APTE: An Algorithm for Proving Trace Equivalence

This paper presents APTE, a new tool for automatically proving the security of cryptographic protocols. It focuses on proving trace equivalence between processes, which is crucial for specifying privacy type properties such as anonymity and unlinkability. The tool can handle protocols expressed in a calculus similar to the applied-pi calculus, which allows us to capture most existing protocols that rely on classical cryptographic primitives. In particular, APTE handles private channels and else branches in protocols with bounded number of sessions. Unlike most equivalence verifier tools, APTE is guaranteed to terminate Moreover, APTE is the only tool that extends the usual notion of trace equivalence by considering ``side-channel'' information leaked to the attacker such as the length of messages and the execution times. We illustrate APTE on different case studies which allowed us to automatically (re)-discover attacks on protocols such as the Private Authentication protocol or the protocols of the electronic passports

Heuristic Methods for Security Protocols

Model checking is an automatic verification technique to verify hardware and software systems. However it suffers from state-space explosion problem. In this paper we address this problem in the context of cryptographic protocols by proposing a security property-dependent heuristic. The heuristic weights the state space by exploiting the security formulae; the weights may then be used to explore the state space when searching for attacks

Scyther : semantics and verification of security protocols

Recent technologies have cleared the way for large scale application of electronic communication. The open and distributed nature of these communications implies that the communication medium is no longer completely controlled by the communicating parties. As a result, there has been an increasing demand for research in establishing secure communications over insecure networks, by means of security protocols. In this thesis, a formal model for the description and analysis of security protocols at the process level is developed. At this level, under the assumption of perfect cryptography, the analysis focusses on detecting aws and vulnerabilities of the security protocol. Starting from ??rst principles, operational semantics are developed to describe security protocols and their behaviour. The resulting model is parameterized, and can e.g. capture various intruder models, ranging from a secure network with no intruder, to the strongest intruder model known in literature. Within the security protocol model various security properties are de??ned, such as secrecy and various forms of authentication. A number of new results about these properties are formulated and proven correct. Based on the model, an automated veri??cation procedure is developed, which signi ??cantly improves over existing methods. The procedure is implemented in a prototype, which outperforms other tools. Both the theory and tool are applied in two novel case studies. Using the tool prototype, new results are established in the area of protocol composition, leading to the discovery of a class of previously undetected attacks. Furthermore, a new protocol in the area of multiparty authentication is developed. The resulting protocol is proven correct within the framework

Computer Aided Verification

This open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency

Computer Aided Verification

This open access two-volume set LNCS 11561 and 11562 constitutes the refereed proceedings of the 31st International Conference on Computer Aided Verification, CAV 2019, held in New York City, USA, in July 2019. The 52 full papers presented together with 13 tool papers and 2 case studies, were carefully reviewed and selected from 258 submissions. The papers were organized in the following topical sections: Part I: automata and timed systems; security and hyperproperties; synthesis; model checking; cyber-physical systems and machine learning; probabilistic systems, runtime techniques; dynamical, hybrid, and reactive systems; Part II: logics, decision procedures; and solvers; numerical programs; verification; distributed systems and networks; verification and invariants; and concurrency

An Efficient Secure Group Authenticated Key Agreement Protocol for Wireless Sensor Networks in IoT Environment

Internet of Things(IoT) consist of interconnected devices for transmitting and receiving the data over the network. Key management is important for data confidentiality while transmitting in an open network. Even though several key management techniques are feasible to use, still obtaining a key management technique is a challenge with respect to energy and computational cost. The main intention of this work is to discover and overcome the design issues of the existing system and implement a lightweight and secure solution for that issue. The existing system has a fatal security flaw that leads to the unavailability of a complete system which is considered a huge problem in Internet of things. To overcome this issue, an authenticated key management protocol is proposed which deals with the problem of single point of failure and maintains the security properties of the existing system. An authenticated scheme is provided using elliptic curve and hash functions. This scheme also provides client addition, deletion and key freshness. Security analysis and computation complexity has been also discussed. We experimented proposed algorithm and tested with Scyther verification tool. The design overcomes the issues of an existing system by utilizing our scheme in peer to peer network. This network resolves the issue of a single point of failure (SPOF) by distributing the resources and services to the multiple nodes in the network. It will dissolve the problem of SPOF and will increase the reliability and scalability of the IoT system

