Your search keyword '"Security properties"' showing total 236 results

1. Security Challenges in Wireless Sensor Network: Current Status and Future Trends.

Author

Ram, G. Mohan and Ilavarasan, E.

Subjects

WIRELESS sensor network security, WIRELESS sensor networks, TELECOMMUNICATION, WIRELESS communications, POWER resources

Abstract

WSNs have several applications in the military, the environment, and medicine. These applications often involve tracking sensor data, such as the actions of enemies on the battlefield or the position of people within a structure. As a result, Wireless sensor network (WSN) security is of prime concern. However, WSNs face many challenges, including low computing power, low memory, tight power supplies, vulnerability to physical detection, and unreliable wireless communication paths. These problems complicate the security of WSNs. This paper is an overview of the security of WSNs. This paper explains the number of security-related issues related to WSNs, including secure routing methods, various security attacks, etc. Then, the limitation of security in WSNs is examined and contrasted as challenging. Also, the pros and cons of multiple WSN security protocols are explained. For each open research question in each sub-area, conclusions are drawn regarding possible future study directions on safety in WSNs. [ABSTRACT FROM AUTHOR]

Published

2024

2. The cybersecurity of fairy tales.

Author

Viganò, Luca

Subjects

PUBLIC understanding of science, FAIRY tales, INTERNET security, LAYPERSONS

Abstract

The timeless nature of fairy tales can help uncover the timeless nature of many cybersecurity notions. Using 16 classical tales as illustration, in this article, the author shows that fairy tales are full of cybersecurity motifs and examples, and can thus be used extensively and effectively to explain cybersecurity notions. Obviously not cybersecurity as we know it today, but rather the fundamental and archetypal concepts that are at its heart. Fairy tales can thus be employed to mediate in conversations with less-knowledgeable, misinformed, or even skeptical laypersons about cybersecurity, increase their understanding and awareness, and thereby strengthen the overall cybersecurity of systems and applications. [ABSTRACT FROM AUTHOR]

Published

2024

3. Security Verification

Author

Tehranipoor, Mark, Nalla Anandakumar, N., Farahmandi, Farimah, Tehranipoor, Mark, Anandakumar, N. Nalla, and Farahmandi, Farimah

Published

2023

4. Digital Early Security Validation

Author

Hassan, Muhammad, Große, Daniel, Drechsler, Rolf, Hassan, Muhammad, Große, Daniel, and Drechsler, Rolf

Published

2023

5. An Automatically Verified Prototype of the Android Permissions System.

Author

Cristiá, Maximiliano, De Luca, Guido, and Luna, Carlos

Abstract

In a previous work we presented formal specifications of idealized formulations of the permission model of Android in the Coq proof assistant. This formal development is about 23 KLOC of Coq code, including proofs. In this work the Coq model is encoded in { l o g } (‘setlog’)—a satisfiability solver and a constraint logic programming language— which is then used to automatically discharge most of the proofs performed in Coq. We show how the Coq model is encoded in { l o g } and how automated proofs are performed. The resulting { l o g } model is an automatically verified executable prototype of the Android permissions system. Detailed data on the empirical evaluation resulting after executing all the proofs in { l o g } is provided. The integration of Coq and { l o g } as to provide a framework featuring automated proof and prototype generation is discussed. [ABSTRACT FROM AUTHOR]

Published

2023

6. A Framework to Verify the ABAC Policies in Web Applications

Author

Luong, Thanh-Nhan, Le, Hong-Anh, Vo, Dinh-Hieu, Truong, Ninh-Thuan, Xhafa, Fatos, Series Editor, Nguyen, Ngoc-Thanh, editor, Dao, Nhu-Ngoc, editor, Pham, Quang-Dung, editor, and Le, Hong Anh, editor

Published

2022

7. Formal Verification of Security Protocols: ProVerif and Extensions

Author

Yao, Jiangyuan, Xu, Chunxiang, Li, Deshun, Lin, Shengjun, Cao, Xingcan, Goos, Gerhard, Founding Editor, Hartmanis, Juris, Founding Editor, Bertino, Elisa, Editorial Board Member, Gao, Wen, Editorial Board Member, Steffen, Bernhard, Editorial Board Member, Yung, Moti, Editorial Board Member, Sun, Xingming, editor, Zhang, Xiaorui, editor, and Xia, Zhihua, editor

Published

2022

8. Construction of Side Channel Attack Resistant S-Boxes Using Genetic Algorithms Based on Coordinate Functions

Author

B. Khadem and S. Rajavzadeh

Subjects

substitution box (s-box), side channel attack (sca), coordinate functions, security properties, Computer engineering. Computer hardware, TK7885-7895, Science

Abstract

Background and Objectives: Substitution-box (S-Box) is one of the essential components creating confusion and nonlinear properties in cryptography. To strengthen a cipher against various attacks, including side channel attacks, these boxes need to have numerous security properties. In this paper, a novel S-Box construction method is introduced aimed at improving the resistance of S-Boxes against power analysis attacks.Methods: In the preprocessing phase of this approach, a suitable initial S-Box with some basic security properties was generated by adopting a fast algorithm. Then, in the main stage, using the initial S-Box, we generate new S-Boxes which not only have the properties of the initial S-Box but also have significantly improved under another set of security properties. To do this, new S-Boxes were generated using a genetic algorithm on a particular subset of the linear combination set of coordinate functions of the initial S-Box.Results: The performed experiments demonstrated that the values of all security properties of these new S-Boxes, especially the measures of transparency order, signal-to-noise ratio, confusion coefficient, bijection property, fixed point, and opposite fixed points, have been substantially improved. For example, our experiments indicate that 70, 220, 2071, 43, and 406 S-Boxes are found better than the initial S-Box, respectively, in the dimensions of 4×4 through 8×8Conclusion: In this paper, a new S-Box construction method is introduced where the properties related to side channel attacks are improved, without destroying other security features. Besides, some results obtained from generated S-Boxes in the dimensions of 4×4 through 8×8 demonstrated that the generated S-Boxes are not only improved relative to the initial S-Box, but also in certain cases, considerably better than some well-known S-Boxes.

Published

2022

9. Construction of Side Channel Attack Resistant S-Boxes Using Genetic Algorithms Based on Coordinate Functions.

Author

Khadem, B. and Rajav zade, S.

Subjects

SECURITY management, CRYPTOSYSTEMS, CELL phones, ALGEBRAIC immunity, GENETIC algorithms

Abstract

Background and Objectives: Substitution-Box (S-Box) is one of the essential components creating confusion and nonlinear properties in cryptography. To strengthen a cipher against various attacks, including side channel attacks, these boxes need to have numerous security properties. In this paper, a novel S-Box construction method is introduced aimed at improving the resistance of S-Boxes against power analysis attacks. Methods: In the preprocessing phase of this approach, a suitable initial S-Box with some basic security properties was generated by adopting a fast algorithm. Then, in the main stage, using the initial S-Box, we generate new S-Boxes which not only have the properties of the initial S-Box but also have significantly improved under another set of security properties. To do this, new S-Boxes were generated using a genetic algorithm on a particular subset of the linear combination set of coordinate functions of the initial S-Box. Results: The performed experiments demonstrated that the values of all security properties of these new S-Boxes, especially the measures of transparency order, signal-to-noise ratio, confusion coefficient, bijection property, fixed point, and opposite fixed points, have been substantially improved. For example, our experiments indicate that 70, 220, 2071, 43, and 406 S-Boxes are found better than the initial S-Box, respectively, in the dimensions of 4x4 through 8x8 Conclusion: In this paper, a new S-Box construction method is introduced where the properties related to side channel attacks are improved, without destroying other security features. Besides, some results obtained from generated S-Boxes in the dimensions of 4x4 through 8x8 demonstrated that the generated S-Boxes are not only improved relative to the initial S-Box, but also in certain cases, considerably better than some well-known S-Boxes. [ABSTRACT FROM AUTHOR]

