Automated analysis of security protocol implementations

Security protocols, or cryptographic protocols, are crucial to the functioning of today’s technology-dependant society. They are a fundamental innovation, without which much of our online activity, mobile communication and even transport signalling would not be possible. The reason for their importance is simple, communication over shared or publicly accessible networks is vulnerable to interception, manipulation, and impersonation. It is the role of security protocols to prevent this, allowing for safe and secure communication. Our reliance on these protocols for such critical tasks, means it is essential to engineer them with great care, just like we do with bridges or a safety-critical aircraft engine control system, for example. As with all types of engineering, there are two key elements to this process – design and implementation. In this thesis we produce techniques to analyse the latter. In particular, we develop automated tooling which helps to identify incorrect or vulnerable behaviour in the implementations of security protocols. The techniques we present follow a theme of trying to infer as much as we can about the protocol logic implemented in a system, with as little access to it’s inner workings as possible. In general, we do this through observations of protocol messages on the network, executing the system, but treating it as a black-box. Within this particular framework, we design two new techniques – one which identifies a specific vulnerability in TLS/SSL, and another, more general approach, which systematically extracts a protocol behaviour model from protocols like the WiFi security handshakes. We then argue that it his framework limits the potential of model extraction, and proceed to develop a solution to this problem by utilising grey-box insights. Our proposed approach, which we test on a variety of security protocols, represents a paradigm shift in the well established model learning field. Throughout this thesis, as well as presenting general results from testing the efficacy of our tools, we also present a number of vulnerabilities we discover in the process. This ranges from major banking apps vulnerable to Man-In-The-Middle attacks, to CVE assigned ciphersuite downgrades in popular WiFi routers

Modelling and verification of security requirements and stealthiness in security protocols

Traditionally, formal methods are used to verify security guarantees of a system by proving that the system meets its desired specifications. These guarantees are achieved by verifying the system's security properties, in a formal setting, against its formal specifications. This includes, for example, proving the security properties of confidentiality and authentication, in an adversarial setting, by constructing a complete formal model of the protocol. Any counterexample to this proof implies an attack on the security property. All such proofs are usually based on an ordered set of actions, generated by the protocol execution, called a trace. Both the proofs and their counterexamples can be investigated further by analysing the behaviour of these protocol traces. The attack trace might either follow the standard behaviour as per protocol semantics or show deviation from it. In the latter case, however, it should be easy for an analyst to spot any attack based on its comparison from standard traces. This thesis makes two key contributions: a novel methodology for verifying the security requirements of security protocols by only modelling the attacks against a protocol specification, and, secondly, a formal definition of ‘stealthiness’ in a protocol trace which is used to classify attacks on security protocols as either ‘stealthy’ or ‘non-stealthy’. Our first novel proposal tests security properties and then verifies the security requirements of a protocol by modelling only a subset of interactions that constitute the attacks. Using this both time and effort saving methodology, without modelling the complete protocol specifications, we demonstrate the efficacy of our technique using real attacks on one of the world's most used protocols-WPA2. We show that the process of modelling the complete protocol specifications, for verifying security properties, can be simplified by modelling only a subset of protocol specifications needed to model a given attack. We establish the merit of our novel simplified approach by identifying the inadequacy of security properties apart from augmenting and verifying the new security properties, by modelling only the attacks versus the current practice of modelling the complete protocol which is a time and effort intensive process. We find that the current security requirements for WPA2, as stated in its specification, are insufficient to ensure security. We then propose a set of security properties to be augmented to the specification to stop these attacks. Further, our method also allows us to verify if the proposed additional security requirements, if enforced correctly, would be enough to stop attacks. Second, we seek to verify the ‘stealthiness’ of protocol attacks by introducing a novel formal definition of a ‘stealthy’ trace. ‘Stealthy’ actions by a participating entity or an adversary in a protocol interaction are about camouflaging fraudulent actions as genuine ones by fine-tuning their actions to make it look like honest ones. In our model, protocols are annotated to indicate what each party will log about each communication. Given a particular logging strategy, our framework determines whether it is possible to find an attack that produces log entries indistinguishable from normal runs of the protocol, or if any attack can be detected from the log entries alone. We present an intuitive definition of when an attack is ‘stealthy’, which cannot be automatically checked directly, with regard to some logging strategy. Next, we introduce session IDs to identify unique sessions. We show that our initial intuitive definition is equivalent to a second definition using these session IDs, which can also be tested automatically in TAMARIN. We analyse various attacks on known vulnerable protocols to see, for a range of logging strategies, which can be made into stealth attacks, and which cannot. This approach compares the stealthiness of various known attacks against a range of logging strategies

