Automatic Methods for Analyzing Non-Repudiation Protocols with an Active Intruder

Non-repudiation protocols have an important role in many areas where secured transactions with proofs of participation are necessary. Formal methods are clever and without error, therefore using them for verifying such protocols is crucial. In this purpose, we show how to partially represent non-repudiation as a combination of authentications on the Fair Zhou-Gollmann protocol. After discussing its limits, we define a new method based on the handling of the knowledge of protocol participants. This method is very general and is of natural use, as it consists in adding simple annotations, like for authentication problems. The method is very easy to implement in tools able to handle participants knowledge. We have implemented it in the AVISPA Tool and analyzed the optimistic Cederquist-Corin- Dashti protocol, discovering two unknown attacks. This extension of the AVISPA Tool for handling non-repudiation opens a highway to the specification of many other properties, without any more change in the tool itself

Automatic Methods for Analyzing Non-repudiation Protocole with an Active Intruder

International audienceNon-repudiation protocols have an important role in many areas where secured transactions with proofs of participation are necessary. Formal methods are clever and without error, therefore using them for verifying such protocols is crucial. In this purpose, we show how to partially represent non-repudiation as a combination of authentications on the Fair Zhou-Gollmann protocol. After discussing the limitations of this method, we define a new one based on the handling of the knowledge of protocol participants. This second method is general and of natural use, as it consists in adding simple annotations in the protocol specification. It is very easy to implement in tools able to handle participants knowledge. We have implemented it in the AVISPA Tool and analyzed the optimistic Cederquist-Corin-Dashti protocol, discovering two attacks. This extension of the AVISPA Tool for handling non-repudiation opens a highway to the specification of many other properties, without any more change in the tool itself

Fair Exchange with Guardian Angels

In this paper we propose a new probabilistic Fair Exchange Protocol which requires no central Trusted Third Party. Instead, it relies on a virtually distributed and decentralized Trusted Third Party which is formalized as a Guardian Angel: a kind of Observer e.g. a tamper proof security device. We thus introduce a network model with Pirates and Guardian Angels which is well suited for Ad Hoc networks. In this setting we reduce the Fair Exchange Problem to a Synchronization Problem in which honest parties need to eventually decide whether or not a protocol succeeded in a synchronous way through a hostile network which does not guaranty that sent messages will be eventually received. This problem can be of independent interest in order to add reliability of protocol termination in secure channels

Fair electronic exchange using biometrics

Fair exchange between two parties can be defined as an instance of exchange such that either both parties obtain what they expected or neither one does. Protocols that facilitate such transactions are known as “fair exchange protocols”. We analyze one such protocol by Micali that demonstrates fair contract signing, where two parties exchange their commitments over an already negotiated contract. In this research we show that Micali’s protocol is not completely fair and demonstrate the possibilities for one party cheating by obtaining the other party’s commitment and not offer theirs. A revised version of this protocol by Bao provides superior fairness by handling the above mentioned weakness but fails to handle the possibility of a replay attack. Our proposed protocol improves on Bao’s protocol by addressing the weakness that leads to a replay attack. We also demonstrate a software implementation of our system which provides fair contract signing along with properties like user authentication achieved through the use of a fingerprint based authentication system and features like confidentiality, data-integrity and non-repudiation achieved through implementation of hybrid cryptography and digital signatures algorithms based on Elliptic Curve Cryptography

Design and implementation of extensible middleware for non-repudiable interactions

PhD ThesisNon-repudiation is an aspect of security that is concerned with the creation of irrefutable audits of an interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task. A lot of supporting infrastructure is required which adds large expense to the interaction. This infrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purpose built trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents design and implementation of such an infrastructure. The runtime environment makes use of several trusted services to achieve external verification of the audit trail. Non-repudiation is achieved by executing fair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows a participant to protect their own interests by preventing any party from gaining an advantage by misbehaviour. The infrastructure has two novel aspects; extensibility and support for automated implementation of protocols. Extensibility is achieved by implementing the infrastructure in middleware and by presenting a large variety of non-repudiable business interaction patterns to the application (a non-repudiable interaction pattern is a higher level protocol composed from one or more non-repudiation protocols). The middleware is highly configurable allowing new non-repudiation protocols and interaction patterns to be easily added, without disrupting the application. This thesis presents a rigorous mechanism for automated implementation of non-repudiation protocols. This ensures that the protocol being executed is that which was intended and verified by the protocol designer. A family of non-repudiation protocols are taken and inspected. This inspection allows a set of generic finite state machines to be produced. These finite state machines can be used to maintain protocol state and manage the sending and receiving of appropriate protocol messages. A concrete implementation of the run-time environment and the protocol generation techniques is presented. This implementation is based on industry supported Web service standards and services.EPSRC, The Hewlett Packard Arjuna La

