831 research outputs found
Automated Symbolic Verification of Telegram's MTProto 2.0
MTProto 2.0 is a suite of cryptographic protocols for instant messaging at
the core of the popular Telegram messenger application. In this paper we
analyse MTProto 2.0 using the symbolic verifier ProVerif. We provide fully
automated proofs of the soundness of MTProto 2.0's authentication, normal chat,
end-to-end encrypted chat, and rekeying mechanisms with respect to several
security properties, including authentication, integrity, secrecy and perfect
forward secrecy; at the same time, we discover that the rekeying protocol is
vulnerable to an unknown key-share (UKS) attack. We proceed in an incremental
way: each protocol is examined in isolation, relying only on the guarantees
provided by the previous ones and the robustness of the basic cryptographic
primitives. Our research proves the formal correctness of MTProto 2.0 w.r.t.
most relevant security properties, and it can serve as a reference for
implementation and analysis of clients and servers.Comment: 19 page
ANCHOR: logically-centralized security for Software-Defined Networks
While the centralization of SDN brought advantages such as a faster pace of
innovation, it also disrupted some of the natural defenses of traditional
architectures against different threats. The literature on SDN has mostly been
concerned with the functional side, despite some specific works concerning
non-functional properties like 'security' or 'dependability'. Though addressing
the latter in an ad-hoc, piecemeal way, may work, it will most likely lead to
efficiency and effectiveness problems. We claim that the enforcement of
non-functional properties as a pillar of SDN robustness calls for a systemic
approach. As a general concept, we propose ANCHOR, a subsystem architecture
that promotes the logical centralization of non-functional properties. To show
the effectiveness of the concept, we focus on 'security' in this paper: we
identify the current security gaps in SDNs and we populate the architecture
middleware with the appropriate security mechanisms, in a global and consistent
manner. Essential security mechanisms provided by anchor include reliable
entropy and resilient pseudo-random generators, and protocols for secure
registration and association of SDN devices. We claim and justify in the paper
that centralizing such mechanisms is key for their effectiveness, by allowing
us to: define and enforce global policies for those properties; reduce the
complexity of controllers and forwarding devices; ensure higher levels of
robustness for critical services; foster interoperability of the non-functional
property enforcement mechanisms; and promote the security and resilience of the
architecture itself. We discuss design and implementation aspects, and we prove
and evaluate our algorithms and mechanisms, including the formalisation of the
main protocols and the verification of their core security properties using the
Tamarin prover.Comment: 42 pages, 4 figures, 3 tables, 5 algorithms, 139 reference
MAFTIA Conceptual Model and Architecture
This document builds on the work reported in MAFTIA deliverable D1. It contains a refinement of the MAFTIA conceptual model and a discussion of the MAFTIA architecture. It also introduces the work done in WP6 on verification and assessment of security properties, which is reported on in more detail in MAFTIA deliverable D
Formal modeling and analysis with humans in infrastructures for IoT health care systems
In this paper, we integrate previously developed formal methods to model infrastructure, actors, and policies of human centric infrastructures in order to analyze security and privacy properties. A fruitful approach for discovering attacks on human centric infrastructure models is invalidation of global policies. Invalidating global policies by a complete exploration of the state space can be realized by modelchecking. To counter the state explosion problem inherent in modelchecking, Higher Order Logic (HOL) supported by the interactive theorem prover Isabelle can be used to emulate modelchecking. In addition, the Isabelle Insider framework supports modeling and analysis of human centric infrastructures including attack trees. In this paper, we investigate how Isabelle modelchecking might help to improve detection of attack traces and re-finement of attack tree analysis. To this end, we use a case study from security and privacy of IoT devices in the health care sector as proposed in the CHIST-ERA project SUCCESS
Pernicious assimilation: reframing the integration of the urban informal economy in Southern Africa
This paper argues that many of the official attempts to “integrate” the urban informal economy into the mainstream economy are fundamentally flawed. An unpacking of the “integrative” agenda as pursued by planning and other governmental practices reveals that “integration”, as currently practiced, does not herald the mainstreaming of the informal economy. Drawing on research in Zimbabwe and evidence from other countries in Southern Africa, I argue that what we witness is a sinister stripping away of the lifeblood of informality. This malicious form of integration entails crippling Faustian bargains. In the end, this pernicious assimilation insidiously does away with that which makes informality a livelihood haven for the majority of urbanites. I conclude that the duplicitous integration is unworkable and leaves the big questions of inclusion untouched, hence the persistence of the “problem” of informality
Conceptual Model and Architecture of MAFTIA
This deliverable builds on the work reported in [MAFTIA 2000] and [Powell and Stroud 2001]. It contains a further refinement of the MAFTIA conceptual model and a revised discussion of the MAFTIA architecture. It also introduces the work done in MAFTIA on verification and assessment of security properties, which is reported on in more detail in [Adelsbach and Creese 2003
- …