Published

2022

10. Physical layer security for NOMA: limitations, issues, and recommendations.

Author

Melki, Reem, Noura, Hassan N., and Chehab, Ali

Abstract

More and more attention is being directed towards the Non-Orthogonal Multiple Access (NOMA) technology due to its many advantages such as high data rate, enhanced spectral and energy efficiency, massive connectivity, and low latency. On the other hand, secure data transmission remains a critical challenge in wireless communication systems since wireless channels are, in general, exposed. To increase the robustness of NOMA systems and overcome the issues related to wireless transmission, several Physical Layer Security (PLS) schemes have been recently presented. Unlike conventional security algorithms, this type of solutions exploits the dynamicity of the physical layer to secure data using a single iteration and minimum operations. In this paper, we survey the various NOMA-based PLS schemes in the literature, which target all kinds of security properties. From this study, we have noticed that the majority of the research work in this area is mainly focused on data confidentiality and privacy and not on other security properties such as device and source authentication, key generation, and message integrity. Therefore, we discuss the PLS data confidentiality schemes for NOMA and their limitations, challenges, and countermeasures, and we propose different methods to address the remaining security properties. [ABSTRACT FROM AUTHOR]

Published

2021

11. A Secure Anonymous Identity-Based Scheme in New Authentication Architecture for Mobile Edge Computing.

Author

Li, Yuting, Cheng, Qingfeng, Liu, Ximeng, and Li, Xinghua

Abstract

Mobile edge computing (MEC) provides computing and data storage capabilities within the range of the wireless access network close to the users, which is driving the need for new type of security technologies. Faced with rapid traffic growth and increasing user experience requirements, the existing security schemes can no longer meet the new requirements of real time and lightweight. New solutions that do not require complex calculations, such as identity-based cryptography, attract great attention from researchers. To meet these demands, we design a new authentication architecture for MEC environment, which provides secure and efficient communication. Based on this authentication architecture, an anonymous identity-based scheme is proposed for lightweight devices. In the meantime, user anonymity is also fully protected. The proposed scheme is proved to be secure under a specific security model. In addition, we describe the security properties our scheme meets. The comparisons of time consumption and communicational cost are given at the end of the article, to demonstrate that our scheme performs prior to several previous schemes. [ABSTRACT FROM AUTHOR]

Published

2021

12. Verifiably Encrypted Group Signatures

Author

Wang, Zhen, Luo, Xiling, Wu, Qianhong, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Okamoto, Tatsuaki, editor, Yu, Yong, editor, Au, Man Ho, editor, and Li, Yannan, editor

Published

2017

13. Tightly‐secure two‐pass authenticated key exchange protocol using twin Diffie–Hellman problem.

Author

Zeng, Runzhi and Wang, Libin

Abstract

Tight security is an important requirement of practical cryptographic schemes. Compared with loosely‐secure schemes, tightly‐secure schemes allow shorter security parameters hence are more efficient. In CRYPTO 2018, Gjøsteen and Jager proposed a tightly‐secure authenticated key exchange (AKE) protocol. They used 'commitment trick' to construct a tight security reduction for their protocol. However, this technique leads to a three‐pass execution in their protocol, and their protocol cannot achieve key confirmation unless it is modified to have a four‐pass execution. In this study, the authors propose a tightly‐secure two‐pass AKE protocol. They use the twin Diffie–Hellman problem and the 're‐patch' trick of random oracles to construct a tight security reduction for their protocol. This technique allows their protocol to have a two‐pass execution. Their protocol provides several security properties such as key‐compromise‐impersonation security, unknown‐key‐share security, and weak perfect forward secrecy. Moreover, a three‐pass variant of their protocol provides key confirmation. [ABSTRACT FROM AUTHOR]

Published

2020

14. Anonymity and rewards in peer rating systems1

Author

Elizabeth A. Quaglia, Lydia Garms, Giulia Traverso, and Siaw-Lynn Ng

Subjects

Scheme (programming language), Security properties, Computer Networks and Communications, Computer science, business.industry, media_common.quotation_subject, Internet privacy, Ring signature, Hardware and Architecture, Direct Anonymous Attestation, Rating system, Safety, Risk, Reliability and Quality, Set (psychology), business, computer, ComputingMilieux_MISCELLANEOUS, Software, Anonymity, computer.programming_language, Reputation, media_common

Abstract

When peers rate each other, they may rate inaccurately to boost their own reputation or unfairly lower another’s. This could be mitigated by having a reputation server incentivise accurate ratings with a reward. However, assigning rewards becomes challenging when ratings are anonymous, since the reputation server cannot tell which peers to reward for rating accurately. To address this, we propose an anonymous peer rating system in which users can be rewarded for accurate ratings, and we formally define its model and security requirements. In our system ratings are rewarded in batches, so that users claiming their rewards only reveal they authored one in this batch of ratings. To ensure the anonymity set of rewarded users is not reduced, we also split the reputation server into two entities, the Rewarder, who knows which ratings are rewarded, and the Reputation Holder, who knows which users were rewarded. We give a provably secure construction satisfying all the security properties required. For our construction we use a modification of a Direct Anonymous Attestation scheme to ensure that peers can prove their own reputation when rating others, and that multiple feedback on the same subject can be detected. We then use Linkable Ring Signatures to enable peers to be rewarded for their accurate ratings, while still ensuring that ratings are anonymous. Our work results in a system which allows accurate ratings to be rewarded, whilst still providing anonymity of ratings with respect to the central entities managing the system.

Published

2022

15. Formalizing ROS2 security configuration with Alloy

Author

Ribeiro, Luís Mário Macedo, Cunha, Alcino, Santos, André Filipe Faria, and Universidade do Minho

Subjects

SROS2, Observational determinism, Verificação de software, Security properties, Software verification, Alloy, Robotics, Determinismo observacional, Propriedades de segurança, Robótica, ROS2, Engenharia e Tecnologia::Engenharia Eletrotécnica, Eletrónica e Informática

Abstract

Dissertação de mestrado integrado em Informatics Engineering, Industrial manufacturing is becoming highly reliant on automation developments, as they bring more efficient and accurate processes, with lower associated costs. Consequently, robots are increasingly being deployed in a wide range of scenarios, especially where safety is demanded. In such cases, it is critical to employ appropriate procedures to verify both the system’s quality and safety. Following the current growth of cyber-physical systems, as well as their usage in various technology domains, the development of software applications is becoming more demanding due to the complexity behind the integration of complementing services, beyond those provided by the operating system. One of the most popular open-source software platforms for building robotic systems is the Robot Operating System (ROS) [53] middleware, where highly configurable robots are usually built by composing third-party modules. Robot Operating System 2 (ROS2) is implemented using the Data Distribution Service (DDS) [49] communication protocol. ROS2 implicitly makes use of the DDS-Security artefacts through the Secure Robot Operating System 2 (SROS2) security toolset. The present study focus on detecting security problems in ROS2 networks, in which it is intended to verify, through formal techniques, security properties. However, security is a very broad subject, so this study focuses on a particular security property to show the viability of the proposed technique, namely Observational Determinism (OD). This dissertation introduces a software tool, named Security Verification in ROS (svROS), that provides multiple functionalities to support this type of security analysis using Alloy [32], a formal specification language and analysis tool., A crescente implementação de processos automáticos tem motivado a reestruturação nos mais diversos setores industriais, com o objetivo de aumentar a eficiência e precisão dos mesmos, e consequentemente, reduzir os custos associados. Além disso, esta ideia levou à integração da robótica nos mais amplos domínios tecnológicos, especialmente onde a segurança é exigida. Nestes casos, é fundamental adotar técnicas apropriadas de forma a verificar tanto a qualidade do sistema, como a segurança do mesmo. Como resultado do atual crescimento dos sistemas ciber-físicos, nomeadamente sistemas robóticos, bem como a sua utilização em vários domínios tecnológicos, o desenvolvimento de aplicações tem vindo a ficar mais exigente, em particular devido à complexidade da integração dos serviços necessários, tipicamente não fornecidos pelo sistema operativo. Uma das plataformas considerada como standard no que toca ao desenvolvimento de sistemas robóticos é o middleware ROS [53], onde robôs altamente configuráveis são construídos através da composição modular de software externo, oferecendo características como flexibilidade e interoperabilidade aos sistemas integrados. O ROS2 implementa um protocolo de comunicação, de nome DDS [49], que, para além de garantir serviços de comunicação, implementa a especificação DDS-Security, que oferece diferentes métodos de adoção de segurança, através de uma metodologia de plugins. Através do uso desta especificação, juntamente com o uso do toolset SROS2, é possível configurar o ROS2 de forma a proporcionar um ambiente seguro às aplicações integradas. O presente trabalho foca-se no estudo e deteção de problemas de segurança em topologias ROS2, através da verificação formal de propriedades de segurança. No entanto, a segurança é um assunto extenso, pelo que o foco de interesse nesta tese é numa propriedade particular de segurança para mostrar a viabilidade da presente técnica, de nome OD. Esta dissertação introduz a uma ferramenta de verificação de nome svROS, que contempla múltiplas funcionalidades para suportar este tipo de análise usando Alloy [32], uma linguagem de especificação formal e respectiva ferramenta de análise., This work is financed by National Funds through the Portuguese funding agency, FCT - Fundação para a Ciência e a Tecnologia, within project LA/P/0063/2020.

