Citizen Electronic Identities using TPM 2.0

Electronic Identification (eID) is becoming commonplace in several European countries. eID is typically used to authenticate to government e-services, but is also used for other services, such as public transit, e-banking, and physical security access control. Typical eID tokens take the form of physical smart cards, but successes in merging eID into phone operator SIM cards show that eID tokens integrated into a personal device can offer better usability compared to standalone tokens. At the same time, trusted hardware that enables secure storage and isolated processing of sensitive data have become commonplace both on PC platforms as well as mobile devices. Some time ago, the Trusted Computing Group (TCG) released the version 2.0 of the Trusted Platform Module (TPM) specification. We propose an eID architecture based on the new, rich authorization model introduced in the TCGs TPM 2.0. The goal of the design is to improve the overall security and usability compared to traditional smart card-based solutions. We also provide, to the best our knowledge, the first accessible description of the TPM 2.0 authorization model.Comment: This work is based on an earlier work: Citizen Electronic Identities using TPM 2.0, to appear in the Proceedings of the 4th international workshop on Trustworthy embedded devices, TrustED'14, November 3, 2014, Scottsdale, Arizona, USA, http://dx.doi.org/10.1145/2666141.266614

On Making U2F Protocol Leakage-Resilient via Re-keying

The Universal 2nd Factor (U2F) protocol is an open authentication standard to strengthen the two-factor authentication process. It augments the existing password based infrastructure by using a specialized USB, termed as the U2F authenticator, as the 2nd factor. The U2F authenticator is assigned two fixed keys at the time of manufacture, namely the device secret key and the attestation private key. These secret keys are later used by the U2F authenticator during the Registration phase to encrypt and digitally sign data that will help in proper validation of the user and the web server. However, the use of fixed keys for the above processing leaks information through side channel about both the secrets. In this work we show why the U2F protocol is not secure against side channel attacks (SCA). We then present a countermeasure for the SCA based on re-keying technique to prevent the repeated use of the device secret key for encryption and signing. We also recommend a modification in the existing U2F protocol to minimise the effect of signing with the fixed attestation private key. Incorporating our proposed countermeasure and recommended modification, we then present a new variant of the U2F protocol that has improved security guarantees. We also briefly explain how the side channel attacks on the U2F protocol and the corresponding proposed countermeasures are similarly applicable to Universal Authentication Framework (UAF) protocol

Password Generators:Old Ideas and New

This paper considers password generators, i.e. systems designed to generate site-specific passwords on demand. Such systems are an alternative to password managers. Over the last 15 years a range of password generator systems have been described. This paper proposes the first general model for such systems, and critically examines options for instantiating this model; options considered include all those previously proposed as part of existing schemes as well as certain novel possibilities. The model enables a more objective and high-level assessment of the design of such systems; it has also been used to sketch a possible new scheme, AutoPass, intended to incorporate the best features of the prior art whilst also addressing many of the most serious shortcomings of existing systems through the inclusion of novel features.Comment: This is the full version of a paper with the same title due to be published in the proceedings of WISTP 2016 in September 201

Expressive Policy-Based Access Control for Resource-Constrained Devices

Upcoming smart scenarios enabled by the Internet of Things envision smart objects that expose services that can adapt to user behavior or be managed with the goal of achieving higher productivity, often in multi-stakeholder applications. In such environments, smart things are cheap sensors (and actuators) and, therefore, constrained devices. However, they are also critical components because of the importance of the provided information. Therefore, strong security is a must. Nevertheless, existing feasible approaches do not cope well with the principle of least privilege; they lack both expressiveness and the ability to update the policy to be enforced in the sensors. In this paper, we propose an access control model that comprises a policy language that provides dynamic fine-grained policy enforcement in the sensors based on local context conditions. This dynamic policy cycle requires a secure, efficient, and traceable message exchange protocol. For that purpose, a security protocol called Hidra is also proposed. A security and performance evaluation demonstrates the feasibility and adequacy of the proposed protocol and access control model.This work was supported in part by the Training and Research Unit through UPV/EHU under Grant UFI11/16 and in part by the Department of Economic Development and Competitiveness of the Basque Government through the Security Technologies SEKUTEK Collaborative Research Projec