Protocols de seguretat amb terceres parts

Les solucions proposades en els articles científics sobre els intercanvis electrònics entre dues parts sovint involucren terceres parts (TTPs) per resoldre i simplificar el problema, però els usuaris hi han de dipositar una certa confiança. Ara bé, la confiança no és garantia ferma del compliment dels requisits de seguretat. Per això, molts usuaris són reticents a dipositar confiança en entitats remotes, fet que en dificulta l’ús. Aquí mostram com, a partir d’un determinat protocol de seguretat, podem aconseguir que la TTP involucrada sigui verificable. Construïm un entorn de confiança dins del protocol per mitjà del subministrament d’evidències sobre cada una de les operacions de la TTP (definim i introduïm la verificabilitat on-line de la TTP). Aconseguim això gràcies a la detecció, l’anàlisi i la classificació de cada una de les accions de la TTP. Aportam unes orientacions de disseny que faciliten la introducció de TTPs verificables dins dels protocols

Abordando fatores humanos no projeto de soluções criptográficas : dois estudos de caso em validação de itens e autenticação

Orientador: Ricardo DahabTese (doutorado) - Universidade Estadual de Campinas, Instituto de ComputaçãoResumo: O projeto de soluções criptográficas seguras a partir de uma perspectiva puramente teórica não é suficiente para garantir seu sucesso em cenários realistas. Diversas vezes, as premissas sob as quais estas soluções são propostas não poderiam estar mais longe das necessidades do mundo real. Um aspecto frequentemente esquecido, que pode influenciar em como a solução se sai ao ser integrada, é a forma como o usuário final interage com ela (i.e., fatores humanos). Neste trabalho, estudamos este problema através da análise de dois cenários de aplicação bem conhecidos da pesquisa em Segurança da Informação: O comércio eletrônico de itens digitais e Internet banking. Protocolos de trocas justas tem sido amplamente estudados, mas continuam não sendo implementados na maioria das transações de comércio eletrônico disponíveis. Para diversos tipos de itens digitais (e-goods), o modelo de negócios atual para comércio eletrônico falha em garantir justiça aos clientes. A validação de itens é um passo crítico em trocas justas, e recebeu pouca atenção dos pesquisadores. Nós acreditamos que estes problemas devam ser abordados de forma integrada, para que os protocolos de trocas justas possam ser efetivamente implementados no mercado. De forma geral, acreditamos também que isso seja um reflexo de paradigmas de projeto orientado a sistemas para soluções de segurança, que são centrados em dados em vez de usuários, o que resulta em métodos e técnicas que frequentemente desconsideram os requisitos de usuários. Contextualizamos como, ao subestimar as sutilezas do problema da validação de itens, o modelo atual para compra e venda de itens digitais falha em garantir sucesso, na perspectiva dos compradores, para as transações ¿ sendo, portanto, injusto por definição. Também introduzimos o conceito de Degradação Reversível, um método que inerentemente inclui o passo de validação de itens em transações de compra e venda com a finalidade de mitigar os problemas apresentados. Como prova-de-conceito, produzimos uma implementação de Degradação Reversível baseada em códigos corretores de erros sistemáticos (SECCs), destinada a conteúdo multimídia. Este método é também o subproduto de uma tentativa de incluir os requisitos do usuário no processo de construção de métodos criptográficos, uma abordagem que, em seguida, evoluímos para o denominado projeto de protocolos orientado a itens. De uma perspectiva semelhante, também propomos um método inovador para a autenticação de usuários e de transações para cenários de Internet Banking. O método proposto, baseado em Criptografia Visual, leva em conta tanto requisitos técnicos quanto de usuário, e cabe como um componente seguro ¿ e intuitivo ¿ para cenários práticos de autenticação de transaçõesAbstract: Designing secure cryptographic solutions from a purely theoretical perspective is not enough to guarantee their success in a realistic scenario. Many times, the assumptions under which these solutions are designed could not be further from real-world necessities. One particular, often-overlooked aspect that may impact how the solution performs after deployment is how the final user interacts with it (i.e., human factors). In this work, we take a deeper look into this issue by analyzing two well known application scenarios from Information Security research: The electronic commerce of digital items and Internet banking. Fair exchange protocols have been widely studied, but are still not implemented on most e-commerce transactions available. For several types of digital items (e-goods), the current e-commerce business model fails to provide fairness to customers. A critical step in fair exchange is item validation, which still lacks proper attention from researchers. We believe this issue should be addressed in a comprehensive and integrated fashion before fair exchange protocols can be effectively deployed in the marketplace. More generally, we also believe this to be the consequence of ongoing system-oriented security solution design paradigms that are data-centered, as opposed to user-centered, thus leading to methods and techniques that often disregard users¿ requirements. We contextualize how, by overlooking the subtleties of the item validation problem, the current model for buying and selling digital items fails to provide guarantees of a successful transaction outcome to customers, thus being unfair by design. We also introduce the concept of Reversible Degradation, a method for enhancing buy-sell transactions concerning digital items that inherently includes the item validation step in the purchase protocol in order to tackle the discussed problems. As a proof-of-concept, we produce a deliverable instantiation of Reversible Degradation based on systematic error correction codes (SECCs), suitable for multimedia content. This method is also the byproduct of an attempt to include users¿ requirements into the cryptographic method construction process, an approach that we further develop into a so-called item-aware protocol design. From a similar perspective, we also propose a novel method for user and transaction authentication for Internet Banking scenarios. The proposed method, which uses Visual Cryptography, takes both technical and user requirements into account, and is suitable as a secure ¿ yet intuitive ¿ component for practical transaction authentication scenariosDoutoradoCiência da ComputaçãoDoutor em Ciência da Computaçã

