Cui Yan-Li,Zhang Xing

DOI: https://doi.org/10.1109/fitme.2009.68

2009-01-01

Abstract:During the realizing process of remote attestation, except for using trusted computing technology to protect physical security, storage security and operation security of certifier, cipher mechanism need to be combined to ensure the credibility of attestation method of certifier. This paper designs an attestation method model of property remote attestation, and applies the authentication and access control logic technology to make formal description for the participants of attestation method of property remote attestation, and finally prove the credibility of attestation method. Paper's research conclusion proves, after increasing the authority of certificate and trusted property certificate, the credibility of property remote attestation method can be guaranteed among the computing environment applying the public key infrastructure participates.

Sharar Ahmadi,Jay Le-Papin,Liqun Chen,Brijesh Dongol,Sasa Radomirovic,Helen Treharne

2024-07-12

Abstract:Collective remote attestation (CRA) is a security service that aims to efficiently identify compromised (often low-powered) devices in a (heterogeneous) network. The last few years have seen an extensive growth in CRA protocol proposals, showing a variety of designs guided by different network topologies, hardware assumptions and other functional requirements. However, they differ in their trust assumptions, adversary models and role descriptions making it difficult to uniformly assess their security guarantees. In this paper we present Catt, a unifying framework for CRA protocols that enables them to be compared systematically, based on a comprehensive study of 40 CRA protocols and their adversary models. Catt characterises the roles that devices can take and based on these we develop a novel set of security properties for CRA protocols. We then classify the security aims of all the studied protocols. We illustrate the applicability of our security properties by encoding them in the tamarin prover and verifying the SIMPLE+ protocol against them.

Cryptography and Security

Alan T. Sherman,Erin Lanus,Moses Liskov,Edward Zieglar,Richard Chang,Enis Golaszewski,Ryan Wnuk-Fink,Cyrus J. Bonyadi,Mario Yaksetig,Ian Blumenfeld

DOI: https://doi.org/10.48550/arXiv.2003.07421

2020-03-17

Abstract:We analyze the Secure Remote Password (SRP) protocol for structural weaknesses using the Cryptographic Protocol Shapes Analyzer (CPSA) in the first formal analysis of SRP (specifically, Version 3). SRP is a widely deployed Password Authenticated Key Exchange (PAKE) protocol used in 1Password, iCloud Keychain, and other products. As with many PAKE protocols, two participants use knowledge of a pre-shared password to authenticate each other and establish a session key. SRP aims to resist dictionary attacks, not store plaintext-equivalent passwords on the server, avoid patent infringement, and avoid export controls by not using encryption. Formal analysis of SRP is challenging in part because existing tools provide no simple way to reason about its use of the mathematical expression $v + g^b \mod q$. Modeling $v + g^b$ as encryption, we complete an exhaustive study of all possible execution sequences of SRP. Ignoring possible algebraic attacks, this analysis detects no major structural weakness, and in particular no leakage of any secrets. We do uncover one notable weakness of SRP, which follows from its design constraints. It is possible for a malicious server to fake an authentication session with a client, without the client's participation. This action might facilitate an escalation of privilege attack, if the client has higher privileges than does the server. We conceived of this attack before we used CPSA and confirmed it by generating corresponding execution shapes using CPSA.

Cryptography and Security

Pablo Rauzy,Sylvain Guilley

DOI: https://doi.org/10.48550/arXiv.1401.8172

2014-01-31

Cryptography and Security

Abstract:In our paper at PROOFS 2013, we formally studied a few known countermeasures to protect CRT-RSA against the BellCoRe fault injection attack. However, we left Vigilant's countermeasure and its alleged repaired version by Coron et al. as future work, because the arithmetical framework of our tool was not sufficiently powerful. In this paper we bridge this gap and then use the same methodology to formally study both versions of the countermeasure. We obtain surprising results, which we believe demonstrate the importance of formal analysis in the field of implementation security. Indeed, the original version of Vigilant's countermeasure is actually broken, but not as much as Coron et al. thought it was. As a consequence, the repaired version they proposed can be simplified. It can actually be simplified even further as two of the nine modular verifications happen to be unnecessary. Fortunately, we could formally prove the simplified repaired version to be resistant to the BellCoRe attack, which was considered a "challenging issue" by the authors of the countermeasure themselves.

