On the formal verification of group key security protocols

The correctness of group key security protocols in communication systems remains a great challenge because of dynamic characteristics of group key construction as we deal with an open number of group members. Therefore, verification approaches for two parties protocols cannot be applied on group key protocols. Security properties that are well defined in normal two-party protocols have different meanings and different interpretations in group key distribution protocols, and so they require a more precise definition before we look at how to verify them. An example of such properties is secrecy, which has more complex variations in group key context: forward secrecy, backward secrecy, and key independence. In this thesis, we present a combination of three different theorem-proving methods to verify security properties for group-oriented protocols. We target regular group secrecy, forward secrecy, backward secrecy, and collusion properties for group key protocols. In the first method, rank theorems for forward properties are established based on a set of generic formal specification requirements for group key management and distribution protocols. Rank theorems imply the validity of the security property to be proved, and are deducted from a set of rank functions we define over the protocol. Rank theorems can only reason about absence of attacks in group key protocols. In the second method, a sound and complete inference system is provided to detect attacks in group key management protocols. The inference system provides an elegant and natural proof strategy for such protocols compared to existing approaches. It complements rank theorems by providing a method to reason about the existence of attacks in group key protocols. However, these two methods are based on interactive higher-order logic theorem proving, and therefore require expensive user interactions. Therefore, in the third method, an automation sense is added to the above techniques by using an event-B first-order theorem proving system to provide invariant checking for group key secrecy property and forward secrecy property. This is not a straightforward task, and should be based on a correct semantical link between group key protocols and event-B models. However, in this method, the number of protocol participants that can be considered is limited, it is also applicable on a single protocol event. Finally, it cannot model backward secrecy and key independence. We applied each of the developed methods on a different group protocol from the literature illustrating the features of each approach

Perfect Secrecy in Physical-Layer Network Coding Systems From Structured Interference

Physical-layer network coding (PNC) has been proposed for next generation networks. In this paper, we investigate PNC schemes with embedded perfect secrecy by exploiting structured interference in relay networks with two users and a single relay. In a practical scenario where both users employ finite and uniform signal input distributions, we establish upper bounds (UBs) on the achievable perfect secrecy rates and make these explicit when pulse amplitude modulation modems are used. We then describe two simple, explicit encoders that can achieve perfect secrecy rates close to these UBs with respect to an untrustworthy relay in the single antenna and single relay setting. Last, we generalize our system to a multiple-input multiple-output relay channel, where the relay has more antennas than the users and study optimal precoding matrices, which maintain a required secrecy constraint. Our results establish that the design of PNC transmission schemes with enhanced throughput and guaranteed data confidentiality is feasible in next generation systems

Wireless transmission protocols using relays for broadcast and information exchange channels

Relays have been used to overcome existing network performance bottlenecks in meeting the growing demand for large bandwidth and high quality of service (QoS) in wireless networks. This thesis proposes several wireless transmission protocols using relays in practical multi-user broadcast and information exchange channels. The main theme is to demonstrate that efficient use of relays provides an additional dimension to improve reliability, throughput, power efficiency and secrecy. First, a spectrally efficient cooperative transmission protocol is proposed for the multiple-input and singleoutput (MISO) broadcast channel to improve the reliability of wireless transmission. The proposed protocol mitigates co-channel interference and provides another dimension to improve the diversity gain. Analytical and simulation results show that outage probability and the diversity and multiplexing tradeoff of the proposed cooperative protocol outperforms the non-cooperative scheme. Second, a two-way relaying protocol is proposed for the multi-pair, two-way relaying channel to improve the throughput and reliability. The proposed protocol enables both the users and the relay to participate in interference cancellation. Several beamforming schemes are proposed for the multi-antenna relay. Analytical and simulation results reveal that the proposed protocol delivers significant improvements in ergodic capacity, outage probability and the diversity and multiplexing tradeoff if compared to existing schemes. Third, a joint beamforming and power management scheme is proposed for multiple-input and multiple-output (MIMO) two-way relaying channel to improve the sum-rate. Network power allocation and power control optimisation problems are formulated and solved using convex optimisation techniques. Simulation results verify that the proposed scheme delivers better sum-rate or consumes lower power when compared to existing schemes. Fourth, two-way secrecy schemes which combine one-time pad and wiretap coding are proposed for the scalar broadcast channel to improve secrecy rate. The proposed schemes utilise the channel reciprocity and employ relays to forward secret messages. Analytical and simulation results reveal that the proposed schemes are able to achieve positive secrecy rates even when the number of users is large. All of these new wireless transmission protocols help to realise better throughput, reliability, power efficiency and secrecy for wireless broadcast and information exchange channels through the efficient use of relays

Efficient biometric and password based mutual authentication for consumer USB mass storage devices