Provable Security Analysis of FIDO2

We carry out the first provable security analysis of the new FIDO2 protocols, the promising FIDO Alliance\u27s proposal for a standard for passwordless user authentication. Our analysis covers the core components of FIDO2: the W3C’s Web Authentication (WebAuthn) specification and the new Client-to-Authenticator Protocol (CTAP2). Our analysis is modular. For WebAuthn and CTAP2, in turn, we propose appropriate security models that aim to capture their intended security goals and use the models to analyze their security. First, our proof confirms the authentication security of WebAuthn. Then, we show CTAP2 can only be proved secure in a weak sense; meanwhile we identify a series of its design flaws and provide suggestions for improvement. To withstand stronger yet realistic adversaries, we propose a generic protocol called sPACA and prove its strong security; with proper instantiations sPACA is also more efficient than CTAP2. Finally, we analyze the overall security guarantees provided by FIDO2 and WebAuthn+sPACA based on the security of its components. We expect that our models and provable security results will help clarify the security guarantees of the FIDO2 protocols. In addition, we advocate the adoption of our sPACA protocol as a substitute of CTAP2 for both stronger security and better performance

Development of a secure multi-factor authentication algorithm for mobile money applications

A Thesis Submitted in Fulfillment of the Requirements for the Degree of Doctor of Philosophy in Information and Communication Science and Engineering of the Nelson Mandela African Institution of Science and TechnologyWith the evolution of industry 4.0, financial technologies have become paramount and mobile money as one of the financial technologies has immensely contributed to improving financial inclusion among the unbanked population. Several mobile money schemes were developed but, they suffered severe authentication security challenges since they implemented two-factor authentication. This study focused on developing a secure multi-factor authentication (MFA) algorithm for mobile money applications. It uses personal identification numbers, one-time passwords, biometric fingerprints, and quick response codes to authenticate and authorize mobile money subscribers. Secure hash algorithm-256, Rivest-Shamir-Adleman encryption, and Fernet encryption were used to secure the authentication factors, confidential financial information and data before transmission to the remote databases. A literature review, survey, evolutionary prototyping model, and heuristic evaluation and usability testing methods were used to identify authentication issues, develop prototypes of native genuine mobile money (G-MoMo) applications, and identify usability issues with the interface designs and ascertain their usability, respectively. The results of the review grouped the threat models into attacks against privacy, authentication, confidentiality, integrity, and availability. The survey identified authentication attacks, identity theft, phishing attacks, and PIN sharing as the key mobile money systems’ security issues. The researcher designed a secure MFA algorithm for mobile money applications and developed three native G-MoMo applications to implement the designed algorithm to prove the feasibility of the algorithm and that it provided robust security. The algorithm was resilient to non-repudiation, ensured strong authentication security, data confidentiality, integrity, privacy, and user anonymity, was highly effective against several attacks but had high communication overhead and computational costs. Nevertheless, the heuristic evaluation results showed that the G-MoMo applications’ interface designs lacked forward navigation buttons, uniformity in the applications’ menu titles, search fields, actions needed for recovery, and help and documentation. Similarly, the usability testing revealed that they were easy to learn, effective, efficient, memorable, with few errors, subscriber satisfaction, easy to use, aesthetic, easy to integrate, and understandable. Implementing a secure mobile money authentication and authorisation by combining multiple factors which are securely stored helps mobile money subscribers and other stakeholders to have trust in the developed native G-MoMo applications

Modelling and verification of security requirements and stealthiness in security protocols

Traditionally, formal methods are used to verify security guarantees of a system by proving that the system meets its desired specifications. These guarantees are achieved by verifying the system's security properties, in a formal setting, against its formal specifications. This includes, for example, proving the security properties of confidentiality and authentication, in an adversarial setting, by constructing a complete formal model of the protocol. Any counterexample to this proof implies an attack on the security property. All such proofs are usually based on an ordered set of actions, generated by the protocol execution, called a trace. Both the proofs and their counterexamples can be investigated further by analysing the behaviour of these protocol traces. The attack trace might either follow the standard behaviour as per protocol semantics or show deviation from it. In the latter case, however, it should be easy for an analyst to spot any attack based on its comparison from standard traces. This thesis makes two key contributions: a novel methodology for verifying the security requirements of security protocols by only modelling the attacks against a protocol specification, and, secondly, a formal definition of ‘stealthiness’ in a protocol trace which is used to classify attacks on security protocols as either ‘stealthy’ or ‘non-stealthy’. Our first novel proposal tests security properties and then verifies the security requirements of a protocol by modelling only a subset of interactions that constitute the attacks. Using this both time and effort saving methodology, without modelling the complete protocol specifications, we demonstrate the efficacy of our technique using real attacks on one of the world's most used protocols-WPA2. We show that the process of modelling the complete protocol specifications, for verifying security properties, can be simplified by modelling only a subset of protocol specifications needed to model a given attack. We establish the merit of our novel simplified approach by identifying the inadequacy of security properties apart from augmenting and verifying the new security properties, by modelling only the attacks versus the current practice of modelling the complete protocol which is a time and effort intensive process. We find that the current security requirements for WPA2, as stated in its specification, are insufficient to ensure security. We then propose a set of security properties to be augmented to the specification to stop these attacks. Further, our method also allows us to verify if the proposed additional security requirements, if enforced correctly, would be enough to stop attacks. Second, we seek to verify the ‘stealthiness’ of protocol attacks by introducing a novel formal definition of a ‘stealthy’ trace. ‘Stealthy’ actions by a participating entity or an adversary in a protocol interaction are about camouflaging fraudulent actions as genuine ones by fine-tuning their actions to make it look like honest ones. In our model, protocols are annotated to indicate what each party will log about each communication. Given a particular logging strategy, our framework determines whether it is possible to find an attack that produces log entries indistinguishable from normal runs of the protocol, or if any attack can be detected from the log entries alone. We present an intuitive definition of when an attack is ‘stealthy’, which cannot be automatically checked directly, with regard to some logging strategy. Next, we introduce session IDs to identify unique sessions. We show that our initial intuitive definition is equivalent to a second definition using these session IDs, which can also be tested automatically in TAMARIN. We analyse various attacks on known vulnerable protocols to see, for a range of logging strategies, which can be made into stealth attacks, and which cannot. This approach compares the stealthiness of various known attacks against a range of logging strategies

