Application level security enforcement mechanisms for advanced network services

Masteroppgave i informasjons- og kommunikasjonsteknologi 2006 - Høgskolen i Agder, GrimstadToday the telecom world and the Internet world are converging. Ericsson has foreseen this convergence and developed a prototype of a service creation and execution environment called ServiceFrame. ServiceFrame is an extension of the ActorFrame framework. ActorFrame features new concepts described in UML 2.0, such as connectors, ports, parts and behaviour inheritance and structured classes. ActorFrame has central components called actors and agents. Actors and agents are modelled and described using the UML 2.0 notation. In ActorFrame and ServiceFrame actors and agents are communicating asynchronously using messages and concurrent state machines. The ServiceFrame developers have always concentrated on making ServiceFrame a framework with distributed components. The developers have not yet focused on the security issues in ServiceFrame. As a result ServiceFrame currently has no security mechanisms for securing actors or agents. This thesis proposes a security protocol and security mechanisms for securing ServiceFrame. The proposed security mechanisms are implemented in a prototype and tested using a test case. The report first gives an introduction to security concepts, such as authentication, authorisation, integrity and confidentiality. The report also describes relevant frameworks and security protocols. The Java programming language is used for developing and implementing the security mechanisms. UML 2.0 is used as the modelling language. At the end of the report the security mechanisms are analysed and discussed. Authentication in ServiecFrame is achieved by using a key exchange protocol with certificates. In the thesis a solution for achieving authorisation is proposed. This thesis only proposes a rudimentary solution which uses access control lists. Integrity and confidentiality are achieved using cryptography and signing of messages. The main conclusion of this thesis is that the security mechanisms proposed can contribute to securing the ServiceFrame framework. The security mechanisms achieve point to point security between two agents. ServiceFrame could be used to secure access to the Parlay gateway and telecom services. Fundamental in the security mechanisms is an extended variant of the Needham-Schroeder-Lowe public key protocol. The main contribution of this thesis has been to introduce security in ServiceFrame, which previously had not been implemented. The security mechanisms can be used by developers of ServiceFrame to accomplish security in their services. Commercial systems require focus on security to secure both end users and the service providers. The thesis work may contribute to the establishment of ServiceFrame in commercially related products in the future. The thesis has shown that ServiceFrame does not have security mechanisms and that achieving security is essential for ServiceFrame. The thesis has also shown that some of the proposed security mechanisms can be implemented in the framework. It has also shown how security concepts can be implemented and used by distributed components

Les preuves de protocoles cryprographiques revisitées

With the rise of the Internet the use of cryptographic protocols became ubiquitous. Considering the criticality and complexity of these protocols, there is an important need of formal verification.In order to obtain formal proofs of cryptographic protocols, two main attacker models exist: the symbolic model and the computational model. The symbolic model defines the attacker capabilities as a fixed set of rules. On the other hand, the computational model describes only the attacker's limitations by stating that it may break some hard problems. While the former is quiteabstract and convenient for automating proofs the later offers much stronger guarantees.There is a gap between the guarantees offered by these two models due to the fact the symbolic model defines what the adversary may do while the computational model describes what it may not do. In 2012 Bana and Comon devised a new symbolic model in which the attacker's limitations are axiomatised. In addition provided that the (computational semantics) of the axioms follows from the cryptographic hypotheses, proving security in this symbolic model yields security in the computational model.The possibility of automating proofs in this model (and finding axioms general enough to prove a large class of protocols) was left open in the original paper. In this thesis we provide with an efficient decision procedure for a general class of axioms. In addition we propose a tool (SCARY) implementing this decision procedure. Experimental results of our tool shows that the axioms we designed for modelling security of encryption are general enough to prove a large class of protocols.Avec la généralisation d'Internet, l'usage des protocoles cryptographiques est devenu omniprésent. Étant donné leur complexité et leur l'aspect critique, une vérification formelle des protocoles cryptographiques est nécessaire.Deux principaux modèles existent pour prouver les protocoles. Le modèle symbolique définit les capacités de l'attaquant comme un ensemble fixe de règles, tandis que le modèle calculatoire interdit seulement a l'attaquant derésoudre certain problèmes difficiles. Le modèle symbolique est très abstrait et permet généralement d'automatiser les preuves, tandis que le modèle calculatoire fournit des garanties plus fortes.Le fossé entre les garanties offertes par ces deux modèles est dû au fait que le modèle symbolique décrit les capacités de l'adversaire alors que le modèle calculatoire décrit ses limitations. En 2012 Bana et Comon ont proposé unnouveau modèle symbolique dans lequel les limitations de l'attaquant sont axiomatisées. De plus, si la sémantique calculatoire des axiomes découle des hypothèses cryptographiques, la sécurité dans ce modèle symbolique fournit desgaranties calculatoires.L'automatisation des preuves dans ce nouveau modèle (et l'élaboration d'axiomes suffisamment généraux pour prouver un grand nombre de protocoles) est une question laissée ouverte par l'article de Bana et Comon. Dans cette thèse nous proposons une procédure de décision efficace pour une large classe d'axiomes. De plus nous avons implémenté cette procédure dans un outil (SCARY). Nos résultats expérimentaux montrent que nos axiomes modélisant la sécurité du chiffrement sont suffisamment généraux pour prouver une large classe de protocoles

A Computational Analysis of the Needham-Schröeder-(Lowe) Protocol

We provide the first computational analysis of the well known Needham-Schröeder(-Lowe) protocol. We show that Lowe's attack to the original protocol can naturally be cast to the computational framework. Then we prove that chosen-plaintext security for encryption schemes is not sufficient to ensure soundness of formal proofs with respect to the computational setting, by exhibiting an attack against the corrected version of the protocol implemented using an ElGamal encryption scheme. Our main result is a proof that, when implemented using an encryption scheme that satisfies indistinguishability under chosen-ciphertext attack, the Needham-Schröeder-Lowe protocol is indeed a secure mutual authentication protocol. The technicalities of our proof reveal new insights regarding the relation between formal and computational models for system security

A Computational Analysis of the Needham-Schröeder-(Lowe) Protocol

We provide the first computational analysis of the well known Needham-Schröeder(-Lowe) protocol. We show that Lowe's attack to the original protocol can naturally be cast to the computational framework. Then we prove that chosen-plaintext security for encryption schemes is not sufficient to ensure soundness of formal proofs with respect to the computational setting, by exhibiting an attack against the corrected version of the protocol implemented using an ElGamal encryption scheme. Our main result is a proof that, when implemented using an encryption scheme that satisfies indistinguishability under chosen-ciphertext attack, the Needham-Schröeder-Lowe protocol is indeed a secure mutual authentication protocol. The technicalities of our proof reveal new insights regarding the relation between formal and computational models for system security