17 research outputs found
Timed Analysis of Security Protocols
We propose a method for engineering security protocols that are aware of
timing aspects. We study a simplified version of the well-known Needham
Schroeder protocol and the complete Yahalom protocol, where timing information
allows the study of different attack scenarios. We model check the protocols
using UPPAAL. Further, a taxonomy is obtained by studying and categorising
protocols from the well known Clark Jacob library and the Security Protocol
Open Repository (SPORE) library. Finally, we present some new challenges and
threats that arise when considering time in the analysis, by providing a novel
protocol that uses time challenges and exposing a timing attack over an
implementation of an existing security protocol
Utilization of timed automata as a verification tool for real-time security protocols
Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2010Includes bibliographical references (leaves: 85-92)Text in English; Abstract: Turkish and Englishxi, 92 leavesTimed Automata is an extension to the automata-theoretic approach to the modeling of real time systems that introduces time into the classical automata. Since it has been first proposed by Alur and Dill in the early nineties, it has become an important research area and been widely studied in both the context of formal languages and modeling and verification of real time systems. Timed automata use dense time modeling, allowing efficient model checking of time-sensitive systems whose correct functioning depend on the timing properties. One of these application areas is the verification of security protocols. This thesis aims to study the timed automata model and utilize it as a verification tool for security protocols. As a case study, the Neuman-Stubblebine Repeated Authentication Protocol is modeled and verified employing the time-sensitive properties in the model. The flaws of the protocol are analyzed and it is commented on the benefits and challenges of the model
A cost-effective, mobile platform-based, photogrammetric approach for continuous structural deformation monitoring
PhD ThesisWith the evolution of construction techniques and materials technology, the design of
modern civil engineering infrastructure has become increasingly advanced and
complex. In parallel to this, the development and application of appropriate and
efficient monitoring technologies has become essential. Improvement in the
performance of structural monitoring systems, reduction of labour and total
implementation costs have therefore become important issues that scientists and
engineers are committed to solving.
In this research, a non-intrusive structural monitoring system was developed based on
close-range photogrammetric principles. This research aimed to combine the merits of
photogrammetry and latest mobile phone technology to propose a cost-effective,
compact (portable) and precise solution for structural monitoring applications. By
combining the use of low-cost imaging devices (two or more mobile phone handsets)
with in-house control software, a monitoring project can be undertaken within a
relatively low budget when compared to conventional methods. The system uses
programmable smart phones (Google Android v.2.2 OS) to replace conventional
in-situ photogrammetric imaging stations. The developed software suite is able to
control multiple handsets to continuously capture high-quality, synchronized image
sequences for short or long-term structural monitoring purposes. The operations are
fully automatic and the system can be remotely controlled, exempting the operator
from having to attend the site, and thus saving considerable labour expense in
long-term monitoring tasks. In order to prevent the system from crashing during a
long-term monitoring scheme, an automatic system state monitoring program and a
system recovery module were developed to enhance the stability. In considering that
the image resolution for current mobile phone cameras is relatively low (in
comparison to contemporary digital SLR cameras), a target detection algorithm was
developed for the mobile platform that, when combined with dedicated target patterns,
was found to improve the quality of photogrammetric target measurement. Comparing
the photogrammetric results with physical measurements, which were measured using
a Zeiss P3 analytical plotter, the returned accuracy achieved was 1/67,000.
The feasibility of the system has been proven through the implementation of an
indoor simulation test and an outdoor experiment. In terms of using this system for
actual structural monitoring applications, the optimal relative accuracy of distance
measurement was determined to be approximately 1/28,000 under laboratory
conditions, and the outdoor experiment returned a relative accuracy of approximately
1/16,400
Time, computational complexity, and probability in the analysis of distance-bounding protocols
Many security protocols rely on the assumptions on the physical properties in which its protocol sessions will be carried out. For instance, Distance Bounding Protocols take into account the round trip time of messages and the transmission velocity to infer an upper bound of the distance between two agents. We classify such security protocols as Cyber-Physical. Time plays a key role in design and analysis of many of these protocols. This paper investigates the foundational differences and the impacts on the analysis when using models with discrete time and models with dense time. We show that there are attacks that can be found by models using dense time, but not when using discrete time. We illustrate this with an attack that can be carried out on most Distance Bounding Protocols. In this attack, one exploits the execution delay of instructions during one clock cycle to convince a verifier that he is in a location different from his actual position. We additionally present a probabilistic analysis of this novel attack. As a formal model for representing and analyzing Cyber-Physical properties, we propose a Multiset Rewriting model with dense time suitable for specifying cyber-physical security protocols. We introduce Circle-Configurations and show that they can be used to symbolically solve the reachability problem for our model, and show that for the important class of balanced theories the reachability problem is PSPACE-complete. We also show how our model can be implemented using the computational rewriting tool Maude, the machinery that automatically searches for such attacks
Time, computational complexity, and probability in the analysis of distance-bounding protocols
Many security protocols rely on the assumptions on the physical properties in which its protocol sessions will be carried out. For instance, Distance Bounding Protocols take into account the round trip time of messages and the transmission velocity to infer an upper bound of the distance between two agents. We classify such security protocols as Cyber-Physical. Time plays a key role in design and analysis of many of these protocols. This paper investigates the foundational differences and the impacts on the analysis when using models with discrete time and models with dense time. We show that there are attacks that can be found by models using dense time, but not when using discrete time. We illustrate this with an attack that can be carried out on most Distance Bounding Protocols. In this attack, one exploits the execution delay of instructions during one clock cycle to convince a verifier that he is in a location different from his actual position. We additionally present a probabilistic analysis of this novel attack. As a formal model for representing and analyzing Cyber-Physical properties, we propose a Multiset Rewriting model with dense time suitable for specifying cyber-physical security protocols. We introduce Circle-Configurations and show that they can be used to symbolically solve the reachability problem for our model, and show that for the important class of balanced theories the reachability problem is PSPACE-complete. We also show how our model can be implemented using the computational rewriting tool Maude, the machinery that automatically searches for such attacks
“Be a Pattern for the World”: The Development of a Dark Patterns Detection Tool to Prevent Online User Loss
Dark Patterns are designed to trick users into sharing more information or spending more money than they had intended to do, by configuring online interactions to confuse or add pressure to the users. They are highly varied in their form, and are therefore difficult to classify and detect. Therefore, this research is designed to develop a framework for the automated detection of potential instances of web-based dark patterns, and from there to develop a software tool that will provide a highly useful defensive tool that helps detect and highlight these patterns