Ting Chen,Huiqun Yu,Wei Chen

DOI: https://doi.org/10.1109/NSWCTC.2010.67

2010-01-01

Abstract:One of the objectives of trusted computing is to provide remote attestation method that is able to confirm the status of remote platform or application. Existing property-based attestation is based on the strong-RSA assumption and the required key length is too long. What's more, a considerable number of RSA-length operations having to be performed which lead to low computational efficiency. Bilinear parings-Based Attestation model, which based on elliptic curve discrete logarithm bilinear paring, can shorten the required key length and reduce bandwidth usage at the same premise of safety performance requirements, as well as ensure platform configurations not to be exposed to the platform while improving operating efficiency. On the other hand, the model includes many trusted computing platform parameters in order to resist replay attacks, and take use of information hiding technology to hide certificates and effectively preventing anyone with a source of certificate misuse of the certificate.

Roberto Metere,Changyu Dong

DOI: https://doi.org/10.1007/978-3-319-65127-9_22

2017-05-17

Abstract:Aiming for strong security assurance, recently there has been an increasing interest in formal verification of cryptographic constructions. This paper presents a mechanised formal verification of the popular Pedersen commitment protocol, proving its security properties of correctness, perfect hiding, and computational binding. To formally verify the protocol, we extended the theory of EasyCrypt, a framework which allows for reasoning in the computational model, to support the discrete logarithm and an abstraction of commitment protocols. Commitments are building blocks of many cryptographic constructions, for example, verifiable secret sharing, zero-knowledge proofs, and e-voting. Our work paves the way for the verification of those more complex constructions.

Cryptography and Security

CHEN Qiang,HUANG Lian-sheng,ZHAO Xiu-wen

DOI: https://doi.org/10.3969/j.issn.1001-3695.2006.06.033

2006-01-01

Abstract:This paper presents a combined analysis method for security protocols.By specifying security protocols using Common Authentication Protocol Specification Language,then convert CAPSL specification into formal inputs for other analysis tools by connector.This method can utilize the advantage of various analysis tools and ensure the accuracy of formal analysis.Meanwhile,it is convenient for analyzer.We design two CAPSL connector and give an instance.

Kangfeng Ye,Roberto Metere,Poonam Yadav

2024-10-01

Abstract:Current formal verification of security protocols relies on specialized researchers and complex tools, inaccessible to protocol designers who informally evaluate their work with emulators. This paper addresses this gap by embedding symbolic analysis into the design process. Our approach implements the Dolev-Yao attack model using a variant of CSP based on Interaction Trees (ITrees) to compile protocols into animators -- executable programs that designers can use for debugging and inspection. To guarantee the soundness of our compilation, we mechanised our approach in the theorem prover Isabelle/HOL. As traditionally done with symbolic tools, we refer to the Diffie-Hellman key exchange and the Needham-Schroeder public-key protocol (and Lowe's patched variant). We demonstrate how our animator can easily reveal the mechanics of attacks and verify corrections. This work facilitates security integration at the design level and supports further security property analysis and software-engineered integrations.

Cryptography and Security,Logic in Computer Science

Luca Arnaboldi,Roberto Metere

DOI: https://doi.org/10.48550/arXiv.1910.02656

2019-10-07

Abstract:We propose MetaCP, a Meta Cryptography Protocol verification tool, as an automated tool simplifying the design of security protocols through a graphical interface. The graphical interface can be seen as a modern editor of a non-relational database whose data are protocols. The information of protocols are stored in XML, enjoying a fixed format and syntax aiming to contain all required information to specify any kind of protocol. This XML can be seen as an almost semanticless language, where different plugins confer strict semantics modelling the protocol into a variety of back-end verification languages. In this paper, we showcase the effectiveness of this novel approach by demonstrating how easy MetaCP makes it to design and verify a protocol going from the graphical design to formally verified protocol using a Tamarin prover plugin. Whilst similar approaches have been proposed in the past, most famously the AVISPA Tool, no previous approach provides such as small learning curve and ease of use even for non security professionals, combined with the flexibility to integrate with the state of the art verification tools.