Published

2022

16. Security of a Key System of a Fiscal Feature.

Author

Gorbatov, V. S., Zhukov, I. Yu., and Murashov, O. N.

Abstract

Abstract: This paper describes the protocol for generating a master key for a system for exchanging fiscal features, generating a fiscal feature key with authentication of the means for generating and verifying fiscal features that are installed on the fiscal drive and in the equipment of fiscal data operators and the authorized body. This protocol is based on the use of known domestic cryptographic transformations and is aimed at ensuring the integrity and authenticity of data transmitted through the communication channel between the means of formation and means of verification of fiscal features. The protocol was developed in accordance with the recommendations of Rosstandart regarding the principles of the development and modernization of encryption (cryptographic) means of information protection and was issued in the form of a draft national standard proposed for public discussion and approval in accordance with the established procedure. The main result of this study is the formulation of certain security properties that are identical to those objectives that the intruder sets for the purpose of compromise. Already at the stage of creating a protocol, taking into account methods of compromise makes it possible to establish such structural features in this protocol that would ensure the fulfillment of specified security properties and the subsequent justification of their sufficiency. [ABSTRACT FROM AUTHOR]

Published

2018

17. A Higher Education.

Author

Lasbahani, Abdellatif, Chhiba, Mostafa, and Tabyaoui, Abdelmoumen

Subjects

INDUSTRIAL safety, HIGHER education, DATA encryption, DIGITAL signatures, DATA integrity, SOURCE code, SYSTEMS development

Abstract

Recently, many research studies have suggested the integration of safety engineering at an early stage of modeling and system development using Model-Driven Architecture (MDA). This concept consists in deploying the UML (Unified Modeling Language) standard as aprincipal metamodel for the abstractions of different systems. To our knowledge, most of this work has focused on integrating security requirements after the implementation phase without taking them into account when designing systems. In this work, we focused our efforts on non-functional aspects such as the business logic layer, data flow monitoring, and high-quality service delivery. Practically, we have proposed a new UML profile for security integration and code generation for the Java platform. Therefore, the security properties will be described by a UML profile and the OCL language to verify the requirements of confidentiality, authorization, availability, data integrity, and data encryption. Finally, the source code such as the application security configuration, the method signatures and their bodies, the persistent entities and the security controllers generated from sequence diagram of system’s internal behavior after its extension with this profile and applying a set of transformations. [ABSTRACT FROM AUTHOR]

Published

2018

18. An Automatically Verified Prototype of the Tokeneer ID Station Specification

Author

Maximiliano Cristiá and Gianfranco Rossi

Subjects

FOS: Computer and information sciences, Security properties, Computer science, Programming language, Carry (arithmetic), ComputerApplications_COMPUTERSINOTHERSYSTEMS, computer.software_genre, Software Engineering (cs.SE), Set (abstract data type), Computer Science - Software Engineering, Ada, Development (topology), Computational Theory and Mathematics, SPARK (programming language), Artificial Intelligence, State (computer science), computer, Software, Set constraint, computer.programming_language

Abstract

The Tokeneer project was an initiative set forth by the National Security Agency (NSA, USA) to be used as a demonstration that developing highly secure systems can be made by applying rigorous methods in a cost-effective manner. Altran UK was selected by NSA to carry out the development of the Tokeneer ID Station. The company wrote a Z specification later implemented in the SPARK Ada programming language, which was verified using the SPARK Examiner toolset. In this paper, we show that the Z specification can be readily and naturally encoded in the $$\{log\}$$ set constraint language, thereby generating a functional prototype. Furthermore, we show that $$\{log\}$$ ’s automated proving capabilities can discharge all the proof obligations concerning state invariants as well as important security properties. As a consequence, the prototype can be regarded as correct with respect to the verified properties. This provides empirical evidence that Z users can use $$\{log\}$$ to generate correct prototypes from their Z specifications. In turn, these prototypes enable or simplify some verification activities discussed in the paper.

Published

2021

19. A Systematic Literature Review of Blockchain Technology: Security Properties, Applications and Challenges

Author

Tuan-Vinh Le and Chien-Lung Hsu

Subjects

Security properties, Cryptocurrency, Systematic review, Blockchain, Third party, Computer Networks and Communications, Process (engineering), Computer science, Robustness (economics), Computer security, computer.software_genre, computer, Software

Abstract

Blockchain technology has been known as a cryptocurrency platform since the emergence of its first and largest application, bitcoin. Blockchain contributes to the process of changing low-trust centralized transaction ledger held by a single third party, to high-trust decentralized form held by different verifying nodes. Due to its decentralized nature and security robustness, blockchain has big potentials to be applied in various fields beyond cryptocurrency. This paper aims to provide readers a more complete literature review of blockchain, compared with existing works. We introduce and explain various security properties of blockchain, provide a taxonomy of blockchain-based applications, and discuss challenges of blockchain in terms of security and performance. Furthermore, some research directions are given in the last section of the paper.

Published

2021

20. Pairing-Free and Secure Certificateless Signcryption Scheme.

Author

HUIFANG YU and BO YANG

Subjects

*DATA encryption, *CRYPTOGRAPHY, *INTERNET auctions, *EMAIL systems, *COMPUTER security

Abstract

Certificateless signcryption (CLSC) can simultaneously fulfill certificateless encryption and certificateless signature; however, most CLSC schemes need costly computational overhead due to the usage of pairing operations. How to improve its computational efficiency is a very significant research problem. In this paper, we propose a pairing-free and secure CLSC scheme. In the random oracle model, the proposed scheme is indistinguishability against adaptive chosen-ciphertext attacks secure in confidentiality and unforgeability against adaptive chosen-message attacks secure in unforgeability. In the new scheme, only a designated receiver can recover the message, and a third party can verify the validity of a signcrypted text without knowing the receiver's secret value. In addition, this cryptographic algorithm is very appropriate to applications in online auction, email system and private contractual signature. [ABSTRACT FROM AUTHOR]

Published

2017

21. Enclaves in the Clouds

Author

Jennifer Cobbe, Do Le Quoc, Zahra Tarkhani, and Jatinder Singh

Subjects

Security properties, 021110 strategic, defence & security studies, Scrutiny, General Computer Science, Computer science, business.industry, Data management, 0211 other engineering and technologies, 020207 software engineering, 02 engineering and technology, Public administration, Computer security, computer.software_genre, Software, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), Confidentiality, business, computer, Host (network)

Abstract

Trusted Execution Environments ('TEEs') or 'secure enclaves' aim at enabling more secure computation and data management. There is much enthusiasm for this technology, not least as we see increasing legal and regulatory attention on issues of security, privacy, and data management and use. With cloud providing the infrastructure for underpinning applications, data processing and analytics/ML, access to enclaves and enclave-backed technologies are increasingly being offered by service (cloud) providers - with the technology described as enabling confidential computing . This paper provides a high-level overview of the common security properties provided by enclaves, and considers how such technology, in being offered by cloud providers, relates to organizational legal and regulatory concerns. Focusing on data protection regulations, we explore the aspects of TEEs that might assist compliance, and who stands to benefit from the deployment of such technology in a service provision context.

