Security-Oriented Formal Techniques

Security of software systems is a critical issue in a world where Information Technology is becoming more and more pervasive. The number of services for everyday life that are provided via electronic networks is rapidly increasing, as witnessed by the longer and longer list of words with the prefix "e", such as e-banking, e-commerce, e-government, where the "e" substantiates their electronic nature. These kinds of services usually require the exchange of sensible data and the sharing of computational resources, thus needing strong security requirements because of the relevance of the exchanged information and the very distributed and untrusted environment, the Internet, in which they operate. It is important, for example, to ensure the authenticity and the secrecy of the exchanged messages, to establish the identity of the involved entities, and to have guarantees that the different system components correctly interact, without violating the required global properties

The cost of securing IoT communications

More smart objects and more applications on the Internet of Things (IoT) mean more security challenges. In IoT security is crucial but difficult to obtain. On the one hand the usual trade-off between highly secure and usable systems is more impelling than ever; on the other hand security is considered a feature that has a cost often unaffordable. To relieve this kind of problems, IoT designers not only need tools to assess possible risks and to study countermeasures, but also methodologies to estimate their costs. Here, we present a preliminary methodology, based on the process calculus IoT-LySa, to infer quantitative measures on systems evolution. The derived quantitative evaluation is exploited to establish the cost of the possible security countermeasures

Securing IoT communications: at what cost?

IoT systems use wireless links for local communication, where locality depends on the transmission range and include many devices with low computational power such as sensors. In IoT systems, security is a crucial requirement, but difficult to obtain, because standard cryptographic techniques have a cost that is usually unaffordable. We resort to an extended version of the process calculus LySa, called IoTLySa, to model the patterns of communication of IoT devices. Moreover, we assign rates to each transition to infer quantitative measures on the specified systems. The derived performance evaluation can be exploited to establish the cost of the possible security countermeasures

Performance and cryptographic evaluation of security protocols in distributed networks using applied pi calculus and Markov Chain

The development of cryptographic protocols goes through two stages, namely, security verification and performance analysis. The verification of the protocol’s security properties could be analytically achieved using threat modelling, or formally using formal methods and model checkers. The performance analysis could be mathematical or simulation-based. However, mathematical modelling is complicated and does not reflect the actual deployment environment of the protocol in the current state of the art. Simulation software provides scalability and can simulate complicated scenarios, however, there are times when it is not possible to use simulations due to a lack of support for new technologies or simulation scenarios. Therefore, this paper proposes a formal method and analytical model for evaluating the performance of security protocols using applied pi-calculus and Markov Chain processes. It interprets algebraic processes and associates cryptographic operatives with quantitative measures to estimate and evaluate cryptographic costs. With this approach, the protocols are presented as processes using applied pi-calculus, and their security properties are an approximate abstraction of protocol equivalence based on the verification from ProVerif and evaluated using analytical and simulation models for quantitative measures. The interpretation of the quantities is associated with process transitions, rates, and measures as a cost of using cryptographic primitives. This method supports users’ input in analysing the protocol’s activities and performance. As a proof of concept, we deploy this approach to assess the performance of security protocols designed to protect large-scale, 5G-based Device-to-Device communications. We also conducted a performance evaluation of the protocols based on analytical and network simulator results to compare the effectiveness of the proposed approach

Security for network services delivery of 5G enabled device-to-device communications mobile network

The increase in mobile traffic led to the development of Fifth Generation (5G) mobile network. 5G will provide Ultra Reliable Low Latency Communication (URLLC), Massive Machine Type Communication (mMTC), enhanced Mobile Broadband (eMBB). Device-to-Device (D2D) communications will be used as the underlaying technology to offload traffic from 5G Core Network (5GC) and push content closer to User Equipment (UE). It will be supported by a variety of Network Service (NS) such as Content-Centric Networking (CCN) that will provide access to other services and deliver content-based services. However, this raises new security and delivery challenges. Therefore, research was conducted to address the security issues in delivering NS in 5G enabled D2D communications network. To support D2D communications in 5G, this thesis introduces a Network Services Delivery (NSD) framework defining an integrated system model. It incorporates Cloud Radio Access Network (C-RAN) architecture, D2D communications, and CCN to support 5G’s objectives in Home Network (HN), roaming, and proximity scenarios. The research explores the security of 5G enabled D2D communications by conducting a comprehensive investigation on security threats. It analyses threats using Dolev Yao (DY) threat model and evaluates security requirements using a systematic approach based on X.805 security framework. Which aligns security requirements with network connectivity, service delivery, and sharing between entities. This analysis highlights the need for security mechanisms to provide security to NSD in an integrated system, to specify these security mechanisms, a security framework to address the security challenges at different levels of the system model is introduced. To align suitable security mechanisms, the research defines underlying security protocols to provide security at the network, service, and D2D levels. This research also explores 5G authentication protocols specified by the Third Generation Partnership Project (3GPP) for securing communication between UE and HN, checks the security guarantees of two 3GPP specified protocols, 5G-Authentication and Key Agreement (AKA) and 5G Extensive Authentication Protocol (EAP)-AKA’ that provide primary authentication at Network Access Security (NAC). The research addresses Service Level Security (SLS) by proposing Federated Identity Management (FIdM) model to integrate federated security in 5G, it also proposes three security protocols to provide secondary authentication and authorization of UE to Service Provider (SP). It also addresses D2D Service Security (DDS) by proposing two security protocols that secure the caching and sharing of services between two UEs in different D2D communications scenarios. All protocols in this research are verified for functional correctness and security guarantees using a formal method approach and semi-automated protocol verifier. The research conducts security properties and performance evaluation of the protocols for their effectiveness. It also presents how each proposed protocol provides an interface for an integrated, comprehensive security solution to secure communications for NSD in a 5G enabled D2D communications network. The main contributions of this research are the design and formal verification of security protocols. Performance evaluation is supplementary

On Evaluating the Performance of Security Protocols

We use an enhanced operational semantics to infer quantitative measures on systems describing cryptographic protocols. System transitions carry enhanced labels. We assign rates to transitions by only looking at these labels. The rates reflect the distributed architecture running applications and the use of possibly different crypto-systems. We then map transition systems to Markov chains and evaluate performance of systems, using standard tools

On Evaluating the Performance of Security Protocols ⋆

Abstract. We use an enhanced operational semantics to infer quantitative measures on systems describing cryptographic protocols. System transitions carry enhanced labels. We assign rates to transitions by only looking at these labels. The rates reflect the distributed architecture running applications and the use of possibly different crypto-systems. We then map transition systems to Markov chains and evaluate performance of systems, using standard tools.