Cryptography and Security

Ting Chen,Huiqun Yu

DOI: https://doi.org/10.4304/jcp.6.2.297-304

2011-01-01

Abstract:One of the objectives of trusted computing is to provide remote attestation method that is able to confirm the status of remote platform or application. Existing property-based attestation is based on the strong-RSA assumption and the required key length is too long. What’s more, a considerable number of RSA-length operations having to be performed which lead to low computational efficiency. Bilinear parings-Based Attestation model, which based on elliptic curve discrete logarithm bilinear paring, can shorten the required key length and reduce bandwidth usage at the same premise of safety performance requirements, as well as ensure platform configurations not to be exposed to the platform while improving operating efficiency. On the other hand, the model includes many trusted computing platform parameters in order to resist replay attacks, and take use of information hiding technology to hide certificates and effectively preventing anyone with a source of certificate misuse of the certificate.

Nisansala P. Yatapanage,Cliff B. Jones

2024-10-09

Abstract:The verification of security protocols is essential, in order to ensure the absence of potential attacks. However, verification results are only valid with respect to the assumptions under which the verification was performed. These assumptions are often hidden and are difficult to identify, making it unclear whether a given protocol is safe to deploy into a particular environment. Rely/guarantee provides a mechanism for abstractly reasoning about the interference from the environment. Using this approach, the assumptions are made clear and precise. This paper investigates this approach on the Needham-Schroeder Public Key protocol, showing that the technique can effectively uncover the assumptions under which the protocol can withstand attacks from intruders.

Logic in Computer Science

Craig Disselkoen,Aaron Eline,Shaobo He,Kyle Headley,Michael Hicks,Kesha Hietala,John Kastner,Anwar Mamat,Matt McCutchen,Neha Rungta,Bhakti Shah,Emina Torlak,Andrew Wells

2024-07-02

Abstract:This paper presents verification-guided development (VGD), a software engineering process we used to build Cedar, a new policy language for expressive, fast, safe, and analyzable authorization. Developing a system with VGD involves writing an executable model of the system and mechanically proving properties about the model; writing production code for the system and using differential random testing (DRT) to check that the production code matches the model; and using property-based testing (PBT) to check properties of unmodeled parts of the production code. Using VGD for Cedar, we can build fast, idiomatic production code, prove our model correct, and find and fix subtle implementation bugs that evade code reviews and unit testing. While carrying out proofs, we found and fixed 4 bugs in Cedar's policy validator, and DRT and PBT helped us find and fix 21 additional bugs in various parts of Cedar.

Software Engineering

Kai Yang,Cong Tian,Nan Zhang,Zhenhua Duan,Hongwei Du

DOI: https://doi.org/10.1109/tr.2021.3118877

IF: 5.883

2021-12-01

IEEE Transactions on Reliability

Abstract:In this article, we present an approach based on counterexample-guided abstraction refinement to verifying full regular temporal properties of C programs by means of combining both static analysis and dynamic verification. To this end, a desired property is specified by a propositional projection temporal logic formula $p$, and the labeled normal form graph (LNFG) of $\lnot p$ is automatically produced. Furthermore, the control flow automaton of the C program is constructed, and an enriched abstract reachability tree is generated under the guidance of the LNFG. Throughout the construction of the eART, whenever a candidate counterexample $cp$ is found, a verification input w.r.t $cp$ is generated by the SMT solver Z3. Subsequently, the C program is converted into a modeling, simulation, and verification language (MSVL) program $m$, and $\lnot p$ is also transformed to an MSVL program $m^{\prime }$. As a result, $m\; \text{and} \;m^{\prime }$ is executed to check whether the counterexample is spurious. The $cp$ is returned if it is a real counterexample; otherwise, the eART is refined. This process is repeated until no counterexample is found, namely the property is valid, or the counterexample is a real one The proposed approach enables us to not only verify full regular properties of C programs, but also produce precise results, neither false negatives nor false positives. The approach has been implemented in a tool named SDMC. Experiments show that SDMC outperforms the relevant tools available.

engineering, electrical & electronic,computer science, software engineering, hardware & architecture

