3,174 research outputs found
Security Analysis of the Consumer Remote SIM Provisioning Protocol
Remote SIM provisioning (RSP) for consumer devices is the protocol specified
by the GSM Association for downloading SIM profiles into a secure element in a
mobile device. The process is commonly known as eSIM, and it is expected to
replace removable SIM cards. The security of the protocol is critical because
the profile includes the credentials with which the mobile device will
authenticate to the mobile network. In this paper, we present a formal security
analysis of the consumer RSP protocol. We model the multi-party protocol in
applied pi calculus, define formal security goals, and verify them in ProVerif.
The analysis shows that the consumer RSP protocol protects against a network
adversary when all the intended participants are honest. However, we also model
the protocol in realistic partial compromise scenarios where the adversary
controls a legitimate participant or communication channel. The security
failures in the partial compromise scenarios reveal weaknesses in the protocol
design. The most important observation is that the security of RSP depends
unnecessarily on it being encapsulated in a TLS tunnel. Also, the lack of
pre-established identifiers means that a compromised download server anywhere
in the world or a compromised secure element can be used for attacks against
RSP between honest participants. Additionally, the lack of reliable methods for
verifying user intent can lead to serious security failures. Based on the
findings, we recommend practical improvements to RSP implementations, to future
versions of the specification, and to mobile operator processes to increase the
robustness of eSIM security.Comment: 33 pages, 8 figures, Associated ProVerif model files located at
https://github.com/peltona/rsp_mode
Using quantum key distribution for cryptographic purposes: a survey
The appealing feature of quantum key distribution (QKD), from a cryptographic
viewpoint, is the ability to prove the information-theoretic security (ITS) of
the established keys. As a key establishment primitive, QKD however does not
provide a standalone security service in its own: the secret keys established
by QKD are in general then used by a subsequent cryptographic applications for
which the requirements, the context of use and the security properties can
vary. It is therefore important, in the perspective of integrating QKD in
security infrastructures, to analyze how QKD can be combined with other
cryptographic primitives. The purpose of this survey article, which is mostly
centered on European research results, is to contribute to such an analysis. We
first review and compare the properties of the existing key establishment
techniques, QKD being one of them. We then study more specifically two generic
scenarios related to the practical use of QKD in cryptographic infrastructures:
1) using QKD as a key renewal technique for a symmetric cipher over a
point-to-point link; 2) using QKD in a network containing many users with the
objective of offering any-to-any key establishment service. We discuss the
constraints as well as the potential interest of using QKD in these contexts.
We finally give an overview of challenges relative to the development of QKD
technology that also constitute potential avenues for cryptographic research.Comment: Revised version of the SECOQC White Paper. Published in the special
issue on QKD of TCS, Theoretical Computer Science (2014), pp. 62-8
Transparent code authentication at the processor level
The authors present a lightweight authentication mechanism that verifies the authenticity of code and thereby addresses the virus and malicious code problems at the hardware level eliminating the need for trusted extensions in the operating system. The technique proposed tightly integrates the authentication mechanism into the processor core. The authentication latency is hidden behind the memory access latency, thereby allowing seamless on-the-fly authentication of instructions. In addition, the proposed authentication method supports seamless encryption of code (and static data). Consequently, while providing the software users with assurance for authenticity of programs executing on their hardware, the proposed technique also protects the software manufacturers’ intellectual property through encryption. The performance analysis shows that, under mild assumptions, the presented technique introduces negligible overhead for even moderate cache sizes
THRIVE: Threshold Homomorphic encryption based secure and privacy preserving bIometric VErification system
In this paper, we propose a new biometric verification and template
protection system which we call the THRIVE system. The system includes novel
enrollment and authentication protocols based on threshold homomorphic
cryptosystem where the private key is shared between a user and the verifier.
