Quantitative Analysis for Authentication of Low-cost RFID Tags

Formal analysis techniques are widely used today in order to verify and analyze communication protocols. In this work, we launch a quantitative verification analysis for the low- cost Radio Frequency Identification (RFID) protocol proposed by Song and Mitchell. The analysis exploits a Discrete-Time Markov Chain (DTMC) using the well-known PRISM model checker. We have managed to represent up to 100 RFID tags communicating with a reader and quantify each RFID session according to the protocol's computation and transmission cost requirements. As a consequence, not only does the proposed analysis provide quantitative verification results, but also it constitutes a methodology for RFID designers who want to validate their products under specific cost requirements.Comment: To appear in the 36th IEEE Conference on Local Computer Networks (LCN 2011

Energy Efficient Security Framework for Wireless Local Area Networks

Wireless networks are susceptible to network attacks due to their inherentvulnerabilities. The radio signal used in wireless transmission canarbitrarily propagate through walls and windows; thus a wireless networkperimeter is not exactly known. This leads them to be more vulnerable toattacks such as eavesdropping, message interception and modifications comparedto wired-line networks. Security services have been used as countermeasures toprevent such attacks, but they are used at the expense of resources that arescarce especially, where wireless devices have a very limited power budget.Hence, there is a need to provide security services that are energy efficient.In this dissertation, we propose an energy efficient security framework. Theframework aims at providing security services that take into account energyconsumption. We suggest three approaches to reduce the energy consumption ofsecurity protocols: replacement of standard security protocol primitives thatconsume high energy while maintaining the same security level, modification ofstandard security protocols appropriately, and a totally new design ofsecurity protocol where energy efficiency is the main focus. From ourobservation and study, we hypothesize that a higher level of energy savings isachievable if security services are provided in an adjustable manner. Wepropose an example tunable security or TuneSec system, which allows areasonably fine-grained security tuning to provide security services at thewireless link level in an adjustable manner.We apply the framework to several standard security protocols in wirelesslocal area networks and also evaluate their energy consumption performance.The first and second methods show improvements of up to 70% and 57% inenergy consumption compared to plain standard security protocols,respectively. The standard protocols can only offer fixed-level securityservices, and the methods applied do not change the security level. The thirdmethod shows further improvement compared to fixed-level security by reducing(about 6% to 40%) the energy consumed. This amount of energy saving can bevaried depending on the configuration and security requirements

On Enhancing Security of Password-Based Authentication

Password has been the dominant authentication scheme for more than 30 years, and it will not be easily replaced in the foreseeable future. However, password authentication has long been plagued by the dilemma between security and usability, mainly due to human memory limitations. For example, a user often chooses an easy-to-guess (weak) password since it is easier to remember. The ever increasing number of online accounts per user even exacerbates this problem. In this dissertation, we present four research projects that focus on the security of password authentication and its ecosystem. First, we observe that personal information plays a very important role when a user creates a password. Enlightened by this, we conduct a study on how users create their passwords using their personal information based on a leaked password dataset. We create a new metric---Coverage---to quantify the personal information in passwords. Armed with this knowledge, we develop a novel password cracker named Personal-PCFG (Probabilistic Context-Free Grammars) that leverages personal information for targeted password guessing. Experiments show that Personal-PCFG is much more efficient than the original PCFG in cracking passwords. The second project aims to ease the password management hassle for a user. Password managers are introduced so that users need only one password (master password) to access all their other passwords. However, the password manager induces a single point of failure and is potentially vulnerable to data breach. To address these issues, we propose BluePass, a decentralized password manager that features a dual-possession security that involves a master password and a mobile device. In addition, BluePass enables a hand-free user experience by retrieving passwords from the mobile device through Bluetooth communications. In the third project, we investigate an overlooked aspect in the password lifecycle, the password recovery procedure. We study the password recovery protocols in the Alexa top 500 websites, and report interesting findings on the de facto implementation. We observe that the backup email is the primary way for password recovery, and the email becomes a single point of failure. We assess the likelihood of an account recovery attack, analyze the security policy of major email providers, and propose a security enhancement protocol to help securing password recovery emails by two factor authentication. \newline Finally, we focus on a more fundamental level, user identity. Password-based authentication is just a one-time checking to ensure that a user is legitimate. However, a user\u27s identity could be hijacked at any step. For example, an attacker can leverage a zero-day vulnerability to take over the root privilege. Thus, tracking the user behavior is essential to examine the identity legitimacy. We develop a user tracking system based on OS-level logs inside an enterprise network, and apply a variety of techniques to generate a concise and salient user profile for identity examination

Timed Analysis of Security Protocols

We propose a method for engineering security protocols that are aware of timing aspects. We study a simplified version of the well-known Needham Schroeder protocol and the complete Yahalom protocol, where timing information allows the study of different attack scenarios. We model check the protocols using UPPAAL. Further, a taxonomy is obtained by studying and categorising protocols from the well known Clark Jacob library and the Security Protocol Open Repository (SPORE) library. Finally, we present some new challenges and threats that arise when considering time in the analysis, by providing a novel protocol that uses time challenges and exposing a timing attack over an implementation of an existing security protocol