Published

2020

22. The distributed ledgers ensuring privacy-preserving transactions

Author

Sergey V. Zapechnikov

Subjects

Security properties, Cryptographic primitive, lcsh:T58.5-58.64, Computer science, lcsh:Information technology, Homomorphic encryption, General Medicine, Computer security, computer.software_genre, Mathematical proof, lcsh:Q350-390, distributed ledger, blockchain technologies, cryptocurrency, consensus, state machine replication, confidentiality, Development (topology), Ring signature, lcsh:Information theory, Database transaction, computer

Abstract

The paper is devoted to the actual problem of ensuring privacy during performing transactions in distributed ledgers. We discuss various aspects of transaction privacy, as well as the specifics of setting the problem for distributed ledgers with two main models for representing participants' balances: the UTXO-model and the account model. Based on these results, we outline definitions and consider security properties of the main cryptographic primitives used for preserving the privacy of transactions: mixers, ring signatures, homomorphic encryption, and zero-knowledge proofs. We analyze well-known solutions for distributed ledgers based on the UTXO-model, such as Zcash, Monero, Zcoin, Dash, CoinShuffle, Verge, Grin, and others, as well as for systems based on the account model: DSC, Zether, Zeth, BlockMaze. Based on the comparison of advantages, disadvantages, and limitations for existing solutions, conclusions are drawn about the future development of distributed ledgers that ensure the privacy of transactions, and new research tasks are outlined.

Published

2020

23. Automated Proof of Bell–LaPadula Security Properties

Author

Maximiliano Cristiá and Gianfranco Rossi

Subjects

Security properties, Property (philosophy), Finite-state machine, Theoretical computer science, Computer science, 020207 software engineering, 0102 computer and information sciences, 02 engineering and technology, computer.file_format, Mathematical proof, 01 natural sciences, Computational Theory and Mathematics, Fully automated, 010201 computation theory & mathematics, Artificial Intelligence, 0202 electrical engineering, electronic engineering, information engineering, State (computer science), Set theory, Executable, computer, Software

Abstract

Almost 50 years ago, D. E. Bell and L. LaPadula published the first formal model of a secure system, known today as the Bell–LaPadula (BLP) model. BLP is described as a state machine by means of first-order logic and set theory. The authors also formalize two state invariants known as security condition and *-property. Bell and LaPadula prove that all the state transitions preserve these invariants. In this paper we present a fully automated proof of the security condition and the *-property for all the model operations. The model and the proofs are coded in the $$\{log\}$$ tool. As far as we know this is the first time such proofs are automated. Besides, we show that the $$\{log\}$$ model is also an executable prototype. Therefore we are providing an automatically verified executable prototype of BLP.

Published

2020

24. Modeling security properties of authentication of cryptographic protocols using spin formal verification

Author

L.K. Babenko and E.A. Perevyshina

Subjects

Security properties, Authentication, Computer science, business.industry, 0202 electrical engineering, electronic engineering, information engineering, 020207 software engineering, 02 engineering and technology, Cryptographic protocol, business, Formal verification, Computer network, Spin-½

Abstract

To assess the quality and security of cryptographic protocols, we use various formal verification tools, such as Scyther tool, Avispa, ProVerif. these formal verifiers can check the protocol for vulnerability to attacks on secrecy and authentication, as these are the most prevalent attacks on protocols. However, this is not enough to fully analyze the security of the protocol. In this article, we will use linear temporal logic (LTL) model checking with SPIN. This tool, unlike the formal verifiers listed above, is not designed for a specific application in the context of cryptographic protocols; however, it has a very wide range of possibilities. In particular, for each security property, it is possible to describe the behavior of an attacker and test for the stability of the protocol model to its various attacks. The purpose of this work is to describe the developed methodology for verifying the security of authentication properties using the SPIN verifier.

Published

2020

25. Lessons Learned: Analysis of PUF-based Authentication Protocols for IoT

Author

Karim Lounis and Mohammad Zulkernine

Subjects

Security properties, Authentication, Service (systems architecture), Computer Networks and Communications, business.industry, Computer science, Computer security, computer.software_genre, Computer Science Applications, ComputingMilieux_MANAGEMENTOFCOMPUTINGANDINFORMATIONSYSTEMS, Hardware and Architecture, Data integrity, Authentication protocol, Research community, Confidentiality, Internet of Things, business, Safety Research, computer, Software, Information Systems

Abstract

The service of authentication constitutes the spine of all security properties. It is the phase where entities prove their identities to each other and generally establish and derive cryptographic keys to provide confidentiality, data integrity, non-repudiation, and availability. Due to the heterogeneity and the particular security requirements of IoT (Internet of Things), developing secure, low-cost, and lightweight authentication protocols has become a serious challenge. This has excited the research community to design and develop new authentication protocols that meet IoT requirements. An interesting hardware technology, called PUFs (Physical Unclonable Functions), has been the subject of many subsequent publications on lightweight, low-cost, and secure-by-design authentication protocols. This has turned our attention to investigate the most recent PUF-based authentication protocols for IoT. In this paper, we review the security of these protocols. We first provide the necessary background on PUFs, their types, and related attacks. Also, we discuss how PUFs are used for authentication. Then, we analyze the security of PUF-based authentication protocols to identify and report common security issues and design flaws, as well as to provide recommendations for future authentication protocol designers.

Published

2022

26. SoK: Analysis of Software Supply Chain Security by Establishing Secure Design Properties

Author

Chinenye Okafor, Taylor R. Schorlemmer, Santiago Torres-Arias, and James C. Davis

Subjects

Software Supply Chain Attacks, Other Computer Engineering, Security Properties, Information Security, Collaborative Software Engineering, Software Engineering, Software Reuse

Abstract

This paper systematizes knowledge about secure software supply chain patterns. It identifies four stages of a software supply chain attack and proposes three security properties crucial for a secured supply chain: transparency, validity, and separation. The paper describes current security approaches and maps them to the proposed security properties, including research ideas and case studies of supply chains in practice. It discusses the strengths and weaknesses of current approaches relative to known attacks and details the various security frameworks put out to ensure the security of the software supply chain. Finally, the paper highlights potential gaps in actor and operation-centered supply chain security techniques.

