala, R., Lynch, N.: Probabilistic simulations for probabilistic processes. Nordic Journal of Computing 2(2), 250–273 (1995)MATHMathSciNetGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Ran Canetti
    • 1
    • 3
  • Ling Cheung
    • 2
    • 3
  • Dilsun Kaynar
    • 3
  • Moses Liskov
    • 4
  • Nancy Lynch
    • 3
  • Olivier Pereira
    • 5
  • Roberto Segala
    • 6
  1. 1.IBM T.J. Watson Center and Massachusetts Institute of Technology 
  2. 2.Radboud University of Nijmegen 
  3. 3.Massachusetts Institute of Technology 
  4. 4.The College of William and Mary 
  5. 5.Université Catholique de Louvain 
  6. 6.Università di Verona 

Personalised recommendations