Greenpass Client Tools for Delegated Authorization in Wireless Networks

Dartmouth\u27s Greenpass project seeks to provide strong access control to a wireless network while simultaneously providing flexible guest access; to do so, it augments the Wi-Fi Alliance\u27s existing WPA standard, which offers sufficiently strong user authentication and access control, with authorization based on SPKI certificates. SPKI allows certain local users to delegate network access to guests by issuing certificates that state, in essence, he should get access because I said it\u27s okay. The Greenpass RADIUS server described in Kim\u27s thesis [55] performs an authorization check based on such statements so that guests can obtain network access without requiring a busy network administrator to set up new accounts in a centralized database. To our knowledge, Greenpass is the first working delegation-based solution to Wi-Fi access control. My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work.My thesis describes the Greenpass client tools, which allow a guest to introduce himself to a delegator and allow the delegator to issue a new SPKI certificate to the guest. The guest does not need custom client software to introduce himself or to connect to the Wi-Fi network. The guest and delegator communicate using a set of Web applications. The guest obtains a temporary key pair and X.509 certificate if needed, then sends his public key value to a Web server we provide. The delegator looks up her guest\u27s public key and runs a Java applet that lets her verify her guests\u27 identity using visual hashing and issue a new SPKI certificate to him. The guest\u27s new certificate chain is stored as an HTTP cookie to enable him to push it to an authorization server at a later time. I also describe how Greenpass can be extended to control access to a virtual private network (VPN) and suggest several interesting future research and development directions that could build on this work

Cyber-Attack Drone Payload Development and Geolocation via Directional Antennae

The increasing capabilities of commercial drones have led to blossoming drone usage in private sector industries ranging from agriculture to mining to cinema. Commercial drones have made amazing improvements in flight time, flight distance, and payload weight. These same features also offer a unique and unprecedented commodity for wireless hackers -- the ability to gain ‘physical’ proximity to a target without personally having to be anywhere near it. This capability is called Remote Physical Proximity (RPP). By their nature, wireless devices are largely susceptible to sniffing and injection attacks, but only if the attacker can interact with the device via physical proximity. A properly outfitted drone can increase the attack surface with RPP (adding a range of over 7 km using off-the-shelf drones), allowing full interactivity with wireless targets while the attacker can remain distant and hidden. Combined with the novel approach of using a directional antenna, these drones could also provide the means to collect targeted geolocation information of wireless devices from long distances passively, which is of significant value from an offensive cyberwarfare standpoint. This research develops skypie, a software and hardware framework designed for performing remote, directional drone-based collections. The prototype is inexpensive, lightweight, and totally independent of drone architecture, meaning it can be strapped to most medium to large commercial drones. The prototype effectively simulates the type of device that could be built by a motivated threat actor, and the development process evaluates strengths and shortcoming posed by these devices. This research also experimentally evaluates the ability of a drone-based attack system to track its targets by passively sniffing Wi-Fi signals from distances of 300 and 600 meters using a directional antenna. Additionally, it identifies collection techniques and processing algorithms for minimizing geolocation errors. Results show geolocation via 802.11 emissions (Wi-Fi) using a portable directional antenna is possible, but difficult to achieve the accuracy that GPS delivers (errors less than 5 m with 95% confidence). This research shows that geolocation predictions of a target cell phone acting as a Wi-Fi access point in a field from 300 m away is accurate within 70.1 m from 300 m away and within 76 meters from 600 m away. Three of the four main tests exceed the hypothesized geolocation error of 15% of the sensor-to-target distance, with tests 300 m away averaging 25.5% and tests 600 m away averaging at 34%. Improvements in bearing prediction are needed to reduce error to more tolerable quantities, and this thesis discusses several recommendations to do so. This research ultimately assists in developing operational drone-borne cyber-attack and reconnaissance capabilities, identifying limitations, and enlightening the public of countermeasures to mitigate the privacy threats posed by the inevitable rise of the cyber-attack drone

