Qian-Qian Lin,Shu-Ling Wang,Bo-Hua Zhan,Bin Gu

DOI: https://doi.org/10.1007/s11390-020-0537-8

IF: 1.871

2020-11-01

Journal of Computer Science and Technology

Abstract:Real-Time Publish and Subscribe (RTPS) protocol is a protocol for implementing message exchange over an unreliable transport in data distribution service (DDS). Formal modelling and verification of the protocol provide stronger guarantees of its correctness and efficiency than testing alone. In this paper, we build formal models for the RTPS protocol using Uppaal and Simulink/Stateflow. Modelling using Simulink/Stateflow allows analyzing the protocol through simulation, as well as generate executable code. Modelling using Uppaal allows us to verify properties of the model stated in TCTL (Timed Computation Tree Logic), as well as estimate its performance using statistical model checking. We further describe a procedure for translation from Stateflow to timed automata, where a subset of major features in Stateflow is supported, and prove the soundness statement that the Stateflow model is a refinement of the translated timed automata model. As a consequence, any property in a certain fragment of TCTL that we have verified for the timed automata model in Uppaal is preserved for the original Stateflow model.

computer science, software engineering, hardware & architecture

Tieming Chen,Zhenbo Yu,Shijian Li,Bo Chen

DOI: https://doi.org/10.1155/2016/8797568

IF: 2.336

2016-01-01

Journal of Sensors

Abstract:Model checking has successfully been applied on verification of security protocols, but the modeling process is always tedious and proficient knowledge of formal method is also needed although the final verification could be automatic depending on specific tools. At the same time, due to the appearance of novel kind of networks, such as wireless sensor networks (WSN) and wireless body area networks (WBAN), formal modeling and verification for these domain-specific systems are quite challenging. In this paper, a specific and novel formal modeling and verification method is proposed and implemented using an expandable tool called PAT to do WSN-specific security verification. At first, an abstract modeling data structure for CSP#, which is built in PAT, is developed to support the nodemobility related specification for modeling location-based node activity. Then, the traditional Dolev Yao model is redefined to facilitate modeling of location-specific attack behaviors on security mechanism. A throughout formal verification application on a location-based security protocol in WSN is described in detail to show the usability and effectiveness of the proposed methodology. Furthermore, also a novel location-based authentication security protocol in WBAN can be successfully modeled and verified directly using our method, which is, to the best of our knowledge, the first effort on employing model checking for automatic analysis of authentication protocol for WBAN.

Junya Xu,Jiaqi Yin,Huibiao Zhu,Lili Xiao

DOI: https://doi.org/10.2298/csis210707057x

2023-01-01

Computer Science and Information Systems

Abstract:Apache Kafka is an open source distributed messaging system based on the publish-subscribe model, which achieves low latency, high throughput and good load balancing. As a popular messaging system, the transmission of messages between applications is one of the core functions of Kafka. Therefore, the reliability and security of data in the process of message transmission in Kafka have become the focus of attention. The formal methods can analyze whether a model is highly credible. Therefore, it is significant to analyze Kafka messaging mechanism which describes the communication process and rules between each module entity in Kafka from the perspective of formal methods. In this paper, we apply the process algebra CSP (Communicating Sequential Processes) and the model checking tool PAT (Process Analysis Toolkit) to analyze Kafka messaging mechanism. The results of verification show that the model caters for its specification and guarantees the reliability of messages in the normal communication process. Moreover, in order to further analyze the security of Kafka messaging mechanism, we add the intruder model and the authentication protocol Kerberos model and compare the verification results of Kafka messaging mechanism with or without the secure protocol Kerberos. The results show that the Kerberos protocol has improved the security of Kafka messaging mechanism in some aspects, but there are still some security loopholes.

computer science, information systems, software engineering

Ning Yang,Hao Jiang,Daoxing Guo,Yuan Liu,Guoru Ding,Zhen Chen,Zhaohui Yang

DOI: https://doi.org/10.1109/lcomm.2024.3419829

IF: 3.5529

2024-01-01

IEEE Communications Letters

Abstract:The reliability and accuracy of cooperative spectrum sensing (CSS) in cognitive radio networks (CRNs) are highly dependent on the integrity of the shared spectrum sensing data. However, driven by selfishness and malicious intentions, secondary users (SUs) may launch SSDF attacks, resulting in the damage to the integrity of sensing data, which will seriously affect the performance of CRNs, especially under massive SSDF attacks. Therefore, a blockchain-based CSS model is firstly proposed and a reputation-based consensus mechanism, named proof of reputation (PoR), is designed to enable CSS to countermeasure massive SSDF attacks in an environmentally friendly manner while supporting the operation of blockchain. Secondly, a reputation evaluation scheme based on extended sensing time and transmission result is developed to evaluate the reputation of SUs. In addition, in order to maximize the recognition performance of SSDF attacks, a closed-form expression of the optimal decision threshold constrained by the misjudged probability of honest SU is derived. Finally, the effectiveness and superiority of the proposed PoR consensus algorithm against massive SSDF attacks are demonstrated by comparing the simulation with the existing solutions.

