7 research outputs found
A NOVEL METHODOLOGY TO DESIGN SECURITY PROTOCOLS BASED ON A NEW SET OF DESIGN PRINCIPLES
This paper presents a novel design methodology based on a new set of design principles to develop step-by-step security protocols for up to three participants, guiding the designer on each step. It accompanies the designer through a succession of six abstraction levels proposed in this work: protocol objectives, protocol constraints, security mechanisms, message flow, protocol conformation and authentication tests. The methodology proposed is based on a new set of design principles extracted from different sources and combined using the systemic approach, which considers the designer and clientâs security and functional needs. The resulting model separates highlevel tasks from implementation details, allowing the designer to specify the security requirements and functionality desired for each abstraction level. Consequently, the protocol design is linked with the best-fitting design principle. To corroborate the results of the methodology, the resulting protocol in the Alice and Bob notation in the fifth level is tested using the âStrand Spacesâ Model. The Needham-Schroeder protocol with symmetric keys was successfully used as a test. The security goals achieved were: authentication, confidentiality, integrity, and non-repudiation
Statically detecting message confusions in a multi-protocol setting
In a multi-protocol setting, different protocols are concurrently
executed, and each principal can participate in more than one.
The possibilities of attacks therefore increase, often due to the presence
of similar patterns in messages. Messages coming from one protocol can
be confused with similar messages coming from another protocol. As a
consequence, data of one type may be interpreted as data of another,
and it is also possible that the type is the expected one, but the message
is addressed to another protocol. In this paper, we shall present
an extension of the LySa calculus [7, 4] that decorates encryption with
tags including the protocol identifier, the protocol step identifier and
the intended types of the encrypted terms. The additional information
allows us to find the messages that can be confused and therefore to
have hints to reconstruct the attack. We extend accordingly the standard
static Control Flow Analysis for LySa, which over-approximates
all the possible behaviour of the studied protocols, included the possible
message confusions that may occur at run-time. Our analysis has been
implemented and successfully applied to small sets of protocols. In particular,
we discovered an undocumented family of attacks, that may arise
when Bauer-Berson-Feiertag and the Woo-Lam authentication protocols
are running in parallel. The implementation complexity of the analysis
is low polynomial
A class of theory-decidable inference systems
Tableau dâhonneur de la FacultĂ© des Ă©tudes supĂ©rieures et postdoctorales, 2004-2005Dans les deux derniĂšres dĂ©cennies, lâInternet a apportĂ© une nouvelle dimension aux communications. Il est maintenant possible de communiquer avec nâimporte qui, nâimporte oĂč, nâimporte quand et ce, en quelques secondes. Alors que certains systĂšmes de communication distribuĂ©s, comme le courriel, le chat, . . . , sont plutĂŽt informels et ne nĂ©cessitent aucune sĂ©curitĂ©, dâautres comme lâĂ©change dâinformations militaires ou encore mĂ©dicales, le commerce Ă©lectronique, . . . , sont trĂšs formels et nĂ©cessitent de trĂšs hauts niveaux de sĂ©curitĂ©. Pour atteindre les objectifs de sĂ©curitĂ© voulus, les protocoles cryptographiques sont souvent utilisĂ©s. Cependant, la crĂ©ation et lâanalyse de ces protocoles sont trĂšs difficiles. Certains protocoles ont Ă©tĂ© montrĂ©s incorrects plusieurs annĂ©es aprĂšs leur conception. Nous savons maintenant que les mĂ©thodes formelles sont le seul espoir pour avoir des protocoles parfaitement corrects. Ce travail est une contribution dans le domaine de lâanalyse des protocoles cryptographiques de la façon suivante: âą Une classification des mĂ©thodes formelles utilisĂ©es pour lâanalyse des protocoles cryptographiques. âą Lâutilisation des systĂšmes dâinfĂ©rence pour la modÂŽelisation des protocoles cryptographiques. âą La dĂ©finition dâune classe de systĂšmes dâinfĂ©rence qui ont une theorie dĂ©cidable. âą La