35,462 research outputs found
Proving Cryptographic C Programs Secure with General-Purpose Verification Tools
Security protocols, such as TLS or Kerberos, and security devices such as the Trusted Platform Module (TPM), Hardware Security Modules (HSMs) or PKCS#11 tokens, are central to many computer interactions.
Yet, such security critical components are still often found vulnerable to attack after their deployment, either because the specification is insecure, or because of implementation errors.
Techniques exist to construct machine-checked proofs of security properties for abstract specifications.
However, this may leave the final executable code, often written in lower level languages such as C, vulnerable both to logical errors, and low-level flaws.
Recent work on verifying security properties of C code is often based on soundly extracting, from C programs, protocol models on which security properties can be proved.
However, in such methods, any change in the C code, however trivial, may require one to perform a new and complex security proof.
Our goal is therefore to develop or identify a framework in which security properties of cryptographic systems can be formally proved, and that can also be used to soundly verify, using existing general-purpose tools, that a C program shares the same security properties.
We argue that the current state of general-purpose verification tools for the C language, as well as for functional languages, is sufficient to achieve this goal, and illustrate our argument by developing two verification frameworks around the VCC verifier.
In the symbolic model, we illustrate our method by proving authentication and weak secrecy for implementations of several network security protocols.
In the computational model, we illustrate our method by proving authentication and strong secrecy properties for an exemplary key management API, inspired by the TPM
INFORMATION THEORETIC SECRET KEY GENERATION: STRUCTURED CODES AND TREE PACKING
This dissertation deals with a multiterminal source model for
secret key generation by multiple network terminals with prior and
privileged access to a set of correlated signals complemented by
public discussion among themselves. Emphasis is placed on a
characterization of secret key capacity, i.e., the largest rate of
an achievable secret key, and on algorithms for key construction.
Various information theoretic security requirements of increasing
stringency: weak, strong and perfect secrecy, as well as different
types of sources: finite-valued and continuous, are studied.
Specifically, three different models are investigated.
First, we consider strong secrecy generation for a
discrete multiterminal source model. We discover a
connection between secret key capacity and a new
source coding concept of ``minimum information rate for signal dissemination,''
that is of independent interest in multiterminal data compression.
Our main contribution is to show for this discrete model
that structured linear codes suffice to generate a
strong secret key of the best rate.
Second, strong secrecy generation is considered for models with
continuous observations, in particular jointly Gaussian signals.
In the absence of suitable analogs of source coding notions for
the previous discrete model, new techniques are required for a
characterization of secret key capacity as well as for the design
of algorithms for secret key generation. Our proof of the secret
key capacity result, in particular the converse proof, as well as
our capacity-achieving algorithms for secret key construction
based on structured codes and quantization for a model with two
terminals, constitute the two main contributions for this second
model.
Last, we turn our attention to perfect secrecy generation for
fixed signal observation lengths as well as for their asymptotic
limits. In contrast with the analysis of the previous two models
that relies on probabilistic techniques, perfect secret key
generation bears the essence of ``zero-error information theory,''
and accordingly, we rely on mathematical techniques of a
combinatorial nature. The model under consideration is the
``Pairwise Independent Network'' (PIN) model in which every pair
of terminals share a random binary string, with the strings shared
by distinct pairs of terminals being mutually independent. This
model, which is motivated by practical aspects of a wireless
communication network in which terminals communicate on the same
frequency, results in three main contributions. First, the
concept of perfect omniscience in data compression leads to a
single-letter formula for the perfect secret key capacity of the
PIN model; moreover, this capacity is shown to be achieved by
linear noninteractive public communication, and coincides with
strong secret key capacity. Second, taking advantage of a
multigraph representation of the PIN model, we put forth an
efficient algorithm for perfect secret key generation based on a
combinatorial concept of maximal packing of Steiner trees of the
multigraph. When all the terminals seek to share perfect secrecy,
the algorithm is shown to achieve capacity. When only a subset of
terminals wish to share perfect secrecy, the algorithm is shown to
achieve at least half of it. Additionally, we obtain nonasymptotic
and asymptotic bounds on the size and rate of the best perfect
secret key generated by the algorithm. These bounds are of
independent interest from a purely graph theoretic viewpoint as
they constitute new estimates for the maximum size and rate of
Steiner tree packing of a given multigraph. Third, a particular
configuration of the PIN model arises when a lone ``helper''
terminal aids all the other ``user'' terminals generate perfect
secrecy. This model has special features that enable us to obtain
necessary and sufficient conditions for Steiner tree packing to
achieve perfect secret key capacity
Efficient Wireless Security Through Jamming, Coding and Routing
There is a rich recent literature on how to assist secure communication
between a single transmitter and receiver at the physical layer of wireless
networks through techniques such as cooperative jamming. In this paper, we
consider how these single-hop physical layer security techniques can be
extended to multi-hop wireless networks and show how to augment physical layer
security techniques with higher layer network mechanisms such as coding and
routing. Specifically, we consider the secure minimum energy routing problem,
in which the objective is to compute a minimum energy path between two network
nodes subject to constraints on the end-to-end communication secrecy and
goodput over the path. This problem is formulated as a constrained optimization
of transmission power and link selection, which is proved to be NP-hard.
Nevertheless, we show that efficient algorithms exist to compute both exact and
approximate solutions for the problem. In particular, we develop an exact
solution of pseudo-polynomial complexity, as well as an epsilon-optimal
approximation of polynomial complexity. Simulation results are also provided to
show the utility of our algorithms and quantify their energy savings compared
to a combination of (standard) security-agnostic minimum energy routing and
physical layer security. In the simulated scenarios, we observe that, by
jointly optimizing link selection at the network layer and cooperative jamming
at the physical layer, our algorithms reduce the network energy consumption by
half
- …