Ruffin White,Gianluca Caiazza,Chenxu Jiang,Xinyue Ou,Zhiyue Yang,Agostino Cortesi,Henrik Christensen

DOI: https://doi.org/10.48550/arXiv.1908.05310

2019-08-15

Abstract:Distribution Service (DDS) is a realtime peer-to-peer protocol that serves as a scalable middleware between distributed networked systems found in many Industrial IoT domains such as automotive, medical, energy, and defense. Since the initial ratification of the standard, specifications have introduced a Security Model and Service Plugin Interface (SPI) architecture, facilitating authenticated encryption and data centric access control while preserving interoperable data exchange. However, as Secure DDS v1.1, the default plugin specifications presently exchanges digitally signed capability lists of both participants in the clear during the crypto handshake for permission attestation; thus breaching confidentiality of the context of the connection. In this work, we present an attacker model that makes use of network reconnaissance afforded by this leaked context in conjunction with formal verification and model checking to arbitrarily reason about the underlying topology and reachability of information flow, enabling targeted attacks such as selective denial of service, adversarial partitioning of the data bus, or vulnerability excavation of vendor implementations.

Cryptography and Security,Networking and Internet Architecture

Yu Jiang,Houbing Song,Rui Wang,Ming Gu,Jiaguang Sun,Lui Sha

DOI: https://doi.org/10.1109/tii.2016.2573762

IF: 12.3

2017-01-01

IEEE Transactions on Industrial Informatics

Abstract:Wireless medical cyber-physical systems are widely adopted in the daily practices of medicine, where huge amounts of data are sampled by the wireless medical devices and sensors, and is passed to the decision support systems (DSSs). Many text-based guidelines have been encoded for work-flow simulation of DSS to automate health care based on those collected data. But for some complex and life-critical diseases, it is highly desirable to automatically rigorously verify some complex temporal properties encoded in those data, which brings new challenges to current simulation-based DSS with limited support of automatical formal verification and real-time data analysis. In this paper, we conduct the first study on applying runtime verification to cooperate with current DSS based on real-time data. Within the proposed technique, a user-friendly domain specific language, named DRTV, is designed to specify vital real-time data sampled by medical devices and temporal properties originated from clinical guidelines. Some interfaces are developed for data acquisition and communication. Then, for medical practice scenarios described in DRTV model, we will automatically generate event sequences and runtime property verifier automata. If a temporal property violates, real-time warnings will be produced by the formal verifier and passed to medical DSS. We have used DRTV to specify different kinds of medical care scenarios and have applied the proposed technique to assist existing wireless medical cyber-physical system. As presented in experiment results, in terms of warning detection, it outperforms the only use of DSS or human inspection, and improves the quality of clinical health care of hospital.

Liron Schiff,Kashyap Thimmaraju,Stefan Schmid

DOI: https://doi.org/10.48550/arXiv.1609.02324

2016-09-08

Abstract:Computer networks today typically do not provide any mechanisms to the users to learn, in a reliable manner, which paths have (and have not) been taken by their packets. Rather, it seems inevitable that as soon as a packet leaves the network card, the user is forced to trust the network provider to forward the packets as expected or agreed upon. This can be undesirable, especially in the light of today's trend toward more programmable networks: after a successful cyber attack on the network management system or Software-Defined Network (SDN) control plane, an adversary in principle has complete control over the network. This paper presents a low-cost and efficient solution to detect misbehaviors and ensure trustworthy routing over untrusted or insecure providers, in particular providers whose management system or control plane has been compromised (e.g., using a cyber attack). We propose Routing-Verification-as-a-Service (RVaaS): RVaaS offers clients a flexible interface to query information relevant to their traffic, while respecting the autonomy of the network provider. RVaaS leverages key features of OpenFlow-based SDNs to combine (passive and active) configuration monitoring, logical data plane verification and actual in-band tests, in a novel manner.