Progettazione e implementazione di un servizio di autenticazione a più fattori per i servizi dell'ateneo

I sistemi di autenticazione con secondo fattore permettono una migliore protezione dell'identità digitale degli utenti. Questo lavoro descrive l'analisi e progettazione della soluzione di autenticazione a più fattori da integrare nel sistema di Ateneo, conclusasi con lo sviluppo del modulo di integrazione tra il servizio di autenticazione Web Single Sign-On dell'Università di Bologna (ADFS 3.0) e la piattaforma scelta per la fornitura (Time4ID). L'integrazione è stata effettuata programmando un Authentication Provider, costituito da una libreria di integrazione scritta in C#, capace di integrarsi con la piattaforma cloud-based di verifica del secondo fattore

An Integrative Analytical Framework for Internet of Things Security, Forensics and Intelligence

The Internet of things (IoT) has recently become an important research topic because it revolutionises our everyday life through integrating various sensors and objects to communicate directly without human intervention. IoT technology is expected to offer very promising solutions for many areas. In this thesis we focused on the crime investigation and crime prevention, which may significantly contribute to human well-being and safety. Our primary goals are to reduce the time of crime investigation, minimise the time of incident response and to prevent future crimes using collected data from smart devices. This PhD thesis consists of three distinct but related projects to reach the research goal. The main contributions can be summarised as: • A multi-level access control framework, presented in Chapter 3. This could be used to secure any collected and shared data. We decided to have this as our first contribution as it is not realistic to use data that could be altered in our prediction model or as evidence. We chose healthcare data collected from ambient sensors and uploaded to cloud storage as an example for our framework as this data is collected from multiple sources and is used by different parties. The access control system regulates access to data by defining policy attributes over healthcare professional groups and data classes classifications. The proposed access control system contains policy model, architecture model and a methodology to classify data classes and healthcare professional groups. • An investigative framework, that was discussed in Chapter 4, which contains a multi-phased process flow that coordinates different roles and tasks in IoT related-crime investigation. The framework identifies digital information sources and captures all potential evidence from smart devices in a way that guarantee potential evidence is not altered so it can be admissible in a court of law. • A deep learning multi-view model, which we demonstrated in Chapter 5, that explores the relationship between tweets, weather (a type of sensory data) and crime rate, for effective crime prediction. This contribution is motivated by the need to utilise police force deployment correctly to be present at the right times. Both the proposed investigative framework and the predictive model were evaluated and tested, and the results of these evaluations are presented in the thesis. The proposed framework and model contribute significantly to the field of crime investigation and crime prediction. We believe their application would provide higher admissibility evidence, more efficient investigations, and optimum ways to utilise law enforcement deployment based on crime rate prediction using collected sensory data

Anonymous Attestation with Subverted TPMs

Various sources have revealed that cryptographic standards and components have been subverted to undermine the security of users, reigniting research on means to achieve security in presence of such subverted components. In this paper we consider direct anonymous attestation (DAA) in this respect. This standardized protocol allows a computer with the help of an embedded TPM chip to remotely attest that it is in a healthy state. Guaranteeing that different attestations by the same computer cannot be linked was an explicit and important design goal of the standard in order to protect the privacy of the user of the computer. Surprisingly, none of the standardized or otherwise proposed DAA protocols achieves privacy when the TPM is subverted, but they all rely on the honesty of the TPM. As the TPM is a piece of hardware, it is hardly possible to tell whether or not a given TPM follows the specified protocol. In this paper we study this setting and provide a new protocol that achieves privacy also in presence of subverted TPMs