Security Issues in the 5G Standard and How Formal Methods Come to the Rescue

International audienc

Automated Unbounded Verification of Stateful Cryptographic Protocols with Exclusive OR

International audienceExclusive-or (XOR) operations are common in cryptographic protocols, in particular in RFID protocols and electronic payment protocols. Although there are numerous applications , due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR.The TAMARIN prover is a state-of-the-art verification tool for cryptographic protocols in the symbolic model. In this paper, we improve the underlying theory and the tool to deal with an equational theory modeling XOR operations. The XOR theory can be freely combined with all equational theories previously supported, including user-defined equational theories. This makes TAMARIN the first tool to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs

Verification of Stateful Cryptographic Protocols with Exclusive OR

International audienceIn cryptographic protocols, in particular RFID protocols, exclusive-or (XOR) operations are common. Due to the inherent complexity of faithful models of XOR, there is only limited tool support for the verification of cryptographic protocols using XOR. In this paper, we improve the TAMARIN prover and its underlying theory to deal with an equational theory modeling XOR operations. The XOR theory can be combined with all equational theories previously supported, including user-defined equational theories. This makes TAMARIN the first verification tool for cryptographic protocols in the symbolic model to support simultaneously this large set of equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties including observational equivalence. We demonstrate the effectiveness of our approach by analyzing several protocols that rely on XOR, in particular multiple RFID-protocols, where we can identify attacks as well as provide proofs

Symbolically Analyzing Security Protocols Using Tamarin

During the last three decades, there has been considerable research devoted to the symbolic analysis of security protocols and existing tools have had considerable success both in detecting attacks on protocols and showing their absence. Nevertheless, there is still a large discrepancy between the symbolic models that one specifies on paper and the models that can be effectively analyzed by tools. In this paper, we present the Tamarin prover for the symbolic analysis of security protocols. Tamarin takes as input a security protocol model, specifying the actions taken by the agents running the protocol in different roles (e.g., the protocol initiator, the responder, and the trusted key server), a specification of the adversary, and a specification of the protocol’s desired properties. Tamarin can then be used to automatically construct a proof that the protocol fulfills its specified properties, even when arbitrarily many instances of the protocol’s roles are interleaved in parallel, together with the actions of the adversary

A Formal Analysis of 5G Authentication

Mobile communication networks connect much of the world's population. The security of users' calls, SMSs, and mobile data depends on the guarantees provided by the Authenticated Key Exchange protocols used. For the next-generation network (5G), the 3GPP group has standardized the 5G AKA protocol for this purpose. We provide the first comprehensive formal model of a protocol from the AKA family: 5G AKA. We also extract precise requirements from the 3GPP standards defining 5G and we identify missing security goals. Using the security protocol verification tool Tamarin, we conduct a full, systematic, security evaluation of the model with respect to the 5G security goals. Our automated analysis identifies the minimal security assumptions required for each security goal and we find that some critical security goals are not met, except under additional assumptions missing from the standard. Finally, we make explicit recommendations with provably secure fixes for the attacks and weaknesses we found.Comment: Categories (ACM class 2012): Security and privacy - Formal methods and theory of security -- Security requirements -- Formal security models -- Logic and verification; Network protocols - Protocol correctness -- Formal specifications; Security and privacy - Network security -- Mobile and wireless security - Security services -- Privacy-preserving protocol

Security Issues in the 5G Standard and How Formal Methods Come to the Rescue

International audienc

Beyond Subterm-Convergent Equational Theories in Automated Verification of Stateful Protocols (extended version)

International audienceThe TAMARIN prover is a state-of-the-art protocol verification tool. It supports verification of both trace and equivalence properties, a rich protocol specification language that includes support for global, mutable state and allows the user to specify cryptographic primitives as an arbitrary subterm convergent equational theory, in addition to several built-in theories, which include, among others, Diffie-Hellman exponentiation. In this paper, we improve the underlying theory and the tool to allow for more general user-specified equational theories: our extension supports arbitrary convergent equational theories that have the finite variant property, making TAMARIN the first tool to support at the same time this large set of user-defined equational theories, protocols with global mutable state, an unbounded number of sessions, and complex security properties. We demonstrate the effectiveness of this generalization by analyzing several protocols that rely on blind signatures, trapdoor commitment schemes, and ciphertext prefixes that were previously out of scope

CALLE LENTINI, AL LADO DEL BARRANCO GUINIGUADA [Material gráfico]

ADQUIRIDA POR EL COLECCIONISTA EN LAS PALMAS G.C.FOTO POSTAL DE LAS PALMAS UN DETALLE, CAMINO CON COCHES Y A UN LADO LA CATEDRAL. CALLE LENTINI, AL LADO DEL BARRANCO GUINIGUADACopia digital. Madrid : Ministerio de Educación, Cultura y Deporte. Subdirección General de Coordinación Bibliotecaria, 201

Assessing immunogenicity barriers of the HIV-1 envelope trimer

Understanding the balance between epitope shielding and accessibility on HIV-1 envelope (Env) trimers is essential to guide immunogen selection for broadly neutralizing antibody (bnAb) based vaccines. To investigate the antigenic space of Env immunogens, we created a strategy based on synthetic, high diversity, Designed Ankyrin Repeat Protein (DARPin) libraries. We show that DARPin Antigenicity Analysis (DANA), a purely in vitro screening tool, has the capability to extrapolate relevant information of antigenic properties of Env immunogens. DANA screens of stabilized, soluble Env trimers revealed that stronger trimer stabilization led to the selection of highly mutated DARPins with length variations and framework mutations mirroring observations made for bnAbs. By mimicking heterotypic prime-boost immunization regimens, DANA may be used to select immunogen combinations that favor the selection of trimer-reactive binders. This positions DANA as a versatile strategy for distilling fundamental antigenic features of immunogens, complementary to preclinical immunogenicity testing