Networking and Internet Architecture

Yuteng Lu,Meng Sun

DOI: https://doi.org/10.1142/s021819401840020x

2018-01-01

Abstract:IEEE 802.11i is the IEEE standard that provides enhanced MAC security and has been widely used in wireless networks and Internet of Things. It improves IEEE 802.11 (1999) by providing a Robust Security Network (RSN) with two new protocols: the Four-Way Handshake and the Group Key Handshake. These protocols utilize the authentication services and port access control described in IEEE 802.1X to establish and change the appropriate cryptographic keys. In this paper, we carry out a formal modeling and verification approach based on timed automata for IEEE 802.11i protocol, using the UPPAAL model checker, to check correctness of the changes in IEEE 802.11i protocol and provide better security.

Muhammad Saqib Nawaz,Meng Sun,Basit Shahzad,M. Ikram Ullah Lali,Tariq Umer,Shaohua Wan

DOI: https://doi.org/10.1002/ett.3742

IF: 3.6

2019-01-01

Transactions on Emerging Telecommunications Technologies

Abstract:Reliable data transmission during communication in Internet of things (IoT)–based systems has gained much interest in last few years due to the current growth and huge investment in such systems. Message Queue Telemetry Transport (MQTT) is an open publish/subscribe–based messaging protocol that is widely used for device communication in IoT. For data transmission between devices, different levels of quality of service (QoS) are used in MQTT. In this paper, we provide a formal model for MQTT protocol under the Unifying Theories of Programming (UTP) semantic framework, where QoS levels in MQTT are modeled as designs in UTP. Refinement and equivalence relations between QoS levels can be established naturally via implication between predicates. Moreover, Prototype Verification System (PVS) is used to encode the UTP design models and some important properties as well as the refinement relation between QoS levels is proved with the PVS proof assistant.

Abu Shohel Ahmed,Aleksi Peltonen,Mohit Sethi,Tuomas Aura

2023-08-23

Abstract:Remote SIM provisioning (RSP) for consumer devices is the protocol specified by the GSM Association for downloading SIM profiles into a secure element in a mobile device. The process is commonly known as eSIM, and it is expected to replace removable SIM cards. The security of the protocol is critical because the profile includes the credentials with which the mobile device will authenticate to the mobile network. In this paper, we present a formal security analysis of the consumer RSP protocol. We model the multi-party protocol in applied pi calculus, define formal security goals, and verify them in ProVerif. The analysis shows that the consumer RSP protocol protects against a network adversary when all the intended participants are honest. However, we also model the protocol in realistic partial compromise scenarios where the adversary controls a legitimate participant or communication channel. The security failures in the partial compromise scenarios reveal weaknesses in the protocol design. The most important observation is that the security of RSP depends unnecessarily on it being encapsulated in a TLS tunnel. Also, the lack of pre-established identifiers means that a compromised download server anywhere in the world or a compromised secure element can be used for attacks against RSP between honest participants. Additionally, the lack of reliable methods for verifying user intent can lead to serious security failures. Based on the findings, we recommend practical improvements to RSP implementations, future versions of the specification, and mobile operator processes to increase the robustness of eSIM security.

Cryptography and Security

Qiwei Lu,Wenchao Huang,Xudong Gong,Xingfu Wang,Yan Xiong,Fuyou Miao

DOI: https://doi.org/10.48550/arXiv.1307.2977

2013-07-11

Abstract:With the rapid development of MANET, secure and practical authentication is becoming increasingly important. The existing works perform the research from two aspects, i.e., (a)secure key division and distributed storage, (b)secure distributed authentication. But there still exist several unsolved problems. Specifically, it may suffer from cheating problems and fault authentication attack, which can result in authentication failure and DoS attack towards authentication service. Besides, most existing schemes are not with satisfactory efficiency due to exponential arithmetic based on Shamir's scheme. In this paper, we explore the property of verifiable secret sharing(VSS) schemes with Chinese Remainder Theorem (CRT), then propose a secret key distributed storage scheme based on CRT-VSS and trusted computing for MANET. Specifically, we utilize trusted computing technology to solve two existing cheating problems in secret sharing area before. After that, we do the analysis of homomorphism property with CRT-VSS and design the corresponding shares-product sharing scheme with better concision. On such basis, a secure distributed Elliptic Curve-Digital Signature Standard signature (ECC-DSS) authentication scheme based on CRT-VSS scheme and trusted computing is proposed. Furthermore, as an important property of authentication scheme, we discuss the refreshing property of CRT-VSS and do thorough comparisons with Shamir's scheme. Finally, we provide formal guarantees towards our schemes proposed in this paper.