Published

2022

27. Formal Analysis of Security Models for Mobile Devices, Virtualization Platforms, and Domain Name Systems

Author

Gustavo Betarte and Carlos Luna

Subjects

Formal modelling, Security properties, Coq proof assistant, JME-MIDP, Virtualization, Electronic computers. Computer science, QA75.5-76.95

Abstract

In this work we investigate the security of security-critical applications, i.e. applications in which a failure may produce consequences that are unacceptable. We consider three areas: mobile devices, virtualization platforms, and domain name systems. The Java Micro Edition platform defines the Mobile Information Device Profile (MIDP) to facilitate the development of applications for mobile devices, like cell phones and PDAs. We first study and compare formally several variants of the security model specified by MIDP to access sensitive resources of a mobile device. Hypervisors allow multiple guest operating systems to run on shared hardware, and offer a compelling means of improving the security and the flexibility of software systems. In this work we present a formalization of an idealized model of a hypervisor. We establish (formally) that the hypervisor ensures strong isolation properties between the different operating systems, and guarantees that requests from guest operating systems are eventually attended. We show also that virtualized platforms are transparent, i.e. a guest operating system cannot distinguish whether it executes alone or together with other guest operating systems on the platform. The Domain Name System Security Extensions (DNSSEC) is a suite of specifications that provides origin authentication and integrity assurance services for DNS data. We finally introduce a minimalistic specification of a DNSSEC model which provides the grounds needed to formally state and verify security properties concerning the chain of trust of the DNSSEC tree. We develop all our formalizations in the Calculus of Inductive Constructions —formal language that combines a higher-order logic and a richly-typed functional programming language— using the Coq proof assistant.

Published

2015

28. On the Verification of Opacity in Web Services and Their Composition.

Author

Bourouis, Amina, Klai, Kais, Hadj-Alouane, Nejib Ben, and Touati, Yamen El

Abstract

Web service (WS) providers need to restrain access to private information when cooperating with business partners. This need is translated in practice by an abstraction phase where inner data is withheld from public view. However, just like hiding encryption keys is not enough to prove the secrecy of information in a communication protocol, this procedure cannot prove the goal of secrecy is attained. Security related literature has turned in the past couple of decades to a new, formal, security property, i.e., opacity, to both hide and prove the privacy of secrets. Following our previous work on the use of the Symbolic Observation Graph (SOG), on one hand, to abstract and compose Web services, and to verify the opacity of systems on the other, we show in this paper how the verification of three different types of opacity in SOG-abstracted WSs is translated to the opacity of their composites. We hence establish that the SOG is a suitable abstraction that allows to check these opacity variants locally to each component of a composite WS, and preserves opacity by composition (i.e., each WS component is opaque iff the composite WS is). [ABSTRACT FROM PUBLISHER]

Published

2017

29. Leakage‐resilient message authentication code scheme based on hidden identity weak hash proof system.

Author

Wang, Bin

Abstract

Hazay et al. initiated the formal study of leakage‐resilient message authentication code (MAC) and presented a MAC scheme that is both leakage resilient and unforgeable against chosen message and no verification query attack (uf‐cm‐nvq). As the communication overhead of their construction is linear with the parameters that control the leakage bound, their scheme sacrifices efficiency in exchange for leakage resilience. In this study, the authors study the problem of designing leakage‐resilient MACs in the public‐key setting with acceptable communication efficiency. In particular, a notion called 'hidden identity weak hash proof system'(HID‐wHPS) is introduced. Then a generic MAC construction is presented under the abstraction framework of HID‐wHPS. Security properties guaranteed by HID‐wHPS enable us to prove the author's construction to be both leakage resilient and uf‐cm‐nvq in a modular way. Finally, performance analysis shows that their MAC construction yields improved tagging‐key size, tag size as well as computation overhead under the given leakage bound. [ABSTRACT FROM AUTHOR]

Published

2016

30. Checking SysML Models Against Safety and Security Properties

Author

Pierre de Saqui-Sannes, Rob A. Vingerhoeds, Ludovic Apvrille, Institut Supérieur de l'Aéronautique et de l'Espace (ISAE-SUPAERO), Département Communications & Electronique (COMELEC), Télécom ParisTech, System on Chip (LabSoC), Laboratoire Traitement et Communication de l'Information (LTCI), Institut Mines-Télécom [Paris] (IMT)-Télécom Paris-Institut Mines-Télécom [Paris] (IMT)-Télécom Paris, Institut Polytechnique de Paris (IP Paris), Institut Supérieur de l'Aéronautique et de l'Espace - ISAE-SUPAERO (FRANCE), and Télécom Paris (FRANCE)

Subjects

Model checking, Computer science, Aerospace Engineering, 0102 computer and information sciences, 02 engineering and technology, 01 natural sciences, Model Checking, Unified Modeling Language, Systems Modeling Language, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, SysML, Real-time operating system, computer.programming_language, Security properties, business.industry, 020207 software engineering, Open source software, Computer Science Applications, Cockpit, 010201 computation theory & mathematics, Asynchronous communication, Security, [INFO.INFO-ES]Computer Science [cs]/Embedded Systems, Safety, Software engineering, business, computer, Recherche opérationnelle

Abstract

International audience; Systems engineering, or engineering in general, has long been relying on document-centric approaches. Switching to model-based systems engineering, or MBSE for short, has extensively been discussed over the past three decades. Since about two decades, MBSE has been commonly associated with the modeling language SysML (Systems Modeling Language), which offers a standardized notation, not a methodology of using it. SysML needs therefore to be associated with a methodology supported by tools. In this paper, a methodology supported by the free and open-source software TTool is associated with SysML. This paper focuses discussion on methodological issues, leading the authors to share their experience in real-time systems modeling. Modeling with SysML is more than just drawing the different diagrams. Associated tools offer possibilities to analyze SysML models for specific properties. In this paper, verification addresses both safety and security properties. The TTool model checker inputs the SysML model enriched with safety properties to be verified and outputs an yes/no answer for each property. Security verification checks SysML models against confidentiality, integrity, and authenticity properties. As an illustration of the proposed approach, an aircraft cockpit door control system is modeled in SysML and verified against safety and security properties.

Published

2021

31. Leader election protocol based on external RNG services

Author

Aline Gouget, Jacques Patarin, and Ambre Toulemonde

Subjects

Security properties, Leader election, Computer science, Process (engineering), media_common.quotation_subject, Service provider, Computer security, computer.software_genre, Power consumption, Voting, Scalability, computer, Protocol (object-oriented programming), media_common

Abstract

A leader election or consensus protocol for distributed systems is the process of selecting a leader among a group of entities to handle the decision around what information should be added to the ledger. With the advent of blockchain, several consensus protocols have been proposed to overcome the issues of the Bitcoin Proof-of-Work consensus protocol such as intensive power consumption and selfish strategies. In this paper, we propose a new leader election protocol that relies on external random number generator (RNG) services named Leader Election Protocol based on Trusted RNG Service Providers (LEP-TSP). External RNG services enable to reduce computation cost to elect a leader and strengthen the fairness requirement of uniform probability of being leader. First, we present a formal model of LEP-TSP based on the model proposed by Boneh et al. on the Single secret leader election. Then, we provide a construction of LEP-TSP and show that it achieves required security properties while more than 2/3 of participants are honest.

Published

2021

32. Function and safety evaluation of Staphylococcus epidermidis with high esterase activity isolated from strong flavor Daqu.

Author

Xu, Pei, Yang, Han, Tian, Lei, Guo, Qingyan, Chen, Hang, Wei, Xinyue, Liu, Ying, He, Zongjun, Zhang, Jiaxu, Luo, Jing, Li, Dong, and Guan, Tongwei

Subjects

*STAPHYLOCOCCUS epidermidis, *SHORT-chain fatty acids, *FLAVOR, *FREE fatty acids, *LINEZOLID, *ETHYL acetate, *STAPHYLOCOCCUS