Towards end-to-end security in internet of things based healthcare

Healthcare IoT systems are distinguished in that they are designed to serve human beings, which primarily raises the requirements of security, privacy, and reliability. Such systems have to provide real-time notifications and responses concerning the status of patients. Physicians, patients, and other caregivers demand a reliable system in which the results are accurate and timely, and the service is reliable and secure. To guarantee these requirements, the smart components in the system require a secure and efficient end-to-end communication method between the end-points (e.g., patients, caregivers, and medical sensors) of a healthcare IoT system. The main challenge faced by the existing security solutions is a lack of secure end-to-end communication. This thesis addresses this challenge by presenting a novel end-to-end security solution enabling end-points to securely and efficiently communicate with each other. The proposed solution meets the security requirements of a wide range of healthcare IoT systems while minimizing the overall hardware overhead of end-to-end communication. End-to-end communication is enabled by the holistic integration of the following contributions. The first contribution is the implementation of two architectures for remote monitoring of bio-signals. The first architecture is based on a low power IEEE 802.15.4 protocol known as ZigBee. It consists of a set of sensor nodes to read data from various medical sensors, process the data, and send them wirelessly over ZigBee to a server node. The second architecture implements on an IP-based wireless sensor network, using IEEE 802.11 Wireless Local Area Network (WLAN). The system consists of a IEEE 802.11 based sensor module to access bio-signals from patients and send them over to a remote server. In both architectures, the server node collects the health data from several client nodes and updates a remote database. The remote webserver accesses the database and updates the webpage in real-time, which can be accessed remotely. The second contribution is a novel secure mutual authentication scheme for Radio Frequency Identification (RFID) implant systems. The proposed scheme relies on the elliptic curve cryptography and the D-Quark lightweight hash design. The scheme consists of three main phases: (1) reader authentication and verification, (2) tag identification, and (3) tag verification. We show that among the existing public-key crypto-systems, elliptic curve is the optimal choice due to its small key size as well as its efficiency in computations. The D-Quark lightweight hash design has been tailored for resource-constrained devices. The third contribution is proposing a low-latency and secure cryptographic keys generation approach based on Electrocardiogram (ECG) features. This is performed by taking advantage of the uniqueness and randomness properties of ECG's main features comprising of PR, RR, PP, QT, and ST intervals. This approach achieves low latency due to its reliance on reference-free ECG's main features that can be acquired in a short time. The approach is called Several ECG Features (SEF)-based cryptographic key generation. The fourth contribution is devising a novel secure and efficient end-to-end security scheme for mobility enabled healthcare IoT. The proposed scheme consists of: (1) a secure and efficient end-user authentication and authorization architecture based on the certificate based Datagram Transport Layer Security (DTLS) handshake protocol, (2) a secure end-to-end communication method based on DTLS session resumption, and (3) support for robust mobility based on interconnected smart gateways in the fog layer. Finally, the fifth and the last contribution is the analysis of the performance of the state-of-the-art end-to-end security solutions in healthcare IoT systems including our end-to-end security solution. In this regard, we first identify and present the essential requirements of robust security solutions for healthcare IoT systems. We then analyze the performance of the state-of-the-art end-to-end security solutions (including our scheme) by developing a prototype healthcare IoT system