Cryptography and Security

Z ZANG,G LUO,C YIN,臧志远,罗贵明,殷翀元

DOI: https://doi.org/10.1016/S1007-0214(09)70011-2

2009-01-01

Abstract:In networks, the stable path problem (SPP) usually results in oscillations in interdomain systems and may cause systems to become unstable. With the rapid development of internet technology, the occurrence of SPPs in interdomain systems has quite recently become a significant focus of research. A framework for checking SPPs is presented in this paper with verification of an interdomain routing system using formal methods and the NuSMV software. Sufficient conditions and necessary conditions for determining SPP occurrence are presented with proof of the method's effectiveness. Linear temporal logic was used to model an interdomain routing system and its properties were analyzed. An example is included to demonstrate the method's reliability.

Xiaoguang Li,Jun Liu,Boyan Ding,Zhiwei Li,Haoyang Wu,Tao Wang

DOI: https://doi.org/10.1007/s11280-018-0654-2

2019-01-01

World Wide Web

Abstract:The WiFi security authentication mechanism combined with the PHY layer information has become a hot spot of WiFi security research. The PHY layer contains rich information such as wireless channel, device location, and signal quality. High performance WiFi verification that supports PHY layer programming has become an indispensable tool for WiFi security research. This paper designs and implements a verification platform TickSEC that supports the research of WiFi security authentication at the PHY layer. It supports real-time acquisition of PHY layer information, and offers the programmability within the PHY layer. We also give a case study of WiFi device identification using PHY layer information. Experimental results show that TickSEC can meet the needs of PHY layer WiFi authentication verification.

Shamim Ripon,Sumaya Mahbub,K. M. Intiaz-ud-Din

DOI: https://doi.org/10.7763/IJET.2013.V5.553

2014-03-08

Abstract:The advancement of mobile and wireless communication technologies in recent years introduced various adaptive protocols to adapt the need for secured communications. Security is a crucial success factor for any communication protocols, especially in mobile environment due to its ad hoc behavior. Formal verification plays an important role in development and application of safety critical systems. Formalized exhausted verification techniques to analyze the security and the safety properties of communications protocols increase and confirm the protocol confidence. SPIN is a powerful model checker that verifies the correctness of distributed communication models in a rigorous and automated fashion. This short paper proposes a SPIN based formal verification approach of a security adaptive protocol suite. The protocol suite includes a neighbor discovery mechanism and routing protocol. Both parts of the protocol suite are modeled into SPIN and exhaustively checked various temporal properties which ensure the applicability of the protocol suite in real-life applications.

Networking and Internet Architecture

Zhen Cao,Zhi Guan,Zhong Chen,Jian-Bin Hu,Li-Yong Tang

DOI: https://doi.org/10.1007/s11390-010-9330-4

2010-01-01

Abstract:Denial-of-Service (DoS) attacks are virulent to both computer and networked systems. Modeling and evaluating DoS attacks are very important issues to networked systems; they provide both mathematical foundations and theoretic guidelines to security system design. As defense against DoS has been built more and more into security protocols, this paper studies how to evaluate the risk of DoS in security protocols. First, we build a formal framework to model protocol operations and attacker capabilities. Then we propose an economic model for the risk evaluation. By characterizing the intruder capability with a probability model, our risk evaluation model specifies the “Value-at-Risk” (VaR) for the security protocols. The “Value-at-Risk” represents how much computing resources are expected to lose with a given level of confidence. The proposed model can help users to have a better understanding of the protocols they are using, and in the meantime help designers to examine their designs and get clues of improvement. Finally we apply the proposed model to analyze a key agreement protocol used in sensor networks and identify a DoS flaw there, and we also validate the applicability and effectiveness of our risk evaluation model by applying it to analyze and compare two public key authentication protocols.

Robert Abela,Christian Colombo,Axel Curmi,Mattea Fenech,Mark Vella,Angelo Ferrando

DOI: https://doi.org/10.4204/EPTCS.391.7

2023-10-04

Abstract:Autonomous and robotic systems are increasingly being trusted with sensitive activities with potentially serious consequences if that trust is broken. Runtime verification techniques present a natural source of inspiration for monitoring and enforcing the desirable properties of the communication protocols in place, providing a formal basis and ways to limit intrusiveness. A recently proposed approach, RV-TEE, shows how runtime verification can enhance the level of trust to the Rich Execution Environment (REE), consequently adding a further layer of protection around the Trusted Execution Environment (TEE). By reflecting on the implication of deploying RV in the context of trustworthy computing, we propose practical solutions to two threat models for the RV-TEE monitoring process: one where the adversary has gained access to the system without elevated privileges, and another where the adversary gains all privileges to the host system but fails to steal secrets from the TEE.