Abstract

This study was aimed at evaluating the safety of Staphylococcus epidermidis YTPW-4 isolated from strong flavor Daqu and its beneficial functional characteristics in Baijiu -making. The content of ethyl caproate catalyzed by crude enzyme solution of Staphylococcus epidermidis YTPW-140 was 583.09 mg/100 mL, and the activity of esterase was 2.13 U/mL. Vancomycin, erythromycin, and gentam were sensitive to the strain, which was negative for the causative gene, hemolytic activity, and biofilm formation capacity. In addition, the strain was selected for laboratory-scale fermentation using HS-SPME-GCMS and statistical analysis to confirm its role in the production of flavor compounds. Propyl-3-methylbutyrate, hexanoic acid, and ethyl acetate had higher contents after fermentation than other flavor compounds, at 530.40 μg/L, 471.07 μg/L, and 297.33 μg/L, respectively. There was also a small amount of ethyl hexanoate in these products. Esterase could increase the levels of short-chain free fatty acids, which were precursors of flavor compounds. Most importantly, the isolate maintained viability under simulated pit conditions, and was resistant to pH 3.5 and 8% ethanol. These results indicated that the strain had the potential to be used as a starter to improve the quality of Nongxiangxing baijiu. [Display omitted] • Staphylococci are commonly detected in Daqu. • Staphylococcus epidermidis YTPW-4 showed high esterase activity. • Safety assessment and functional properties of S. epidermidis YTPW-4 were evaluated. • S. epidermidis YTPW-4 is suitable as starter culture in Nongxiangxing baijiu. [ABSTRACT FROM AUTHOR]

Published

2023

33. A systematic review on security metric in secure software development lifecycle

Author

G.C. Sampada, Amrita, and T.I. Sake

Subjects

Software development process, Security properties, Software, Risk analysis (engineering), business.industry, Computer science, Process (engineering), Software security assurance, Security metric, Confidentiality, Security assessment, business

Abstract

A security metric evaluates the security performance, goals, and objectives of software and provides information that helps in the assessment of software security. With the advancement in technology, software is faced with lots of threats and risks to customers’ data and privacy. Most of these threats are a result of security being considered as a feature of software and not taking it into account during the development of the software. Security metrics obtained during the development process go a long way to improve the core security properties of software, that is: confidentiality, integrity, and availability. Thus, it is of obvious importance to consider security across the software development lifecycle, hence, the use of software security metrics. This paper reviews the various security metrics that are meditated in the copious phases during the progression of the lifecycle with the aim of providing practitioners, managers, and researchers the substantial knowledge for further security assessment.

Published

2021

34. Formal Analysis of Android's Permission-Based Security Model.

Author

BETARTE, Gustavo, CAMPO, Juan, LUNA, Carlos, and ROMANO, Agustín

Subjects

COMPUTER security, CALCULUS, TAGS (Metadata), MATHEMATICAL models, MATHEMATICAL proofs

Abstract

In this work we present a comprehensive formal specification of an idealized formulation of Android's permission model. Permissions in Android are basically tags that developers declare in their applications, more precisely in the so-called application manifest, to gain access to sensitive resources. Several analyses have recently been carried out concerning the security of the Android system. Few of them, however, pay attention to the formal aspects of the permission enforcing framework. We provide a complete and uniform formulation of several security properties using the higher order logic of the Calculus of Inductive Constructions and sketch the proofs that have been developed and verified using the Coq proof assistant. We also analyze how the changes introduced in the latest version of Android, that allows to manage permissions at runtime, impact the presented model. [ABSTRACT FROM AUTHOR]

Published

2016

35. Security assurance cases—state of the art of an emerging approach

Author

Riccardo Scandariato, Jan-Philipp Steghöfer, and Mazen Mohamad

Subjects

Security properties, Computer science, Structured argumentation, business.industry, media_common.quotation_subject, Automotive industry, 020207 software engineering, 02 engineering and technology, Field (computer science), Systematic review, Risk analysis (engineering), State (polity), Software security assurance, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, business, Software, media_common

Abstract

Security Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

Published

2021

36. Unpredictability properties in Algorand consensus protocol

Author

Ambre Toulemonde, Jacques Patarin, and Aline Gouget

Subjects

Security properties, Leader election, Property (philosophy), biology, Generic property, Computer science, media_common.quotation_subject, Context (language use), biology.organism_classification, Computer security, computer.software_genre, Chen, Voting, Protocol (object-oriented programming), computer, media_common

Abstract

The Algorand consensus protocol, introduced by Chen and Micali in 2016, uses a pure proof-of-stake protocol based on Byzantine agreement rather than the well-known Bitcoin proof-of-work. In this paper, we analyze specific security properties of Algorand related to "unpredictability". The unpredictability property has been initially defined by Boneh et al. in the context of single secret leader election. We show that Algorand satisfies the original unpredictability property. Then, we extend the unpredictability property to a more generic property referred to as "t-forward unpredictability" and show that for a particular setting of Algorand, the t-forward unpredictability property is not satisfied. Specifically, we provide a strategy enabling to predict the future leaders.

Published

2021

37. BUFFing signature schemes beyond unforgeability and the case of post-quantum signatures

Author

Cas Cremers, Rune Fiedler, Samed Duzlu, Marc Fischlin, and Christian Janson

Subjects

Scheme (programming language), Security properties, Theoretical computer science, Transformation (function), Digital signature, Computer science, NIST, computer, Quantum, Formal description, Signature (logic), computer.programming_language

Abstract

Modern digital signature schemes can provide more guarantees than the standard notion of (strong) unforgeability, such as offering security even in the presence of maliciously generated keys, or requiring to know a message to produce a signature for it. The use of signature schemes that lack these properties has previously enabled attacks on real-world protocols. In this work we revisit several of these notions beyond unforgeability, establish relations among them, provide the first formal definition of non re-signability, and a transformation that can provide these properties for a given signature scheme in a provable and efficient way.Our results are not only relevant for established schemes: for example, the ongoing NIST PQC competition towards standardizing post-quantum signature schemes has six finalists in its third round. We perform an in-depth analysis of the candidates with respect to their security properties beyond unforgeability. We show that many of them do not yet offer these stronger guarantees, which implies that the security guarantees of these post-quantum schemes are not strictly stronger than, but instead incomparable to, classical signature schemes. We show how applying our transformation would efficiently solve this, paving the way for the standardized schemes to provide these additional guarantees and thereby making them harder to misuse.

Published

2021

38. On Security Properties of All-or-nothing Transforms

Author

Navid Nasr Esfahani and Douglas R. Stinson

Subjects

Discrete mathematics, Security properties, business.industry, Applied Mathematics, No reference, 020206 networking & telecommunications, Cryptography, 0102 computer and information sciences, 02 engineering and technology, 05B30 (Primary) 94A60 (Secondary), 01 natural sciences, Computer Science Applications, 010201 computation theory & mathematics, If and only if, Nothing, FOS: Mathematics, 0202 electrical engineering, electronic engineering, information engineering, Bijection, Probability distribution, Mathematics - Combinatorics, Combinatorics (math.CO), Alphabet, business, Mathematics, Computer Science::Cryptography and Security

Abstract

All-or-nothing transforms have been defined as bijective mappings on all s-tuples over a specified finite alphabet. These mappings are required to satisfy certain "perfect security" conditions specified using entropies of the probability distribution defined on the input s-tuples. Alternatively, purely combinatorial definitions of AONTs have been given, which involve certain kinds of "unbiased arrays". However, the combinatorial definition makes no reference to probability definitions. In this paper, we examine the security provided by AONTs that satisfy the combinatorial definition. The security of the AONT can depend on the underlying probability distribution of the s-tuples. We show that perfect security is obtained from an AONT if and only if the input s-tuples are equiprobable. However, in the case where the input s-tuples are not equiprobable, we still achieve a weaker security guarantee. We also consider the use of randomized AONTs to provide perfect security for a smaller number of inputs, even when those inputs are not equiprobable.