Applying Formal Methods to Networking: Theory, Techniques and Applications

Despite its great importance, modern network infrastructure is remarkable for the lack of rigor in its engineering. The Internet which began as a research experiment was never designed to handle the users and applications it hosts today. The lack of formalization of the Internet architecture meant limited abstractions and modularity, especially for the control and management planes, thus requiring for every new need a new protocol built from scratch. This led to an unwieldy ossified Internet architecture resistant to any attempts at formal verification, and an Internet culture where expediency and pragmatism are favored over formal correctness. Fortunately, recent work in the space of clean slate Internet design---especially, the software defined networking (SDN) paradigm---offers the Internet community another chance to develop the right kind of architecture and abstractions. This has also led to a great resurgence in interest of applying formal methods to specification, verification, and synthesis of networking protocols and applications. In this paper, we present a self-contained tutorial of the formidable amount of work that has been done in formal methods, and present a survey of its applications to networking.Comment: 30 pages, submitted to IEEE Communications Surveys and Tutorial

Верификация протоколов безопасности на основе комбинированного использования существующих методов и средств

This paper evaluates existing approaches to the security protocols verification and explains why it is impossible to thoroughly verify security protocols using only one of them. To solve this problem combined verification approach which is based on the assembly of strong sides specific for different existing approaches and tools is suggested.В настоящей статье анализируются существующие подходы к верификации протоколов безопасности и демонстрируется невозможность полноценной верификации протоколов безопасности в рамках только одного из подходов. Для решения данной задачи предлагается комбинированный подход к верификации, основанный на объединении сильных сторон существующих методов и средств

Reasoning about recognizability in security protocols

Although verifying a message has long been recognized as an important concept, which has been used explicitly or implicitly in security protocol analysis, there is no consensus on its exact meaning. Such a lack of formal treatment of the concept makes it extremely difficult to evaluate the vulnerability of security protocols. This dissertation offers a precise answer to the question: What is meant by saying that a message can be "verified''? The core technical innovation is a third notion of knowledge in security protocols -- recognizability. It can be considered as intermediate between deduction and static equivalence, two classical knowledge notions in security protocols. We believe that the notion of recognizability sheds important lights on the study of security protocols. More specifically, this thesis makes four contributions. First, we develop a knowledge model to capture an agent's cognitive ability to understand messages. Thanks to a clear distinction between de re/dicto interpretations of a message, the knowledge model unifies both computational and symbolic views of cryptography gracefully. Second, we propose a new notion of knowledge in security protocols -- recognizability -- to fully capture one's ability or inability to cope with potentially ambiguous messages. A terminating procedure is given to decide recognizability under the standard Dolev-Yao model. Third, we establish a faithful view of the attacker based on recognizability. This yields new insights into protocol compilations and protocol implementations. Specifically, we identify two types of attacks that can be thawed through adjusting the protocol implementation; and show that an ideal implementation that corresponds to the intended protocol semantics does not always exist. Overall, the obtained attacker's view provides a path to more secure protocol designs and implementations. Fourth, we use recognizability to provide a new perspective on type-flaw attacks. Unlike most previous approaches that have focused on heuristic schemes to detect or prevent type-flaw attacks, our approach exposes the enabling factors of such attacks. Similarly, we apply the notion of recognizability to analyze off-line guessing attacks. Without enumerating rules to determine whether a guess can be "verified'', we derive a new definition based on recognizability to fully capture the attacker's guessing capabilities. This definition offers a general framework to reason about guessing attacks in a symbolic setting, independent of specific intruder models. We show how the framework can be used to analyze both passive and active guessing attacks

A system for computational analysis and reconstruction of 3D comminuted bone fractures

High energy impacts at joint locations often generate highly fragmented, or comminuted bone fractures. A leading current approach for treatment requires physicians qualitatively to classify the fracture to one of four possible fracture severity cases. Each case then has a sequence of best-practices for obtaining the best possible prognosis for the patient. It has been observed that qualitative evaluation of fracture severity by physicians can vary significantly which can lead to potential mis-classification and mis-treatment of these fracture cases. Major indicators of fracture severity are (i) fracture surface area, i.e., how much surface area was generated when the bone broke apart and (ii) dispersion, i.e., how far the fragments have rotated and translated from their original anatomic positions. Work in this dissertation develops computational tools that solve the bone puzzle-solving problem automatically or semi-automatically and extract previously unavailable quantitative information for these indicators from each bone fragment that are intended to assist physicians in making a more accurate and reliable fracture severity classification. The system applies novel three-dimensional (3D) puzzle-solving algorithms to identify the fracture fragments in the CT image data and piece them back together in a virtual environment. Doing so provides quantitative values for both fracture surface area and dispersion that reduce variability in fracture severity classifications and prevent mis-diagnosis for fracture cases that may be difficult to qualitatively classify using traditional approaches. This dissertation describes the system, the underlying algorithms and demonstrates the virtual reconstruction results and quantitative analysis of comminuted bone fractures from six clinical cases