Junya Xu,Jiaqi Yin,Huibiao Zhu,Lili Xiao

DOI: https://doi.org/10.2298/csis210707057x

2023-01-01

Computer Science and Information Systems

Abstract:Apache Kafka is an open source distributed messaging system based on the publish-subscribe model, which achieves low latency, high throughput and good load balancing. As a popular messaging system, the transmission of messages between applications is one of the core functions of Kafka. Therefore, the reliability and security of data in the process of message transmission in Kafka have become the focus of attention. The formal methods can analyze whether a model is highly credible. Therefore, it is significant to analyze Kafka messaging mechanism which describes the communication process and rules between each module entity in Kafka from the perspective of formal methods. In this paper, we apply the process algebra CSP (Communicating Sequential Processes) and the model checking tool PAT (Process Analysis Toolkit) to analyze Kafka messaging mechanism. The results of verification show that the model caters for its specification and guarantees the reliability of messages in the normal communication process. Moreover, in order to further analyze the security of Kafka messaging mechanism, we add the intruder model and the authentication protocol Kerberos model and compare the verification results of Kafka messaging mechanism with or without the secure protocol Kerberos. The results show that the Kerberos protocol has improved the security of Kafka messaging mechanism in some aspects, but there are still some security loopholes.

computer science, information systems, software engineering

Yuan Zhang,Chunxiang Xu,Shui Yu,Hongwei Li,Xiaojun Zhang

DOI: https://doi.org/10.1109/tcss.2016.2517205

2015-01-01

IEEE Transactions on Computational Social Systems

Abstract:Cyber-physical-social system (CPSS) allows individuals to share personal information collected from not only cyberspace but also physical space. This has resulted in generating numerous data at a user's local storage. However, it is very expensive for users to store large data sets, and it also causes problems in data management. Therefore, it is of critical importance to outsource the data to cloud servers, which provides users an easy, cost-effective, and flexible way to manage data, whereas users lose control on their data once outsourcing their data to cloud servers, which poses challenges on integrity of outsourced data. Many schemes have been proposed to allow a third-party auditor to verify data integrity using the public keys of users. Most of these schemes bear a strong assumption: the auditors are honest and reliable, and thereby are vulnerability in the case that auditors are malicious. Moreover, in most of these schemes, an auditor needs to manage users certificates to choose the correct public keys for verification. In this paper, we propose a secure certificateless public integrity verification scheme (SCLPV). The SCLPV is the first work that simultaneously supports certificateless public verification and resistance against malicious auditors to verify the integrity of outsourced data in CPSS. A formal security proof proves the correctness and security of our scheme. In addition, an elaborate performance analysis demonstrates that the SCLPV is efficient and practical. Compared with the only existing certificateless public verification scheme (CLPV), the SCLPV provides stronger security guarantees in terms of remedying the security vulnerability of the CLPV and resistance against malicious auditors. In comparison with the best of integrity verification scheme achieving resistance against malicious auditors, the communication cost between the auditor and the cloud server of the SCLPV is independent of the size of the processed data, meanwhile, the auditor in the SCLPV does not need to manage certificates.

Martin Duclos,Ivan A. Fernandez,Kaneesha Moore,Sudip Mittal,Edward Zieglar

2024-01-31

Abstract:This paper proposes the use of Large Language Models (LLMs) for translating Request for Comments (RFC) protocol specifications into a format compatible with the Cryptographic Protocol Shapes Analyzer (CPSA). This novel approach aims to reduce the complexities and efforts involved in protocol analysis, by offering an automated method for translating protocol specifications into structured models suitable for CPSA. In this paper we discuss the implementation of an RFC Protocol Translator, its impact on enhancing the accessibility of formal methods analysis, and its potential for improving the security of internet protocols.