Published

2021

39. Secure LoRa Firmware Update with Adaptive Data Rate Techniques

Author

Jim Plusquellic, Derek Heeger, Maeve Garigan, and Eirini Eleni Tsiropoulou

Subjects

LPWAN, Computer science, Reliability (computer networking), 02 engineering and technology, computer.software_genre, Data rate, lcsh:Chemical technology, Biochemistry, LoRa, Article, Analytical Chemistry, 0202 electrical engineering, electronic engineering, information engineering, Code (cryptography), Wireless, lcsh:TP1-1185, Electrical and Electronic Engineering, Instrumentation, Security properties, cattle monitoring, Firmware, business.industry, Process (computing), 020206 networking & telecommunications, Atomic and Molecular Physics, and Optics, firmware update, Embedded system, 020201 artificial intelligence & image processing, business, computer

Abstract

Internet of Things (IoT) devices rely upon remote firmware updates to fix bugs, update embedded algorithms, and make security enhancements. Remote firmware updates are a significant burden to wireless IoT devices that operate using low-power wide-area network (LPWAN) technologies due to slow data rates. One LPWAN technology, Long Range (LoRa), has the ability to increase the data rate at the expense of range and noise immunity. The optimization of communications for maximum speed is known as adaptive data rate (ADR) techniques, which can be applied to accelerate the firmware update process for any LoRa-enabled IoT device. In this paper, we investigate ADR techniques in an application that provides remote monitoring of cattle using small, battery-powered devices that transmit data on cattle location and health using LoRa. In addition to issues related to firmware update speed, there are significant concerns regarding reliability and security when updating firmware on mobile, energy-constrained devices. A malicious actor could attempt to steal the firmware to gain access to embedded algorithms or enable faulty behavior by injecting their own code into the device. A firmware update could be subverted due to cattle moving out of the LPWAN range or the device battery not being sufficiently charged to complete the update process. To address these concerns, we propose a secure and reliable firmware update process using ADR techniques that is applicable to any mobile or energy-constrained LoRa device. The proposed system is simulated and then implemented to evaluate its performance and security properties.

Published

2021

40. P2T: Pay to Transport

Author

Claudio Schifanella and Fadi Barbara

Subjects

Security properties, Blockchain, business.industry, Computer science, Transportation, 020206 networking & telecommunications, Tracking system, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Article, Privacy preserving, Privacy, 010201 computation theory & mathematics, Scripting language, P2SH, 0202 electrical engineering, electronic engineering, information engineering, Bitcoin, business, Protocol (object-oriented programming), computer

Abstract

We present Pay To Transport (P2T), a protocol that lets customers buy an item remotely in an atomic, privacy preserving and trustless manner. P2T needs only basic features of a blockchain scripting language and does not need any tracking systems, arbitrator or deposit to preserve its security properties. For this reason the protocol can be implemented on any permissionless blockchain, regardless of its scripting language, without additional trust. Merchants’ and transporters’ addresses are public, but in P2T the parties never pay those addresses directly. Therefore P2T maintains the privacy of customers, merchant and transporters.

Published

2021

41. Black-Box Testing for Security-Informed Safety of Automated Driving Systems

Author

Martin A. Skoglund, Hans Hansson, Sasikumar Punnekkat, and Fredrik Warg

Subjects

Computer science, White-box testing, Certification, Dependability, 01 natural sciences, Bridging (programming), Automated Driving Systems, 0502 economics and business, Feature (machine learning), Inbäddad systemteknik, Black-box testing, Set (psychology), Security properties, 050210 logistics & transportation, Class (computer programming), Safety Assessment, business.industry, 010401 analytical chemistry, 05 social sciences, 0104 chemical sciences, Test (assessment), Security, Safety, Software engineering, business, Embedded Systems

Abstract

An evaluation of safety and security properties performed by an independent organisation can be an important step towards establishing trust in Automated Driving Systems (ADS), bridging the gap between the marketing portrayal and the actual performance of such systems in real operating conditions. However, due to the complexity of an ADS’s behaviour and dangers involved in performing real environment security attacks, we believe assessments that can be performed with a combination of simulation and validation at test facilities is the way forward.In this paper, we outline an approach to derive test suites applicable to generic ADS feature classes, where classes would have similar capabilities and comparable assessment results. The goal is to support black box testing of such feature classes as part of an independent evaluation. By the means of co-simulation of post-attack behaviour and critical scenarios, we derive a representative set of physical certification tests, to gain an understanding of the interplay between safety and security. During the initial tests an ADS is subjected to various attacks and its reactions recorded. These reactions such as reduced functionality, fall back etc., together with relevant scenarios for the class is further analysed to check for safety implications. HEADSTART

Published

2021

42. A Formal Approach to Secure Design of RESTful Web APIs Using SOFL

Author

Busalire Onesmus Emeka, Soichiro Hidaka, and Shaoying Liu

Subjects

Security properties, Application programming interface, Dataflow, Computer science, business.industry, Formal language, Functional requirement, Formal methods, Conformance testing, Software engineering, business, Web API

Abstract

A primary concern in the design and development of a RESTful Application Programming Interfaces (APIs) is API security. A RESTful API provides data over the network using HTTP and must not violate any of its security properties. When APIs are designed, the functional and security properties are inextricably linked thus security requirements of an API cannot be treated as afterthoughts. We therefore propose an approach to specifying and verifying APIs functional and security requirements with the practical formal method SOFL (Structured-Object-oriented Formal Language). We convert an API specification written in an API description language into SOFL while expressing security requirements as constraints on the APIs functional requirements and dataflow between the API’s trust boundaries. The verification of the specifications can be carried out using specification-based conformance testing. We apply this approach to a model of an online banking API as a case study using Django REST Framework and analyze its results.

Published

2021

43. Constructions of Keyed Hash Functions

Author

Marc Fischlin and Arno Mittelbach

Subjects

Security properties, Collision resistance, Theoretical computer science, Computer science, Hash function

Abstract

In the previous chapters we studied constructions of hash functions in the unkeyed (resp. publicly keyed) setting for security properties such as collision resistance or second-preimage resistance.

Published

2021

44. Formal Analysis of EDHOC Key Establishment for Constrained IoT Devices

Author

Alessandro Bruni, Vaishnavi Sundararajan, and Karl Norrman

Subjects

Security properties, Key establishment, business.industry, Computer science, Energy consumption, Message size, Computer security, computer.software_genre, Internet of Things, business, computer, Protocol (object-oriented programming)

Abstract

The IETF is standardizing an authenticated key establishment (AKE) protocol named EDHOC for constrained IoT devices. In contrast to more powerful devices like web cameras and cars, which receive a lot of media attention, such devices operate under severe energy consumption and message size restrictions. EDHOC was first formally analyzed in 2018 by Bruni et al. Since then, the protocol has been significantly extended and now has three new key establishment methods. In this paper, we formally analyze all methods of EDHOC in a symbolic Dolev-Yao model, using the Tamarin verification tool. We show that the different methods provide sensible, but also rather heterogeneous security properties, and discuss various consequences of this. Our work has also led to improvements in the design and the specification of EDHOC.

Published

2021

45. Formal Analysis of Composable DeFi Protocols

Author

Palina Tolmach, Yi Li, Shang-Wei Lin, and Yang Liu

Subjects

Security properties, Range (mathematics), Property (programming), Computer science, business.industry, Software engineering, business

Abstract

Decentralized finance (DeFi) has become one of the most successful applications of blockchain and smart contracts. The DeFi ecosystem enables a wide range of crypto-financial activities, while the underlying smart contracts often contain bugs, with many vulnerabilities arising from the unforeseen consequences of composing DeFi protocols together. In this paper, we propose a formal process-algebraic technique that models DeFi protocols in a compositional manner to allow for efficient property verification. We also conduct a case study to demonstrate the proposed approach in analyzing the composition of two interacting DeFi protocols, namely, Curve and Compound. Finally, we discuss how the proposed modeling and verification approach can be used to analyze financial and security properties of interest.

