Timed Analysis of Security Protocols

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study of different attack scenarios. We model check the protocols using UPPAAL. Further, a taxonomy is obtained by studying and categorising protocols from the well known Clark Jacob library and the Security Protocol Open Repository (SPORE) library. Finally, we present some new challenges and threats that arise when considering time in the analysis, by providing a novel protocol that uses time challenges and exposing a timing attack over an implementation of an existing security protocol

Verification of the TESLA protocol in MCMAS-X

We present MCMAS-X, an extension of the OBDD-based model checker MCMAS for multi-agent systems, to explicit and deductive knowledge. We use MCMAS-X to verify authentication properties in the TESLA secure stream protocol

Analysing Stream Authentication Protocols in Autonomous Agent-Based Systems

In stream authentication protocols used for large-scale data dissemination in autonomuous systems, authentication is based on the timing of the publication of keys, and depends on trust of the receiver in the sender and belief on whether an intruder can have prior knowledge of a key before it is published by a protocol. Many existing logics and approaches have successfully been applied to specify other types of authentication protocols, but most of them are not appropriate for analysing stream authentication protocols. We therefore consider a fibred modal logic that combines a belief logic with a linear-time temporal logic which can be used to analyse time-varying aspects of certain problems. With this logical system one is able to build theories of trust for analysing stream authentication protocols, which can deal with not only agent beliefs but also the timing properties of an autonomous agent-based system

Modal Tableaux for Verifying Security Protocols

To develop theories to specify and reason about various aspects of multi-agent systems, many researchers have proposed the use of modal logics such as belief logics, logics of knowledge, and logics of norms. As multi-agent systems operate in dynamic environments, there is also a need to model the evolution of multi-agent systems through time. In order to introduce a temporal dimension to a belief logic, we combine it with a linear-time temporal logic using a powerful technique called fibring for combining logics. We describe a labelled modal tableaux system for a fibred belief logic (FL) which can be used to automatically verify correctness of inter-agent stream authentication protocols. With the resulting fibred belief logic and its associated modal tableaux, one is able to build theories of trust for the description of, and reasoning about, multi-agent systems operating in dynamic environments

Modal tableaux for verifying stream authentication protocols

To develop theories to specify and reason about various aspects of multi-agent systems, many researchers have proposed the use of modal logics such as belief logics, logics of knowledge, and logics of norms. As multi-agent systems operate in dynamic environments, there is also a need to model the evolution of multi-agent systems through time. In order to introduce a temporal dimension to a belief logic, we combine it with a linear-time temporal logic using a powerful technique called fibring for combining logics. We describe a labelled modal tableaux system for the resulting fibred belief logic (FL) which can be used to automatically verify correctness of inter-agent stream authentication protocols. With the resulting fibred belief logic and its associated modal tableaux, one is able to build theories of trust for the description of, and reasoning about, multi-agent systems operating in dynamic environments

Formal models and analysis of secure multicast in wired and wireless networks

The spreading of multicast technology enables the development of group communication and so dealing with digital streams becomes more and more common over the Internet. Given the flourishing of security threats, the distribution of streamed data must be equipped with sufficient security guarantees. To this aim, some architectures have been proposed, to supply the distribution of the stream with guarantees of, e.g., authenticity, integrity, and confidentiality of the digital contents. This paper shows a formal capability of capturing some features of secure multicast protocols. In particular, both the modeling and the analysis of some case studies are shown, starting from basic schemes for signing digital streams, passing through proto- cols dealing with packet loss and time-synchronization requirements, concluding with a secure distribution of a secret key. A process-algebraic framework will be exploited, equipped with schemata for analysing security properties and compositional principles for evaluating if a property is satisfied over a system with more than two components

PLACES'10: The 3rd Workshop on Programmng Language Approaches to concurrency and Communication-Centric Software

Paphos, Cyprus. March 201

IPv6 Network Mobility

Network Authentication, Authorization, and Accounting has been used since before the days of the Internet as we know it today. Authentication asks the question, “Who or what are you?” Authorization asks, “What are you allowed to do?” And fi nally, accounting wants to know, “What did you do?” These fundamental security building blocks are being used in expanded ways today. The fi rst part of this two-part series focused on the overall concepts of AAA, the elements involved in AAA communications, and highlevel approaches to achieving specifi c AAA goals. It was published in IPJ Volume 10, No. 1[0]. This second part of the series discusses the protocols involved, specifi c applications of AAA, and considerations for the future of AAA

Introducing a novel authentication protocol for secure services in heterogeneous environments using Casper/FDR

Next Generation Networks is a convergence of networks such as 2G/3G, WLAN as well as the recently implemented Long Term Evolution (LTE) networks. Future mobile devices will switch between these different networks to maintain the connectivity with end servers. However, to support these heterogeneous environments, there is a need to consider a new design of the network infrastructure, where currently closed systems such as 3G will have to operate in an open environment. Security is a key issue in this open environment; after authenticating the mobile terminal to access the network, there is a requirement for service-level mechanisms to protect the session between the mobile terminal and the remote service provider. Furthermore, since mobile terminals switch between networks of different characteristics in terms of coverage, Quality of Service and security, there is a need for re-assessing the security of the same session over the different networks to comply with the changes at the network level due to the mobility. Therefore, this paper introduces a Service-Level Authentication and Key Agreement protocol to secure the session between the mobile terminal and the end server. The proposed protocol considers user mobilities in an heterogeneous environment and reassesses the session's security level in case of handover. The proposed protocol has been verified using formal methods approach based on the well-established Casper/FDR compilers