A Universal Serial Bus (USB) Mass Storage Device (MSD), often termed a USB flash drive, is ubiquitously used to store important information in unencrypted binary format. This low cost consumer device is incredibly popular due to its size, large storage capacity and relatively high transfer speed. However, if the device is lost or stolen an unauthorized person can easily retrieve all the information. Therefore, it is advantageous in many applications to provide security protection so that only authorized users can access the stored information. In order to provide security protection for a USB MSD, this paper proposes a session key agreement protocol after secure user authentication. The main aim of this protocol is to establish session key negotiation through which all the information retrieved, stored and transferred to the USB MSD is encrypted. This paper not only contributes an efficient protocol, but also does not suffer from the forgery attack and the password guessing attack as compared to other protocols in the literature. This paper analyses the security of the proposed protocol through a formal analysis which proves that the information is stored confidentially and is protected offering strong resilience to relevant security attacks. The computational cost and communication cost of the proposed scheme is analyzed and compared to related work to show that the proposed scheme has an improved tradeoff for computational cost, communication cost and security

Proceedings of the 3rd International Workshop on Formal Aspects in Security and Trust (FAST2005)

The present report contains the pre-proceedings of the third international Workshop on Formal Aspects in Security and Trust (FAST2005), held in Newcastle upon Tyne, 18-19 July 2005. FAST is an event affliated with the Formal Methods 2005 Congress (FM05). The third international Workshop on Formal Aspects in Security and Trust (FAST2005) aims at continuing the successful effort of the previous two FAST workshop editions for fostering the cooperation among researchers in the areas of security and trust. The new challenges offered by the so-called ambient intelligence space, as a future paradigm in the information society, demand for a coherent and rigorous framework of concepts, tools and methodologies to provide user\u27s trust&confidence on the underlying communication/interaction infrastructure. It is necessary to address issues relating to both guaranteeing security of the infrastructure and the perception of the infrastructure being secure. In addition, user confidence on what is happening must be enhanced by developing trust models effective but also easily comprehensible and manageable by users

Formal Methods for Trustworthy Voting Systems : From Trusted Components to Reliable Software

Voting is prominently an important part of democratic societies, and its outcome may have a dramatic and broad impact on societal progress. Therefore, it is paramount that such a society has extensive trust in the electoral process, such that the system’s functioning is reliable and stable with respect to the expectations within society. Yet, with or without the use of modern technology, voting is full of algorithmic and security challenges, and the failure to address these challenges in a controlled manner may produce fundamental flaws in the voting system and potentially undermine critical societal aspects. In this thesis, we argue for a development process of voting systems that is rooted in and assisted by formal methods that produce transparently checkable evidence for the guarantees that the final system should provide so that it can be deemed trustworthy. The goal of this thesis is to advance the state of the art in formal methods that allow to systematically develop trustworthy voting systems that can be provenly verified. In the literature, voting systems are modeled in the following four comparatively separable and distinguishable layers: (1) the physical layer, (2) the computational layer, (3) the election layer, and (4) the human layer. Current research usually either mostly stays within one of those layers or lacks machine-checkable evidence, and consequently, trusted and understandable criteria often lack formally proven and checkable guarantees on software-level and vice versa. The contributions in this work are formal methods that fill in the trust gap between the principal election layer and the computational layer by a reliable translation of trusted and understandable criteria into trustworthy software. Thereby, we enable that executable procedures can be formally traced back and understood by election experts without the need for inspection on code level, and trust can be preserved to the trustworthy system. The works in this thesis all contribute to this end and consist in five distinct contributions, which are the following: (I) a method for the generation of secure card-based communication schemes, (II) a method for the synthesis of reliable tallying procedures, (III) a method for the efficient verification of reliable tallying procedures, (IV) a method for the computation of dependable election margins for reliable audits, (V) a case study about the security verification of the GI voter-anonymization software. These contributions span formal methods on illustrative examples for each of the three principal components, (1) voter-ballot box communication, (2) election method, and (3) election management, between the election layer and the computational layer. Within the first component, the voter-ballot box communication channel, we build a bridge from the communication channel to the cryptography scheme by automatically generating secure card-based schemes from a small formal model with a parameterization of the desired security requirements. For the second component, the election method, we build a bridge from the election method to the tallying procedure by (1) automatically synthesizing a runnable tallying procedure from the desired requirements given as properties that capture the desired intuitions or regulations of fairness considerations, (2) automatically generating either comprehensible arguments or bounded proofs to compare tallying procedures based on user-definable fairness properties, and (3) automatically computing concrete election margins for a given tallying procedure, the collected ballots, and the computed election result, that enable efficient election audits. Finally, for the third and final component, the election management system, we perform a case study and apply state-of-the-art verification technology to a real-world e-voting system that has been used for the annual elections of the German Informatics Society (GI – “Gesellschaft für Informatik”) in 2019. The case study consists in the formal implementation-level security verification that the voter identities are securely anonymized and the voters’ passwords cannot be leaked. The presented methods assist the systematic development and verification of provenly trustworthy voting systems across traditional layers, i.e., from the election layer to the computational layer. They all pursue the goal of making voting systems trustworthy by reliable and explainable formal requirements. We evaluate the devised methods on minimal card-based protocols that compute a secure AND function for two different decks of cards, a classical knock-out tournament and several Condorcet rules, various plurality, scoring, and Condorcet rules from the literature, the Danish national parliamentary elections in 2015, and a state-of-the-art electronic voting system that is used for the German Informatics Society’s annual elections in 2019 and following