A novel MAC Protocol for Cognitive Radio Networks

In Partial Fulfilment of the Requirements for the Degree Doctor of Philosophy from the University of BedfordshireThe scarcity of bandwidth in the radio spectrum has become more vital since the demand for wireless applications has increased. Most of the spectrum bands have been allocated although many studies have shown that these bands are significantly underutilized most of the time. The problem of unavailability of spectrum bands and the inefficiency in their utilization have been smartly addressed by the cognitive radio (CR) technology which is an opportunistic network that senses the environment, observes the network changes, and then uses knowledge gained from the prior interaction with the network to make intelligent decisions by dynamically adapting transmission characteristics. In this thesis, recent research and survey about the advances in theory and applications of cognitive radio technology has been reviewed. The thesis starts with the essential background on cognitive radio techniques and systems and discusses those characteristics of CR technology, such as standards, applications and challenges that all can help make software radio more personal. It then presents advanced level material by extensively reviewing the work done so far in the area of cognitive radio networks and more specifically in medium access control (MAC) protocol of CR. The list of references will be useful to both researchers and practitioners in this area. Also, it can be adopted as a graduate-level textbook for an advanced course on wireless communication networks. The development of new technologies such as Wi-Fi, cellular phones, Bluetooth, TV broadcasts and satellite has created immense demand for radio spectrum which is a limited natural resource ranging from 30KHz to 300GHz. For every wireless application, some portion of the radio spectrum needs to be purchased, and the Federal Communication Commission (FCC) allocates the spectrum for some fee for such services. This static allocation of the radio spectrum has led to various problems such as saturation in some bands, scarcity, and lack of radio resources to new wireless applications. Most of the frequencies in the radio spectrum have been allocated although many studies have shown that the allocated bands are not being used efficiently. The CR technology is one of the effective solutions to the shortage of spectrum and the inefficiency of its utilization. In this thesis, a detailed investigation on issues related to the protocol design for cognitive radio networks with particular emphasis on the MAC layer is presented. A novel Dynamic and Decentralized and Hybrid MAC (DDH-MAC) protocol that lies between the CR MAC protocol families of globally available common control channel (GCCC) and local control channel (non-GCCC). First, a multi-access channel MAC protocol, which integrates the best features of both GCCC and non-GCCC, is proposed. Second, an enhancement to the protocol is proposed by enabling it to access more than one control channel at the same time. The cognitive users/secondary users (SUs) always have access to one control channel and they can identify and exploit the vacant channels by dynamically switching across the different control channels. Third, rapid and efficient exchange of CR control information has been proposed to reduce delays due to the opportunistic nature of CR. We have calculated the pre-transmission time for CR and investigate how this time can have a significant effect on nodes holding a delay sensitive data. Fourth, an analytical model, including a Markov chain model, has been proposed. This analytical model will rigorously analyse the performance of our proposed DDH-MAC protocol in terms of aggregate throughput, access delay, and spectrum opportunities in both the saturated and non-saturated networks. Fifth, we develop a simulation model for the DDH-MAC protocol using OPNET Modeler and investigate its performance for queuing delays, bit error rates, backoff slots and throughput. It could be observed from both the numerical and simulation results that when compared with existing CR MAC protocols our proposed MAC protocol can significantly improve the spectrum utilization efficiency of wireless networks. Finally, we optimize the performance of our proposed MAC protocol by incorporating multi-level security and making it energy efficient