Cryptography and Security,Robotics

Zhenyu Li,Yong Ding,Honghao Gao,Bo Qu,Yujue Wang,Jun Li

DOI: https://doi.org/10.1145/3511901

IF: 5.3

2022-03-24

ACM Transactions on Internet Technology

Abstract:Edge networks are providing services for an increasing number of companies, and they can be used for communication between edge devices and edge gateways. However, the performance of edge devices varies greatly, and it is not easy to upgrade low-performance edge devices. Therefore, cyber attackers can use the vulnerability of edge devices to implement advanced persistent threat (APT) attacks. This paper proposes a network verification framework for edge networks that can minimize the upgrades needed to strengthen edge network security. First, the communication parties use the data transmitted by the given edge network. Our method uses our proposed PacketVerifier to attach verification information to the packet after it is sent and to verify and restore the packet before it reaches the receiver. Second, due to the performance requirements of edge networks, we design a new data processing structure, namely, a sliding window double ring (SWDR), to improve the performance of strict sequential protocols in parallel validation. Finally, experimental simulations show that our parallel processing algorithm has good performance in terms of network bandwidth compared with two existing packet processing algorithms. Furthermore, the proposed packet with verification information is compatible with the existing network topology, which helps PacketVerifier establish trustworthy transmission in a zero-trust environment.

computer science, information systems, software engineering

Wesley R Bezerra,Jean E Martina,Carlos B Westphall,Wesley R. Bezerra,Jean E. Martina,Carlos B. Westphall

DOI: https://doi.org/10.3390/s23156933

IF: 3.9

2023-08-04

Sensors

Abstract:There are many security challenges in IoT, especially related to the authentication of restricted devices in long-distance and low-throughput networks. Problems such as impersonation, privacy issues, and excessive battery usage are some of the existing problems evaluated through the threat modeling of this work. A formal assessment of security solutions for their compliance in addressing such threats is desirable. Although several works address the verification of security protocols, verifying the security of components and their non-locking has been little explored. This work proposes to analyze the design-time security of the components of a multi-factor authentication mechanism with a reputation regarding security requirements that go beyond encryption or secrecy in data transmission. As a result, it was observed through temporal logic that the mechanism is deadlock-free and meets the requirements established in this work. Although it is not a work aimed at modeling the security mechanism, this document provides the necessary details for a better understanding of the mechanism and, consequently, the process of formal verification of its security properties.

engineering, electrical & electronic,chemistry, analytical,instruments & instrumentation

CHEN Fu,YANG Jia-Hai,YANG Yang,WANG Yuan-Zhuo,JIA Mei-Ying

DOI: https://doi.org/10.3724/sp.j.1016.2011.01600

2011-01-01

Chinese Journal of Computers

Abstract:With formalization and modeling system,we can analyze system characteristics,verify system behavior and try to avoid conflicts through.This paper presents a behavior modeling method for network services components using process algebra,including strong simulation,strong bisimulation,timeliness,service triggers,and service content.Then the P2P discovery of nodes and firewall traversal behavior description are presented.And a network self-management protocol named RCMMS is proposed with process algebra description to verify the proposed method.

Johanna Sepulveda,Damian Aboul-Hassan,Georg Sigl,Bernd Becker,Matthias Sauer

DOI: https://doi.org/10.1109/ets.2018.8400692

2018-05-01

Abstract:Vulnerabilities and design flaws in Network-on-Chip (N oC) routers can be exploited in order to spy, modify and constraint the sensitive communication inside the Multi-Processors Systems-on-Chip (MPSoCs). Although previous works address the N oC threat, finding secure and efficient solutions to verify the security is still a challenge. In this work, we propose for the first time a method to formally verify the correctness and the security properties of a NoC router in order to provide the proper communication functionality and to avoid NoC attacks. We present a generalized-verification flow that proves a wide set of implementation-independent security-related properties to hold. We employ unbounded model checking techniques to account for the highly-sequential behaviour of the NoC systems. The evaluation results demonstrate the feasibility of our approach by presenting verification results of six different N oC routing architectures demonstrating the vulnerabilities of each design.