Cryptography and Security,Networking and Internet Architecture,Software Engineering

Xin-xin Liu,Shao-hua Tang

DOI: https://doi.org/10.3969/j.issn.1000-565X.2013.01.012

2013-01-01

Abstract:In order to implement the formal analysis and verification of the security for automated trust negotiation (ATN), this paper takes the formal analysis methods of security protocols as references and proposes a novel approach to ATN modeling and security verification with the help of the process algebra applied π calculus. In this approach, ATN is formalized as the parallel composition of two processes corresponding to two negotiators, and the process of a negotiator is the static modeling of its certificates and authorization policies. The ATN security is defined as the observational equivalence of the applied π calculus so as to verify not only the security of the authorization policy enforcement but also the privacy of negotiators. With the help of the automatic protocol analyzer ProVerif, the security of ATN is automatically analyzed. Experimental results show that the proposed approach helps to implement automatic security verification with high feasibility and efficiency.

Litao Zhou,Jianxing Qin,Qinshi Wang,Andrew W. Appel,Qinxiang Cao

2023-10-26

Abstract:Program verifiers for imperative languages such as C may be annotation-based, in which assertions and invariants are put into source files and then checked, or tactic-based, where proof scripts separate from programs are interactively developed in a proof assistant such as Coq. Annotation verifiers have been more automated and convenient, but some interactive verifiers have richer assertion languages and formal proofs of soundness. We present VST-A, an annotation verifier that uses the rich assertion language of VST, leverages the formal soundness proof of VST, but allows users to describe functional correctness proofs intuitively by inserting assertions. VST-A analyzes control flow graphs, decomposes every C function into control flow paths between assertions, and reduces program verification problems into corresponding straightline Hoare triples. Compared to existing foundational program verification tools like VST and Iris, in VST-A, such decompositions and reductions are allowed to be nonstructural, which makes VST-A more flexible to use. VST-A's decomposition and reduction is defined in Coq, proved sound in Coq, and computed in a call-by-value way in Coq. The soundness proof for reduction is totally logical, independent of the complicated semantic model (and soundness proof) of VST's Hoare triple. Because of the rich assertion language, not all reduced proof goals can be automatically checked, but the system allows users to prove residual proof goals using the full power of the Coq proof assistant.

Programming Languages

Heidi Howard,Markus A. Kuppe,Edward Ashton,Amaury Chamayou,Natacha Crooks

2024-10-16

Abstract:The Confidential Consortium Framework (CCF) is an open-source platform for developing trustworthy and reliable cloud applications. CCF powers Microsoft's Azure Confidential Ledger service and as such it is vital to build confidence in the correctness of CCF's design and implementation. This paper reports our experiences applying smart casual verification to validate the correctness of CCF's novel distributed protocols, focusing on its unique distributed consensus protocol and its custom client consistency model. We use the term smart casual verification to describe our hybrid approach, which combines the rigor of formal specification and model checking with the pragmatism of automated testing, in our case binding the formal specification in TLA+ to the C++ implementation. While traditional formal methods approaches require substantial buy-in and are often one-off efforts by domain experts, we have integrated our smart casual verification approach into CCF's CI pipeline, allowing contributors to continuously validate CCF as it evolves. We describe the challenges we faced in applying smart casual verification to a complex existing codebase and how we overcame them to find six subtle bugs in the design and implementation before they could impact production

Distributed, Parallel, and Cluster Computing,Formal Languages and Automata Theory,Software Engineering

S. Ramya,Manivannan Doraipandian,Rengarajan Amirtharajan

DOI: https://doi.org/10.1007/s12083-024-01719-6

IF: 3.488

2024-06-02

Peer-to-Peer Networking and Applications

Abstract:The rapid expansion of Cyber-Physical Systems (CPS) is crucial for enhancing connectivity in the smart world. Encompassing smart homes, cities, agriculture, and healthcare, the broad application environment of CPS demands robust security due to diverse devices, communication protocols, and dispersed nodes. In this multi-domain landscape, ensuring authenticity becomes paramount, leading to the introduction the Secured Lightweight Authentication and Key Agreement for Cyber-Physical System (SLAKA_CPS) protocol. This protocol facilitates authentication across heterogeneous CPS devices in a resource-constrained manner, addressing communication and security concerns. Comparative analysis, including computational complexity and communication cost, reveals that SLAKA_CPS outperforms existing systems with a reduction of 11% in computing complexity, 24% in communication, and 50% in storage costs. Formal verification processes such as AVISPA, BAN logic, and ROR model reinforced the effectiveness of the proposed protocol.

computer science, information systems,telecommunications