Nonce-based Kerberos is a Secure Delegated AKE Protocol

Kerberos is one of the most important cryptographic protocols, first because it is the basisc authentication protocol in Microsoft\u27s Active Directory and shipped with every major operating system, and second because it served as a model for all Single-Sign-On protocols (e.g. SAML, OpenID, MS Cardspace, OpenID Connect). Its security has been confirmed with several Dolev-Yao style proofs, and attacks on certain versions of the protocol have been described. However despite its importance, despite its longevity, and despite the wealth of Dolev-Yao-style security proofs, no reduction based security proof has been published until now. This has two reasons: (1) All widely accepted formal models either deal with two-party protocols, or group key agreement protocols (where all entities have the same role), but not with 3-party protocols where each party has a different role. (2) Kerberos uses timestamps and nonces, and formal security models for timestamps are not well understood up to now. As a step towards a full security proof of Kerberos, we target problem (1) here: We propose a variant of the Kerberos protocol, where nonces are used instead of timestamps. This requires one additional protocol message, but enables a proof in the standard Bellare-Rogaway (BR) model. The key setup and the roles of the different parties are identical to the original Kerberos protocol. For our proof, we only require that the authenticated encryption and the message authentication code (MAC) schemes are secure. Under these assumptions we show that the probability that a client or server process oracle accepts maliciously, and the advantage of an adversary trying to distinguish a real Kerberos session key from a random value, are both negligible. One main idea in the proof is to model the Kerberos server a a public oracle, so that we do not have to consider the security of the connection client--Kerberos. This idea is only applicable to the communication pattern adapted by Kerberos, and not to other 3-party patterns (e.g. EAP protocols)

Time-sensitive Information Flow Control in Timed Event-B

Protecting confidential data in today’s computing\ud environments is an important problem. Information flow\ud control can help to avoid information leakage and violations\ud introduced by executing the software applications. In software\ud development cycle, it is important to handle security related\ud issues from the beginning specifications at the level of abstract.\ud Mu [1] investigated the problem of preserving information flow\ud security in the Event-B specification models. A typed Event-\ud B model was presented to enforce information flow security\ud and to prevent direct flows introduced by the system. However,\ud in practice, timing behaviours of programs can also introduce\ud a covert flow. The problem of run-time flow monitoring and\ud controlling must also be addressed. This paper investigates\ud information flow control in the Event-B specification language\ud with timing constructs. We present a timed Event-B system\ud by introducing timers and relevant time constraints into the\ud system events. We suggest a time-sensitive flow security condition\ud for the timed Event-B systems, and present a type system\ud to close the covert channels of timing flows for the system by\ud ensuring the security condition. We then investigate how to\ud refine timed events during the stepwise refinement modelling\ud to satisfy the security condition

MicroWalk: A Framework for Finding Side Channels in Binaries

Microarchitectural side channels expose unprotected software to information leakage attacks where a software adversary is able to track runtime behavior of a benign process and steal secrets such as cryptographic keys. As suggested by incremental software patches for the RSA algorithm against variants of side-channel attacks within different versions of cryptographic libraries, protecting security-critical algorithms against side channels is an intricate task. Software protections avoid leakages by operating in constant time with a uniform resource usage pattern independent of the processed secret. In this respect, automated testing and verification of software binaries for leakage-free behavior is of importance, particularly when the source code is not available. In this work, we propose a novel technique based on Dynamic Binary Instrumentation and Mutual Information Analysis to efficiently locate and quantify memory based and control-flow based microarchitectural leakages. We develop a software framework named \tool~for side-channel analysis of binaries which can be extended to support new classes of leakage. For the first time, by utilizing \tool, we perform rigorous leakage analysis of two widely-used closed-source cryptographic libraries: \emph{Intel IPP} and \emph{Microsoft CNG}. We analyze $15$ different cryptographic implementations consisting of $112$ million instructions in about $105$ minutes of CPU time. By locating previously unknown leakages in hardened implementations, our results suggest that \tool~can efficiently find microarchitectural leakages in software binaries

Injecting Task Delegation Constraints into a Role-based Access Control Model

International audienceIn role-based access control models, delegation of authorityinvolves delegating roles that a user can assume or the set of permissions that he can acquire, to other users. Several role-based delegation models have been proposed in the literature. However, these models consider only delegation in presence of the role type, which have some inherent limitations to task delegation in workflow systems. In this paper, we address task delegation in a workflow and elaborate a security model supporting delegation constraints. Delegation constraints express security requirements with regards to task's resources, user's assignment and privileges (delegation of authority). Further, we show how, using a role-based security model, we inject formalised delegation constraints to compute delegation principals with their respective privileges

A Secure Task Delegation Model for Workflows

International audienceWorkflow management systems provide some of the required technical means to preserve integrity, confidentiality and availability at the control-, data- and task assignment layers of a workflow. We currently observe a move away from predefined strict workflow enforcement approaches towards supporting exceptions which are difficult to foresee when modelling a workflow. One specific approach for exception handling is that of task delegation. The delegation of a task from one principal to another, however, has to be managed and executed in a secure way, in this context implying the presence of a fixed set of delegation events. In this paper, we propose first and foremost, a secure task delegation model within a workflow. The novel part of this model is separating the various aspects of delegation with regards tousers, tasks, events and data, portraying them in terms of a multi-layered state machine. We then define delegation scenarios and analyse additional requirements to support secure task delegation over these layers. Moreover, we detail a delegation protocol with a specific focus on the initial negotiation steps between the involved principals

Towards Proactive Policies supporting Event-based Task Delegation

International audienceDelegation mechanisms are receiving increasing interest from the research community. Task delegation is a mechanism that supports organisational flexibility in the human-centric workflow systems, and ensures delegation of authority in access control systems. In this paper, we consider task delegation as an advanced security mechanism supporting policy decision. We define an approach to support dynamic delegation of authority within an access control framework. The novelty consists of reasoning on authorisation dependently on task delegation events, and specifies them in terms of delegation policies. When one of these events changes, our access policy decision may change proactively implying dynamic delegation of authority. Existing work on access control systems remain stateless and do not consider this perspective. We highlight such limitations, and propose a task delegation framework to support proactive enforcement of delegation policies

Private Information Retrieval Using Trusted Hardware

Singapore Management Universit

Delegation Protocols in Human-Centric Workflows

International audienceOrganisations are facilitated and conducted using workflow management systems. Currently, we observe a tendency moving away from strict workflow modelling towards dynamic approaches supporting human interactions when deploying a workflow. One specific approach ensuring human-centric workflows is task delegation. Delegating a task may require an access to specific and potentially sensitive data that have to be secured and specified into authorisation policies. In this paper, we propose a modelling approach to secure delegation. In doing so, we define delegation protocols supporting specific constraints based on both workflow and access control systems. Moreover, we develop an advanced access control framework to integrate delegation constraints within existing policies. The novelty consists in the proactivity aspect of our framework to cope with dynamic delegation of authority in authorisation policies