A new biometric ID-based cryptography protocol and security analysis using Petri nets

This paper presents a Petri net (PN) approach to modelling, simulating, and analysing the new protocol we have proposed. This new protocol is an enhanced authentication scheme based on a biometric verification mechanism and identity based cryptography. A formal approach like Petri nets allows one to represent cryptographic protocols. For the sake of simplicity, a complex PN model will not be discussed in this paper until all attacks are demonstrated and the model proved to be secure. This paper shows how Petri nets are used to model, analyse and detect flaws in our new protocol. First, our proposed protocol is modelled without an adversary, and then a generic adversary model is added to examine all possible adversary behaviours. Finally we demonstrate how Petri nets can be used to analyse security threats such as man-in-the-middle attack, reflection attack, and parallel session attack on this protocol

Formalizing and safeguarding blockchain-based BlockVoke protocol as an ACME extension for fast certificate revocation

Certificates are integral to the security of today’s Internet. Protocols like BlockVoke allow secure, timely and efficient revocation of certificates that need to be invalidated. ACME, a scheme used by the non-profit Let’s Encrypt Certificate Authority to handle most parts of the certificate lifecycle, allows automatic and seamless certificate issuance. In this work, we bring together both protocols by describing and formalizing an extension of the ACME protocol to support BlockVoke, combining the benefits of ACME’s certificate lifecycle management and BlockVoke’s timely and secure revocations. We then formally verify this extension through formal methods such as Colored Petri Nets (CPNs) and conduct a risk and threat analysis of the ACME/BlockVoke extension using the ISSRM domain model. Identified risks and threats are mitigated to secure our novel extension. Furthermore, a proof-of-concept implementation of the ACME/BlockVoke extension is provided, bridging the gap towards deployment in the real world

Analysis of Broadcast Authentication Mechanism in Selected Network Topologies

This paper deals with simulation of the broadcast authentication protocols using Colored Petri Nets and further optimizations in Matlab environment. Typical application of broadcast authentication protocols can be configurations where only one transmitter with multiple recipients exists (such as message exchange in sensor networks routing protocols, or the leader election process in sensors network). Authentication of every packet seems to be very effective way to mitigate an attack, however resulting in increase of end-to-end delay. To mitigate this drawback, the broadcast authentication protocols have been proposed. Concept of optimization of the broadcast authentication protocol DREAM parameters in a special case of fully N-ary tree and general random topology containing the same amount of nodes with regard to delay and energy consumption minimization is showed in the paper. Protocol DREAM was taken as an example of broadcast authenticating protocol to show how Color Petri Nets can be used to create a fully functional model of the protocol

CPN Modelling And Performance Analysis Of CBHSA

Security is a major issue associated with MAs and Hosts. MAs themselves may need to be protected from the hosts they visit and vice versa. For mobile multi agents, a new Cryptography Based Hierarchical Security Architecture (CBHSA) has already been proposed in our previous work. CBHSA provides four different kinds of algorithms to secure agents during migration which combines various existing security mechanisms such as encryption and decryption, signed agreement etc. This paper gives the description of Colored Petri Net (CPN) modelling of CBHSA and analyses the performance of CBHSA against some identified parameters. Different graphs have been developed for min, max and average values of different parameters. Simulation results show that CBHSA gives expected result and secure MAs and hosts from attacks

Quantitative analysis of distributed systems

PhD ThesisComputing Science addresses the security of real-life systems by using various security-oriented technologies (e.g., access control solutions and resource allocation strategies). These security technologies signficantly increase the operational costs of the organizations in which systems are deployed, due to the highly dynamic, mobile and resource-constrained environments. As a result, the problem of designing user-friendly, secure and high efficiency information systems in such complex environment has become a major challenge for the developers. In this thesis, firstly, new formal models are proposed to analyse the secure information flow in cloud computing systems. Then, the opacity of work flows in cloud computing systems is investigated, a threat model is built for cloud computing systems, and the information leakage in such system is analysed. This study can help cloud service providers and cloud subscribers to analyse the risks they take with the security of their assets and to make security related decision. Secondly, a procedure is established to quantitatively evaluate the costs and benefits of implementing information security technologies. In this study, a formal system model for data resources in a dynamic environment is proposed, which focuses on the location of different classes of data resources as well as the users. Using such a model, the concurrent and probabilistic behaviour of the system can be analysed. Furthermore, efficient solutions are provided for the implementation of information security system based on queueing theory and stochastic Petri nets. This part of research can help information security officers to make well judged information security investment decisions

Proceedings of International Workshop "Global Computing: Programming Environments, Languages, Security and Analysis of Systems"

According to the IST/ FET proactive initiative on GLOBAL COMPUTING, the goal is to obtain techniques (models, frameworks, methods, algorithms) for constructing systems that are flexible, dependable, secure, robust and efficient. The dominant concerns are not those of representing and manipulating data efficiently but rather those of handling the co-ordination and interaction, security, reliability, robustness, failure modes, and control of risk of the entities in the system and the overall design, description and performance of the system itself. Completely different paradigms of computer science may have to be developed to tackle these issues effectively. The research should concentrate on systems having the following characteristics: • The systems are composed of autonomous computational entities where activity is not centrally controlled, either because global control is impossible or impractical, or because the entities are created or controlled by different owners. • The computational entities are mobile, due to the movement of the physical platforms or by movement of the entity from one platform to another. • The configuration varies over time. For instance, the system is open to the introduction of new computational entities and likewise their deletion. The behaviour of the entities may vary over time. • The systems operate with incomplete information about the environment. For instance, information becomes rapidly out of date and mobility requires information about the environment to be discovered. The ultimate goal of the research action is to provide a solid scientific foundation for the design of such systems, and to lay the groundwork for achieving effective principles for building and analysing such systems. This workshop covers the aspects related to languages and programming environments as well as analysis of systems and resources involving 9 projects (AGILE , DART, DEGAS , MIKADO, MRG, MYTHS, PEPITO, PROFUNDIS, SECURE) out of the 13 founded under the initiative. After an year from the start of the projects, the goal of the workshop is to fix the state of the art on the topics covered by the two clusters related to programming environments and analysis of systems as well as to devise strategies and new ideas to profitably continue the research effort towards the overall objective of the initiative. We acknowledge the Dipartimento di Informatica and Tlc of the University of Trento, the Comune di Rovereto, the project DEGAS for partially funding the event and the Events and Meetings Office of the University of Trento for the valuable collaboration

Mobile Synchronizing Petri Nets: A Choreographic Approach for Coordination in Ubiquitous Systems

AbstractThe term Ubiquitous Computing was coined by Mark Weiser almost two decades ago. Despite all the time that has passed since Weiser's vision, ubiquitous computing still has a long way ahead to become a pervasive reality. One of the reasons for this may be the lack of widely accepted formal models capable of capturing and analyzing the complexity of the new paradigm. We propose a simple Petri Net based model to study some of its main characteristics. We model both devices and software components as a special kind of coloured Petri Nets, located in locations, that can move to other locations and synchronize with other co-located nets, offering and requesting services. We obtain an amenable model for ubiquitous computing, due to its graphical representation. We present our proposal in a progressive way, first presenting a basic model where coordination is formalized by the synchronized firing of pairs of compatible transitions that offer and request a specific service, and ad hoc networks are modeled by constraining mobility by the dynamic acquisition of locality names. Next, we introduce a mechanism for the treatment of robust security properties, namely the generation of fresh private names, to be used for authentication properties