Evaluating Machine Learning Techniques for Smart Home Device Classification

Smart devices in the Internet of Things (IoT) have transformed the management of personal and industrial spaces. Leveraging inexpensive computing, smart devices enable remote sensing and automated control over a diverse range of processes. Even as IoT devices provide numerous benefits, it is vital that their emerging security implications are studied. IoT device design typically focuses on cost efficiency and time to market, leading to limited built-in encryption, questionable supply chains, and poor data security. In a 2017 report, the United States Government Accountability Office recommended that the Department of Defense investigate the risks IoT devices pose to operations security, information leakage, and endangerment of senior leaders [1]. Recent research has shown that it is possible to model a subject’s pattern-of-life through data leakage from Bluetooth Low Energy (BLE) and Wi-Fi smart home devices [2]. A key step in establishing pattern-of-life is the identification of the device types within the smart home. Device type is defined as the functional purpose of the IoT device, e.g., camera, lock, and plug. This research hypothesizes that machine learning algorithms can be used to accurately perform classification of smart home devices. To test this hypothesis, a Smart Home Environment (SHE) is built using a variety of commercially-available BLE and Wi-Fi devices. SHE produces actual smart device traffic that is used to create a dataset for machine learning classification. Six device types are included in SHE: door sensors, locks, and temperature sensors using BLE, and smart bulbs, cameras, and smart plugs using Wi-Fi. In addition, a device classification pipeline (DCP) is designed to collect and preprocess the wireless traffic, extract features, and produce tuned models for testing. K-nearest neighbors (KNN), linear discriminant analysis (LDA), and random forests (RF) classifiers are built and tuned for experimental testing. During this experiment, the classifiers are tested on their ability to distinguish device types in a multiclass classification scheme. Classifier performance is evaluated using the Matthews correlation coefficient (MCC), mean recall, and mean precision metrics. Using all available features, the classifier with the best overall performance is the KNN classifier. The KNN classifier was able to identify BLE device types with an MCC of 0.55, a mean precision of 54%, and a mean recall of 64%, and Wi-Fi device types with an MCC of 0.71, a mean precision of 81%, and a mean recall of 81%. Experimental results provide support towards the hypothesis that machine learning can classify IoT device types to a high level of performance, but more work is necessary to build a more robust classifier

Even lower latency in IIoT: evaluation of QUIC in industrial IoT scenarios

In this paper we analyze the performance of QUIC as a transport alternative for Internet of Things (IoT) services based on the Message Queuing Telemetry Protocol (MQTT). QUIC is a novel protocol promoted by Google, and was originally conceived to tackle the limitations of the traditional Transmission Control Protocol (TCP), specifically aiming at the reduction of the latency caused by connection establishment. QUIC use in IoT environments is not widespread, and it is therefore interesting to characterize its performance when in over such scenarios. We used an emulation-based platform, where we integrated QUIC and MQTT (using GO-based implementations) and compared their combined performance with the that exhibited by the traditional TCP/TLS approach. We used Linux containers as end devices, and the ns-3 simulator to emulate different network technologies, such as WiFi, cellular, and satellite, and varying conditions. The results evince that QUIC is indeed an appropriate protocol to guarantee robust, secure, and low latency communications over IoT scenarios.The authors are grateful for the funding of the Industrial Doctorates Program from the University of Cantabria (Call 2020). This work has been partially supported by the Basque Government through the Elkartek program under the DIGITAL project (grant agreement number KK-2019/00095), and by the Spanish Government (Ministerio de Economía y Competitividad, Fondo Europeo de Desarrollo Regional, FEDER) by means of the project FIERCE: Future Internet Enabled Resilient smart CitiEs (RTI2018-093475-AI00)

A new connectivity strategy for wireless mesh networks using dynamic spectrum access