Input Secrecy & Output Privacy: Efficient Secure Computation of Differential Privacy Mechanisms

Data is the driving force of modern businesses. For example, customer-generated data is collected by companies to improve their products, discover emerging trends, and provide insights to marketers. However, data might contain personal information which allows to identify a person and violate their privacy. Examples of privacy violations are abundant – such as revealing typical whereabout and habits, financial status, or health information, either directly or indirectly by linking the data to other available data sources. To protect personal data and regulate its collection and processing, the general data protection regulation (GDPR) was adopted by all members of the European Union. Anonymization addresses such regulations and alleviates privacy concerns by altering personal data to hinder identification. Differential privacy (DP), a rigorous privacy notion for anonymization mechanisms, is widely deployed in the industry, e.g., by Google, Apple, and Microsoft. Additionally, cryptographic tools, namely, secure multi-party computation (MPC), protect the data during processing. MPC allows distributed parties to jointly compute a function over their data such that only the function output is revealed but none of the input data. MPC and DP provide orthogonal protection guarantees. MPC provides input secrecy, i.e., MPC protects the inputs of a computation via encrypted processing. DP provides output privacy, i.e., DP anonymizes the output of a computation via randomization. In typical deployments of DP the data is randomized locally, i.e., by each client, and aggregated centrally by a server. MPC allows to apply the randomization centrally as well, i.e., only once, which is optimal for accuracy. Overall, MPC and DP augment each other nicely. However, universal MPC is inefficient – requiring large computation and communication overhead – which makes MPC of DP mechanisms challenging for general real-world deployments. In this thesis, we present efficient MPC protocols for distributed parties to collaboratively compute DP statistics with high accuracy. We support general rank-based statistics, e.g., min, max, median, as well as decomposable aggregate functions, where local evaluations can be efficiently combined to global ones, e.g., for convex optimizations. Furthermore, we detect heavy hitters, i.e., most frequently appearing values, over known as well as unknown data domains. We prove the semi-honest security and differential privacy of our protocols. Also, we theoretically analyse and empirically evaluate their accuracy as well as efficiency. Our protocols provide higher accuracy than comparable solutions based on DP alone. Our protocols are efficient, with running times of seconds to minutes evaluated in real-world WANs between Frankfurt and Ohio (100 ms delay, 100 Mbits/s bandwidth), and have modest hardware requirements compared to related work (mainly, 4 CPU cores at 3.3 GHz and 2 GB RAM per party). Additionally, our protocols can be outsourced, i.e., clients can send encrypted inputs to few servers which run the MPC protocol on their behalf

Efficient Power Allocation Schemes for Hybrid Decode-Amplify-Forward Relay Based Wireless Cooperative Network

Cooperative communication in various wireless domains, such as cellular networks, sensor networks and wireless ad hoc networks, has gained significant interest recently. In cooperative network, relays between the source and the destination, form a virtual MIMO that creates spatial diversity at the destination, which overcomes the fading effect of wireless channels. Such relay assisted schemes have potential to increase the channel capacity and network coverage. Most current research on cooperative communication are focused broadly on efficient protocol design and analysis, resource allocation, relay selection and cross layer optimization. The first part of this research aims at introducing hybrid decode-amplify-forward (HDAF) relaying in a distributed Alamouti coded cooperative network. Performance of such adaptive relaying scheme in terms of symbol error rate (SER), outage probability and average channel capacity is derived theoretically and verified through simulation based study. This work is further extended to a generalized multi HDAF relaying cooperative frame work. Various efficient power allocation schemes such as maximized channel capacity based, minimized SER based and total power minimization based are proposed and their superiority in performance over the existing equal power allocation scheme is demonstrated in the simulation results. Due to the broadcast nature of wireless transmission, information privacy in wireless networks becomes a critical issue. In the context of physical layer security, the role of multi HDAF relaying based cooperative model with control jamming and multiple eavesdroppers is explored in the second part of the research. Performance evaluation parameters such as secrecy rate, secrecy outage and intercept probability are derived theoretically. Further the importance of the proposed power allocation schemes in enhancing the secrecy performance of the network in the presence of multiple eavesdroppers is studied in detail through simulation based study and analysis. For all the proposed power allocation schemes in this research, the optimization problems are defined under total power constraint and are solved using Lagrange multiplier method and also evolutionary algorithms such as Differential evolution and Invasive Weed Optimization are employed. Monte Carlo simulation based study is adopted throughout the research. It is concluded that HDAF relaying based wireless cooperative network with optimal power allocation schemes offers improved and reliable performance compared to conventional amplify forward and decode forward relaying schemes. Above research contributions will be applicable for future generation wireless cooperative networks