Towards ensuring scalability, interoperability and efficient access control in a triple-domain grid-based environment

Philosophiae Doctor - PhDThe high rate of grid computing adoption, both in academe and industry, has posed challenges regarding efficient access control, interoperability and scalability. Although several methods have been proposed to address these grid computing challenges, none has proven to be completely efficient and dependable. To tackle these challenges, a novel access control architecture framework, a triple-domain grid-based environment, modelled on role based access control, was developed. The architecture’s framework assumes three domains, each domain with an independent Local Security Monitoring Unit and a Central Security Monitoring Unit that monitors security for the entire grid.The architecture was evaluated and implemented using the G3S, grid security services simulator, meta-query language as “cross-domain” queries and Java Runtime Environment 1.7.0.5 for implementing the workflows that define the model’s task. The simulation results show that the developed architecture is reliable and efficient if measured against the observed parameters and entities. This proposed framework for access control also proved to be interoperable and scalable within the parameters tested

Design and implementation of extensible middleware for non-repudiable interactions

Non-repudiation is an aspect of security that is concerned with the creation of irrefutable audits of an interaction. Ensuring the audit is irrefutable and verifiable by a third party is not a trivial task. A lot of supporting infrastructure is required which adds large expense to the interaction. This infrastructure comprises, (i) a non-repudiation aware run-time environment, (ii) several purpose built trusted services and (iii) an appropriate non-repudiation protocol. This thesis presents design and implementation of such an infrastructure. The runtime environment makes use of several trusted services to achieve external verification of the audit trail. Non-repudiation is achieved by executing fair non-repudiation protocols. The Fairness property of the non-repudiation protocol allows a participant to protect their own interests by preventing any party from gaining an advantage by misbehaviour. The infrastructure has two novel aspects; extensibility and support for automated implementation of protocols. Extensibility is achieved by implementing the infrastructure in middleware and by presenting a large variety of non-repudiable business interaction patterns to the application (a non-repudiable interaction pattern is a higher level protocol composed from one or more non-repudiation protocols). The middleware is highly configurable allowing new non-repudiation protocols and interaction patterns to be easily added, without disrupting the application. This thesis presents a rigorous mechanism for automated implementation of non-repudiation protocols. This ensures that the protocol being executed is that which was intended and verified by the protocol designer. A family of non-repudiation protocols are taken and inspected. This inspection allows a set of generic finite state machines to be produced. These finite state machines can be used to maintain protocol state and manage the sending and receiving of appropriate protocol messages. A concrete implementation of the run-time environment and the protocol generation techniques is presented. This implementation is based on industry supported Web service standards and services.EThOS - Electronic Theses Online ServiceEPSRC : Hewlett Packard Arjuna LabGBUnited Kingdo

Proceedings of the 3rd International Workshop on Formal Aspects in Security and Trust (FAST2005)

The present report contains the pre-proceedings of the third international Workshop on Formal Aspects in Security and Trust (FAST2005), held in Newcastle upon Tyne, 18-19 July 2005. FAST is an event affliated with the Formal Methods 2005 Congress (FM05). The third international Workshop on Formal Aspects in Security and Trust (FAST2005) aims at continuing the successful effort of the previous two FAST workshop editions for fostering the cooperation among researchers in the areas of security and trust. The new challenges offered by the so-called ambient intelligence space, as a future paradigm in the information society, demand for a coherent and rigorous framework of concepts, tools and methodologies to provide user\u27s trust&confidence on the underlying communication/interaction infrastructure. It is necessary to address issues relating to both guaranteeing security of the infrastructure and the perception of the infrastructure being secure. In addition, user confidence on what is happening must be enhanced by developing trust models effective but also easily comprehensible and manageable by users