The introduction of Dynamic Spectrum Access (DSA) marked an important juncture in the evolution of wireless networks. DSA is a spectrum assignment paradigm where devices are able to make real-time adjustment to their spectrum usage and adapt to changes in their spectral environment to meet performance objectives. DSA allows spectrum to be used more efficiently and may be considered as a viable approach to the ever increasing demand for spectrum in urban areas and the need for coverage extension to unconnected communities. While DSA can be applied to any spectrum band, the initial focus has been in the Ultra-High Frequency (UHF) band traditionally used for television broadcast because the band is lightly occupied and also happens to be ideal spectrum for sparsely populated rural areas. Wireless access in general is said to offer the most hope in extending connectivity to rural and unconnected peri-urban communities. Wireless Mesh Networks (WMN) in particular offer several attractive characteristics such as multi-hopping, ad-hoc networking, capabilities of self-organising and self-healing, hence the focus on WMNs. Motivated by the desire to leverage DSA for mesh networking, this research revisits the aspect of connectivity in WMNs with DSA. The advantages of DSA when combined with mesh networking not only build on the benefits, but also creates additional challenges. The study seeks to address the connectivity challenge across three key dimensions, namely network formation, link metric and multi-link utilisation. To start with, one of the conundrums faced in WMNs with DSA is that the current 802.11s mesh standard provides limited support for DSA, while DSA related standards such as 802.22 provide limited support for mesh networking. This gap in standardisation complicates the integration of DSA in WMNs as several issues are left outside the scope of the applicable standard. This dissertation highlights the inadequacy of the current MAC protocol in ensuring TVWS regulation compliance in multi-hop environments and proposes a logical link MAC sub-layer procedure to fill the gap. A network is considered compliant in this context if each node operates on a channel that it is allowed to use as determined for example, by the spectrum database. Using a combination of prototypical experiments, simulation and numerical analysis, it is shown that the proposed protocol ensures network formation is accomplished in a manner that is compliant with TVWS regulation. Having tackled the compliance problem at the mesh formation level, the next logical step was to explore performance improvement avenues. Considering the importance of routing in WMNs, the study evaluates link characterisation to determine suitable metric for routing purposes. Along this dimension, the research makes two main contributions. Firstly, A-link-metric (Augmented Link Metric) approach for WMN with DSA is proposed. A-link-metric reinforces existing metrics to factor in characteristics of a DSA channel, which is essential to improve the routing protocol's ranking of links for optimal path selection. Secondly, in response to the question of “which one is the suitable metric?”, the Dynamic Path Metric Selection (DPMeS) concept is introduced. The principal idea is to mechanise the routing protocol such that it assesses the network via a distributed probing mechanism and dynamically binds the routing metric. Using DPMeS, a routing metric is selected to match the network type and prevailing conditions, which is vital as each routing metric thrives or recedes in performance depending on the scenario. DPMeS is aimed at unifying the years worth of prior studies on routing metrics in WMNs. Simulation results indicate that A-link-metric achieves up to 83.4 % and 34.6 % performance improvement in terms of throughput and end-to-end delay respectively compared to the corresponding base metric (i.e. non-augmented variant). With DPMeS, the routing protocol is expected to yield better performance consistently compared to the fixed metric approach whose performance fluctuates amid changes in network setup and conditions. By and large, DSA-enabled WMN nodes will require access to some fixed spectrum to fall back on when opportunistic spectrum is unavailable. In the absence of fully functional integrated-chip cognitive radios to enable DSA, the immediate feasible solution for the interim is single hardware platforms fitted with multiple transceivers. This configuration results in multi-band multi-radio node capability that lends itself to a variety of link options in terms of transmit/receive radio functionality. The dissertation reports on the experimental performance evaluation of radios operating in the 5 GHz and UHF-TVWS bands for hybrid back-haul links. It is found that individual radios perform differently depending on the operating parameter settings, namely channel, channel-width and transmission power subject to prevailing environmental (both spectral and topographical) conditions. When aggregated, if the radios' data-rates are approximately equal, there is a throughput and round-trip time performance improvement of 44.5 - 61.8 % and 7.5 - 41.9 % respectively. For hybrid links comprising radios with significantly unequal data-rates, this study proposes an adaptive round-robin (ARR) based algorithm for efficient multilink utilisation. Numerical analysis indicate that ARR provides 75 % throughput improvement. These results indicate that network optimisation overall requires both time and frequency division duplexing. Based on the experimental test results, this dissertation presents a three-layered routing framework for multi-link utilisation. The top layer represents the nodes' logical interface to the WMN while the bottom layer corresponds to the underlying physical wireless network interface cards (WNIC). The middle layer is an abstract and reductive representation of the possible and available transmission, and reception options between node pairs, which depends on the number and type of WNICs. Drawing on the experimental results and insight gained, the study builds criteria towards a mechanism for auto selection of the optimal link option. Overall, this study is anticipated to serve as a springboard to stimulate the adoption and integration of DSA in WMNs, and further development in multi-link utilisation strategies to increase capacity. Ultimately, it is hoped that this contribution will collectively contribute effort towards attaining the global goal of extending connectivity to the unconnected