proposition dâune procĂ©dure de dĂ©cision pour une grande classe de protocoles cryptographiquesIn the last two decades, Internet brought a new dimension to communications. It is now possible to communicate with anyone, anywhere at anytime in few seconds. While some distributed communications, like e-mail, chat, . . . , are rather informal and require no security at all, others, like military or medical information exchange, electronic-commerce, . . . , are highly formal and require a quite strong security. To achieve security goals in distributed communications, it is common to use cryptographic protocols. However, the informal design and analysis of such protocols are error-prone. Some protocols were shown to be deficient many years after their conception. It is now well known that formal methods are the only hope of designing completely secure cryptographic protocols. This thesis is a contribution in the field of cryptographic protocols analysis in the following way: âą A classification of the formal methods used in cryptographic protocols analysis. âą The use of inference systems to model cryptographic protocols. âą The definition of a class of theory-decidable inference systems. âą The proposition of a decision procedure for a wide class of cryptographic protocols
Keeping Fairness Alive : Design and formal verification of optimistic fair exchange protocols
Fokkink, W.J. [Promotor]Pol, J.C. van de [Promotor
Analyse automatique de propriĂ©tĂ©s dâĂ©quivalence pour les protocoles cryptographiques
As the number of devices able to communicate grows, so does the need to secure their interactions. The design of cryptographic protocols is a difficult task and prone to human errors. Formal verification of such protocols offers a way to automatically and exactly prove their security. In particular, we focus on automated verification methods to prove the equivalence of cryptographic protocols for a un-bounded number of sessions. This kind of property naturally arises when dealing with the anonymity of electronic votingor the untracability of electronic passports. Because the verification of equivalence properties is a complex issue, we first propose two methods to simplify it: first we design a transformation on protocols to delete any nonce while maintaining the soundness of equivalence checking; then we prove a typing result which decreases the search space for attacks without affecting the power of the attacker. Finally, we describe three classes of protocols for which equivalence is decidable in the symbolic model. These classes benefit from the simplification results stated earlier and enable us to automatically analyze tagged protocols with or without nonces, as well as ping-pong protocols.Ă mesure que le nombre dâobjets capables de communiquer croĂźt, le besoin de sĂ©curiser leurs interactions Ă©galement. La conception des protocoles cryptographiques nĂ©cessaires pour cela est une tĂąche notoirement complexe et frĂ©quemment sujette aux erreurs humaines. La vĂ©rification formelle de protocoles entend offrir des mĂ©thodes automatiques et exactes pour sâassurer de leur sĂ©curitĂ©. Nous nous intĂ©ressons en particulier aux mĂ©thodes de vĂ©rification automatique des propriĂ©tĂ©s dâĂ©quivalence pour de tels protocoles dans le modĂšle symbolique et pour un nombre non bornĂ© de sessions. Les propriĂ©tĂ©s dâĂ©quivalences ont naturellement employĂ©es pour sâassurer, par exemple, de lâanonymat du vote Ă©lectronique ou de la non-traçabilitĂ© des passeports Ă©lectroniques. Parce que la vĂ©rification de propriĂ©tĂ©s dâĂ©quivalence est un problĂšme complexe, nous proposons dans un premier temps deux mĂ©thodes pour en simplifier la vĂ©rification : tout dâabord une mĂ©thode pour supprimer lâutilisation des nonces dans un protocole tout en prĂ©servant la correction de la vĂ©rification automatique; puis nous dĂ©montrons un rĂ©sultat de typage qui permet de restreindre lâespace de recherche dâattaques sans pour autant affecter le pouvoir de lâattaquant. Dans un second temps nous exposons trois classes de protocoles pour lesquelles la vĂ©rification de lâĂ©quivalence dans le modĂšle symbolique est dĂ©cidable. Ces classes bĂ©nĂ©ficient des mĂ©thodes de simplification prĂ©sentĂ©es plus tĂŽt et permettent dâĂ©tudier automatiquement des protocoles tagguĂ©s, avec ou sans nonces, ou encore des protocoles ping-pong