In the THRIVE system, only encrypted binary biometric templates are stored in
the database and verification is performed via homomorphically randomized
templates, thus, original templates are never revealed during the
authentication stage. The THRIVE system is designed for the malicious model
where the cheating party may arbitrarily deviate from the protocol
specification. Since threshold homomorphic encryption scheme is used, a
malicious database owner cannot perform decryption on encrypted templates of
the users in the database. Therefore, security of the THRIVE system is enhanced
using a two-factor authentication scheme involving the user's private key and
the biometric data. We prove security and privacy preservation capability of
the proposed system in the simulation-based model with no assumption. The
proposed system is suitable for applications where the user does not want to
reveal her biometrics to the verifier in plain form but she needs to proof her
physical presence by using biometrics. The system can be used with any
biometric modality and biometric feature extraction scheme whose output
templates can be binarized. The overall connection time for the proposed THRIVE
system is estimated to be 336 ms on average for 256-bit biohash vectors on a
desktop PC running with quad-core 3.2 GHz CPUs at 10 Mbit/s up/down link
connection speed. Consequently, the proposed system can be efficiently used in
real life applications
Survey and Systematization of Secure Device Pairing
Secure Device Pairing (SDP) schemes have been developed to facilitate secure
communications among smart devices, both personal mobile devices and Internet
of Things (IoT) devices. Comparison and assessment of SDP schemes is
troublesome, because each scheme makes different assumptions about out-of-band
channels and adversary models, and are driven by their particular use-cases. A
conceptual model that facilitates meaningful comparison among SDP schemes is
missing. We provide such a model. In this article, we survey and analyze a wide
range of SDP schemes that are described in the literature, including a number
that have been adopted as standards. A system model and consistent terminology
for SDP schemes are built on the foundation of this survey, which are then used
to classify existing SDP schemes into a taxonomy that, for the first time,
enables their meaningful comparison and analysis.The existing SDP schemes are
analyzed using this model, revealing common systemic security weaknesses among
the surveyed SDP schemes that should become priority areas for future SDP
research, such as improving the integration of privacy requirements into the
design of SDP schemes. Our results allow SDP scheme designers to create schemes
that are more easily comparable with one another, and to assist the prevention
of persisting the weaknesses common to the current generation of SDP schemes.Comment: 34 pages, 5 figures, 3 tables, accepted at IEEE Communications
Surveys & Tutorials 2017 (Volume: PP, Issue: 99
Cryptography Is Not Enough: Relay Attacks on Authenticated GNSS Signals
Civilian-GNSS is vulnerable to signal spoofing attacks, and countermeasures
based on cryptographic authentication are being proposed to protect against
these attacks. Both Galileo and GPS are currently testing broadcast
authentication techniques based on the delayed key disclosure to validate the
integrity of navigation messages. These authentication mechanisms have proven
secure against record now and replay later attacks, as navigation messages
become invalid after keys are released. This work analyzes the security
guarantees of cryptographically protected GNSS signals and shows the
possibility of spoofing a receiver to an arbitrary location without breaking
any cryptographic operation. In contrast to prior work, we demonstrate the
ability of an attacker to receive signals close to the victim receiver and
generate spoofing signals for a different target location without modifying the
navigation message contents. Our strategy exploits the essential common
reception and transmission time method used to estimate pseudorange in GNSS
receivers, thereby rendering any cryptographic authentication useless. We
evaluate our attack on a commercial receiver (ublox M9N) and a software-defined
GNSS receiver (GNSS-SDR) using a combination of open-source tools, commercial
GNSS signal generators, and software-defined radio hardware platforms. Our
results show that it is possible to spoof a victim receiver to locations around
4000 km away from the true location without requiring any high-speed
communication networks or modifying the message contents. Through this work, we
further highlight the fundamental limitations in securing a broadcast
signaling-based localization system even if all communications are
cryptographically protected
Analysis of the DoIP Protocol for Security Vulnerabilities
DoIP, which is defined in ISO 13400, is a transport protocol stack for
diagnostic data. Diagnostic data is a potential attack vector at vehicles, so
secure transmission must be guaranteed to protect sensitive data and the
vehicle. Previous work analyzed a draft version and earlier versions of the
DoIP protocol without Transport Layer Security (TLS). No formal analysis exists
for the DoIP protocol. The goal of this work is to investigate the DoIP
protocol for design flaws that may lead to security vulnerabilities and
possible attacks to exploit them. For this purpose, we deductively analyze the
DoIP protocol in a first step and subsequently confirm our conclusions
formally. For the formal analysis, we use the prover Tamarin. Based on the
results, we propose countermeasures to improve the DoIP's security.We showthat
the DoIP protocol cannot be considered secure mainly because the security
mechanisms TLS and client authentication in the DoIP protocol are not
mandatory. We propose measures to mitigate the vulnerabilities thatwe confirm
to remain after activating TLS. These require only a minor redesign of the
protocol
A survey on cyber security for smart grid communications
A smart grid is a new form of electricity network with high fidelity power-flow control, self-healing, and energy reliability and energy security using digital communications and control technology. To upgrade an existing power grid into a smart grid, it requires significant dependence on intelligent and secure communication infrastructures. It requires security frameworks for distributed communications, pervasive computing and sensing technologies in smart grid. However, as many of the communication technologies currently recommended to use by a smart grid is vulnerable in cyber security, it could lead to unreliable system operations, causing unnecessary expenditure, even consequential disaster to both utilities and consumers. In this paper, we summarize the cyber security requirements and the possible vulnerabilities in smart grid communications and survey the current solutions on cyber security for smart grid communications. © 2012 IEEE
- …