1,125 research outputs found
Computationally Complete Symbolic Attacker in Action
We show that the recent technique of computationally complete symbolic attackers proposed by Bana and Comon-Lundh [POST 2012] for computationally sound verification of security protocols is powerful enough to verify actual protocols. In their work, Bana and Comon-Lundh presented only the general framework, but they did not introduce sufficiently many axioms to actually prove protocols.
We present a set of axioms -- some generic axioms that are computationally sound for all PPT algorithms, and two specific axioms that are sound for CCA2 secure encryptions -- and illustrate the power of this technique by giving the first computationally sound verification (secrecy and authentication) via symbolic attackers of the NSL Protocol that does not need any further restrictive assumptions about the computational implementation.
The axioms are entirely modular, not particular to the NSL protocol
Formal Computational Unlinkability Proofs of RFID Protocols
We set up a framework for the formal proofs of RFID protocols in the
computational model. We rely on the so-called computationally complete symbolic
attacker model. Our contributions are: i) To design (and prove sound) axioms
reflecting the properties of hash functions (Collision-Resistance, PRF); ii) To
formalize computational unlinkability in the model; iii) To illustrate the
method, providing the first formal proofs of unlinkability of RFID protocols,
in the computational model
Computational Soundness for Dalvik Bytecode
Automatically analyzing information flow within Android applications that
rely on cryptographic operations with their computational security guarantees
imposes formidable challenges that existing approaches for understanding an
app's behavior struggle to meet. These approaches do not distinguish
cryptographic and non-cryptographic operations, and hence do not account for
cryptographic protections: f(m) is considered sensitive for a sensitive message
m irrespective of potential secrecy properties offered by a cryptographic
operation f. These approaches consequently provide a safe approximation of the
app's behavior, but they mistakenly classify a large fraction of apps as
potentially insecure and consequently yield overly pessimistic results.
In this paper, we show how cryptographic operations can be faithfully
included into existing approaches for automated app analysis. To this end, we
first show how cryptographic operations can be expressed as symbolic
abstractions within the comprehensive Dalvik bytecode language. These
abstractions are accessible to automated analysis, and they can be conveniently
added to existing app analysis tools using minor changes in their semantics.
Second, we show that our abstractions are faithful by providing the first
computational soundness result for Dalvik bytecode, i.e., the absence of
attacks against our symbolically abstracted program entails the absence of any
attacks against a suitable cryptographic program realization. We cast our
computational soundness result in the CoSP framework, which makes the result
modular and composable.Comment: Technical report for the ACM CCS 2016 conference pape
Formal Verification of Security Protocol Implementations: A Survey
Automated formal verification of security protocols has been mostly focused on analyzing high-level abstract models which, however, are significantly different from real protocol implementations written in programming languages. Recently, some researchers have started investigating techniques that bring automated formal proofs closer to real implementations. This paper surveys these attempts, focusing on approaches that target the application code that implements protocol logic, rather than the libraries that implement cryptography. According to these approaches, libraries are assumed to correctly implement some models. The aim is to derive formal proofs that, under this assumption, give assurance about the application code that implements the protocol logic. The two main approaches of model extraction and code generation are presented, along with the main techniques adopted for each approac
Quantitative Analysis of DoS Attacks and Client Puzzles in IoT Systems
Denial of Service (DoS) attacks constitute a major security threat to today's
Internet. This challenge is especially pertinent to the Internet of Things
(IoT) as devices have less computing power, memory and security mechanisms to
mitigate DoS attacks. This paper presents a model that mimics the unique
characteristics of a network of IoT devices, including components of the system
implementing `Crypto Puzzles' - a DoS mitigation technique. We created an
imitation of a DoS attack on the system, and conducted a quantitative analysis
to simulate the impact such an attack may potentially exert upon the system,
assessing the trade off between security and throughput in the IoT system. We
model this through stochastic model checking in PRISM and provide evidence that
supports this as a valuable method to compare the efficiency of different
implementations of IoT systems, exemplified by a case study
Actor-network procedures: Modeling multi-factor authentication, device pairing, social interactions
As computation spreads from computers to networks of computers, and migrates
into cyberspace, it ceases to be globally programmable, but it remains
programmable indirectly: network computations cannot be controlled, but they
can be steered by local constraints on network nodes. The tasks of
"programming" global behaviors through local constraints belong to the area of
security. The "program particles" that assure that a system of local
interactions leads towards some desired global goals are called security
protocols. As computation spreads beyond cyberspace, into physical and social
spaces, new security tasks and problems arise. As networks are extended by
physical sensors and controllers, including the humans, and interlaced with
social networks, the engineering concepts and techniques of computer security
blend with the social processes of security. These new connectors for
computational and social software require a new "discipline of programming" of
global behaviors through local constraints. Since the new discipline seems to
be emerging from a combination of established models of security protocols with
older methods of procedural programming, we use the name procedures for these
new connectors, that generalize protocols. In the present paper we propose
actor-networks as a formal model of computation in heterogenous networks of
computers, humans and their devices; and we introduce Procedure Derivation
Logic (PDL) as a framework for reasoning about security in actor-networks. On
the way, we survey the guiding ideas of Protocol Derivation Logic (also PDL)
that evolved through our work in security in last 10 years. Both formalisms are
geared towards graphic reasoning and tool support. We illustrate their workings
by analysing a popular form of two-factor authentication, and a multi-channel
device pairing procedure, devised for this occasion.Comment: 32 pages, 12 figures, 3 tables; journal submission; extended
references, added discussio
Equivalence-Checking on Infinite-State Systems: Techniques and Results
The paper presents a selection of recently developed and/or used techniques
for equivalence-checking on infinite-state systems, and an up-to-date overview
of existing results (as of September 2004)
Quantifying pervasive authentication: the case of the Hancke-Kuhn protocol
As mobile devices pervade physical space, the familiar authentication
patterns are becoming insufficient: besides entity authentication, many
applications require, e.g., location authentication. Many interesting protocols
have been proposed and implemented to provide such strengthened forms of
authentication, but there are very few proofs that such protocols satisfy the
required security properties. The logical formalisms, devised for reasoning
about security protocols on standard computer networks, turn out to be
difficult to adapt for reasoning about hybrid protocols, used in pervasive and
heterogenous networks.
We refine the Dolev-Yao-style algebraic method for protocol analysis by a
probabilistic model of guessing, needed to analyze protocols that mix weak
cryptography with physical properties of nonstandard communication channels.
Applying this model, we provide a precise security proof for a proximity
authentication protocol, due to Hancke and Kuhn, that uses a subtle form of
probabilistic reasoning to achieve its goals.Comment: 31 pages, 2 figures; short version of this paper appeared in the
Proceedings of MFPS 201
- …