Anonymity and information hiding in multiagent systems

Halpern, Joseph Y.; O’Neill, Kevin

doi:10.1109/csfw.2003.1212706

Cited by 85 publications

(185 citation statements)

References 36 publications

Supporting

Mentioning

179

Contrasting

Unclassified

Order By: Relevance

“…Axiom (25) reflects the restriction on systems needed for theorem 2, namely that there are at least two messages that agent A does not infer. In appendix A, we provide correspondence results for axioms (21) and (24). The fourth group includes all equalities and inequalities from ≡ and an omega-rule for the de dicto quantifier.…”

Section: Dual Signaturementioning

confidence: 99%

“…Often, the "standard" multi-agent system semantics [16] is used, with identity as the equivalence on local states (cf. [21,29,30,32]). But in connection with cryptography, identity is clearly inappropriate as equivalence.…”

Section: The Svo Modalitymentioning

confidence: 99%

“…Existing multi-agent system semantics (cf [5,21,28,32,34]) follow basic Kripke semantics [9], where the assignment V is kept constant as indistinguishable states are scanned: s, V |= 2 A F , if and only if s ′ , V |= F for all indistinguishable states s ′ . Assuming mathematical equalities depend only on the assignment V , and not on the global state s, agents are cryptographically omniscient, i.e., know all equalities:…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Complete Axiomatization of Knowledge and Cryptography

Cohen

Dam

2007

22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007)

View full text Add to dashboard Cite

The combination of first-order epistemic logic and formal cryptography offers a potentially very powerful framework for security protocol verification. In this article, we address two main challenges towards such a combination; First, the expressive power, specifically the epistemic modality, needs to receive concrete computational justification. Second, the logic must be shown to be, in some sense, formally tractable. Addressing the first challenge, we provide a generalized Kripke semantics that uses permutations on the underlying domain of cryptographic messages to reflect agents' limited computational power. Using this approach, we obtain logical characterizations of important concepts of knowledge in the security protocol literature, namely Dolev-Yao style message deduction and static equivalence. Answering the second challenge, we exhibit an axiomatization which is sound and complete relative to the underlying theory of cryptographic terms, and to an omega rule for quantifiers. The axiomatization uses largely standard axioms and rules from first-order modal logic. In addition, it includes some novel axioms for the interaction between knowledge and cryptography. To illustrate the usefulness of the logic we consider protocol examples using mixes, a Crowds style protocol, and electronic payments. Furthermore, we provide embedding results for BAN and SVO.

show abstract

Section: Dual Signaturementioning

confidence: 99%

Section: The Svo Modalitymentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

A Complete Axiomatization of Knowledge and Cryptography

Cohen

Dam

2007

22nd Annual IEEE Symposium on Logic in Computer Science (LICS 2007)

View full text Add to dashboard Cite

show abstract

“…In order to get epistemic specifications closer to a behavioral specification, van Eijck and Orzan [20] propose a dynamic epistemic logic. However, it seems that no mediation is necessary [16,13] and it is possible to bridge this gap by proposing a combined framework as it is also suggested in this paper. However, in the works cited above, the authors study abstract versions of protocols which do not take into account cryptographic primitives (e.g.…”

Section: Related and Future Workmentioning

confidence: 99%

“…We shall now define the satisfaction relation for epistemic formulas. As in the case of epistemic logic for distributed systems [15,16], the epistemic formulas will be interpreted over the possible "runs" of a process, i.e. the set of maximal traces (Definition 2).…”

Section: Lemma 1 Let δ Be a Closed Static Formula With No Free Namesmentioning

confidence: 99%

Epistemic Logic for the Applied Pi Calculus

Chadha

Delaune

Kremer

2009

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. We propose an epistemic logic for the applied pi calculus, which is a variant of the pi calculus with extensions for modeling cryptographic protocols. In such a calculus, the security guarantees are usually stated as equivalences. While process calculi provide a natural means to describe the protocols themselves, epistemic logics are often better suited for expressing certain security properties such as secrecy and anonymity.We intend to bridge the gap between these two approaches: using the set of traces generated by a process as models, we define a logic which has constructs for reasoning about both intruder's epistemic knowledge and the set of messages in possession of the intruder. As an example we consider two formalizations of privacy in electronic voting and study the relationship between them.

show abstract

Compiling an Epistemic Logic for Multiagent Systems

Goriac

2013

Int. J. Intell. Syst.

View full text Add to dashboard Cite

Because of the special interest manifested in ARES 2011 conference related to the distinction between observational equivalence and behavioral equivalence, we decided to pay special attention to this topic. This paper primarily focuses on defining knowledge and analyzing its properties in a multiagent system by developing the approach suggested by Halpern and O'Neill (ACM Trans Inf Syst Secur 2008;12(1); J Comput Secur 2005;13(3):483–512). We carefully elaborate on the internal state of an agent and explain how it is able to influence its actions. After that, two types of state equivalence are considered introspective and extrospective for which we define general and bounded variants. The bounded variants are particularly suited to modeling real‐world security protocols. Beside knowledge we introduce beliefs and for both notions we provide two types of definitions, some very abstract (that we call conceptual) and some a bit more intuitive (called operational). In the last section, we use of all the concepts so far defined to introduce reality strategies to highlight the adaptability of an agent to its environment. We conclude that the usefulness of the operationally defined knowledge is a bit counterintuitive.

show abstract

Anonymity and information hiding in multiagent systems

Cited by 85 publications

References 36 publications

A Complete Axiomatization of Knowledge and Cryptography

A Complete Axiomatization of Knowledge and Cryptography

Epistemic Logic for the Applied Pi Calculus

Compiling an Epistemic Logic for Multiagent Systems

Contact Info

Product

Resources

About