Published

2021

46. Verification of security properties of the TLS 1.3 extensions

Author

Alexei Viacheslavovich Nikeshin and Victor Zinovievich Shnitman

Subjects

Security properties, Computer science, Computer security, computer.software_genre, computer

Abstract

This paper presents the experience of verifying server implementations of the TLS cryptographic protocol version 1.3. TLS is a widely used cryptographic protocol designed to create secure data transmission channels and provides the necessary functionality for this: confidentiality of the transmitted data, data integrity, and authentication of the parties. The new version 1.3 of the TLS protocol was introduced in August 2018 and has a number of significant differences compared to the previous version 1.2. A number of TLS developers have already included support for the latest version in their implementations. These circumstances make it relevant to do research in the field of verification and security of the new TLS protocol implementations. We used a new test suite for verifying implementations of the TLS 1.3 for compliance with Internet specifications, developed on the basis of the RFC8446, using UniTESK technology and mutation testing methods. The current work is part of the TLS 1.3 protocol verification project and covers some of the additional functionality and optional protocol extensions. To test implementations for compliance with formal specifications, UniTESK technology is used, which provides testing automation tools based on the use of finite state machines. The states of the system under test define the states of the state machine, and the test effects are the transitions of this machine. When performing a transition, the specified impact is passed to the implementation under test, after which the implementation's reactions are recorded and a verdict is automatically made on the compliance of the observed behavior with the specification. Mutational testing methods are used to detect non-standard behavior of the system under test by transmitting incorrect data. Some changes are made to the protocol exchange flow created in accordance with the specification: either the values of the message fields formed on the basis of the developed protocol model are changed, or the order of messages in the exchange flow is changed. The protocol model allows one to make changes to the data flow at any stage of the network exchange, which allows the test scenario to pass through all the significant states of the protocol and in each such state to test the implementation in accordance with the specified program. So far, several implementations have been found to deviate from the specification. The presented approach has proven effective in several of our projects when testing network protocols, providing detection of various deviations from the specification and other errors.

Published

2021

47. Privacy, Security and Trust in the Internet of Neurons

Author

Luca Viganò and Diego Sempreboni

Subjects

Security properties, law, Computer science, business.industry, Threat model, Internet privacy, The Internet, ARPANET, Internet of Things, business, Internet of services, law.invention

Abstract

Arpanet, Internet, Internet of Services, Internet of Things, Internet of Skills. What next? We conjecture that in a few years from now, we will have the Internet of Neurons, in which humans will be able to connect bi-directionally to the net using only their brain. The Internet of Neurons will provide new, tremendous opportunities thanks to constant access to unlimited information, but it will also bring along enormous challenges, especially concerning security, privacy and trust. In this paper we discuss the main technological (and neurological) breakthroughs required to enable the Internet of Neurons, the new opportunities it provides and the security challenges it raises. We also elaborate on the novel system models, threat models and security properties that are required to reason about privacy, security and trust in the Internet of Neurons.

Published

2021

48. Balancing Security: A Moving Target

Author

Artemij Voskobojnikov, Atefeh Mashatan, Volker Skwarek, Shin'ichiro Matsuo, Tim Weingärtner, and Chris Rowell

Subjects

Security properties, Blockchain, Application areas, Basis (linear algebra), Computer science, Computer security, computer.software_genre, computer, Domain (software engineering)

Abstract

Blockchain technology has come a long way since its inception in the form of Bitcoin in 2009. With a growing interest from industry and academia came an influx of new application areas and domains that make use of this technology on a daily basis. This technology, while having unique security properties, also presented new security challenges and previously unexplored attack vectors that became the target of malicious actors in the domain.

Published

2021

49. Probabilistic Annotations for Protocol Models

Author

Dusko Pavlovic

Subjects

Security properties, Noise, TheoryofComputation_MATHEMATICALLOGICANDFORMALLANGUAGES, Theoretical computer science, Computer science, Probabilistic logic, Cryptosystem, Hoare logic, Protocol (object-oriented programming)

Abstract

We describe how a probabilistic Hoare logic with localities can be used for reasoning about security. As a proof-of-concept, we analyze Vernam and El-Gamal cryptosystems, prove the security properties that they do satisfy, and disprove those that they do not. We also consider a version of the Muddy Children puzzle, where children’s trust and noise are taken into account.

Published

2021

50. Développement rigoureux des architectures sécurisées dans les visions négative et positive : propriétés, modèles, analyse et outils support

Author

Rouland, Quentin and STAR, ABES

Subjects

Component, Formalization, Connnector, Security properties, Formal methods, Software architecture, Formalisation, Reuse, Meta-modeling, [SHS.INFO] Humanities and Social Sciences/Library and information sciences, Métamodel, Métal-modélisation, Méthodes formelles, Architecture logicielle, Engineering secure systems, Propriétés de sécurité, Réutilisation, Metamodel, Ingénierie systèmes sécurisés, Menaces, Threats, Connector, Composant, [INFO.INFO-CR] Computer Science [cs]/Cryptography and Security [cs.CR]

Abstract

Our society has become more dependent on software-intensive systems, such as Information and Communication Technologies (ICTs) systems, to perform their daily tasks (sometimes critical). However, in most cases, organizations and particularly small ones place limited value on information and its security. In the same time, achieving security in such systems is a difficult task because of the increasing complexity and connectivity in ICT development. In addition, security has impacts on many attributes such as openness, safety and usability. Thus, security becomes a very important aspect that should be considered in early phases of development. In this work, we propose an approach in order to secure ICT software architectures during their development by considering two visions to formulate security statements using the negative view, as the study of threats (e.g., usurpation) and positive view as the study of the security objectives (e.g., confidentiality). The contributions of this work are threefold: (1) an integrated design framework for the specification and analysis of reusable (formal) model libraries for secure software architectures; (2) a novel model-based methodology for developing secure software architecture by reuse; and (3) a set of supporting tools. The approach associates Model-Driven Engineering (MDE) and formal techniques to design a set of modeling languages for specifying and analyzing architecture and property models which allows reuse of capitalized security-related know-how. The results are provided as two complementary artifacts: (a) a process of development of reusable formal model libraries for the specification and verification of security threats and objectives by a security expert; and (b) a process of secure architectural design and analysis by an architect reusing the libraries specified in the process (a). Process (a) includes the following activities: (1) the formal specification of the security threats and objectives as the properties of a model using technology-independent specification language; (2) the interpretation of the resulted model libraries in a tooled formal language; and (3) the definition of security policies as abstract security countermeasures to ensure security properties. Process (b) includes the following activities: (1) security analysis of a concrete architecture model to verify the security requirements and identify security issues reusing the property models; [...], Notre société est devenue plus dépendante des systèmes logiciels complexes, tels que les systèmes de technologies de l'information et de la communication (TIC), pour effectuer des tâches quotidiennes (parfois critiques). Cependant, dans la plupart des cas, les organisations et particulièrement les plus petites placent une valeur limitée sur les données et leur sécurité. Dans le même temps, la sécurité de ces systèmes est une tâche difficile en raison de la complexité et connectivité croissante dans le développement des TIC. De plus, la sécurité a une incidence sur de nombreux attributs tels que la transparence, la sureté et l'utilisabilité. Ainsi, la sécurité devient un aspect très important qui devrait être pris en compte dans les premières phases du cycle de développement. Dans ce travail, nous proposons une approche afin de sécuriser les architectures logicielles des TIC pendant leur développement en considérant la vision positive, qui se manifeste par l'étude des objectifs de sécurité (ex., confidentialité), et la vision négative, qui se manifeste par l'étude des menaces (ex., usurpation). Les contributions de ce travail sont triples : (1) un framework de conception intégré pour la spécification et l'analyse de bibliothèques de modèles (formels) réutilisables pour les architectures logicielles sécurisées ; (2) une nouvelle méthodologie basée sur les modèles pour développer une architecture logicielle sécurisée par réutilisation ; et (3) une suite d'outils support. L'approche associe l'ingénierie dirigée par les modèles (IDM) et les techniques formelles pour concevoir un ensemble de langages de modélisation afin de spécifier et analyser des modèles d'architecture et de propriétés permettant la réutilisation et ainsi capitaliser un savoir-faire en matière de sécurité. Les résultats sont fournis sous forme de deux artéfacts complémentaires : (a) un processus de développement de bibliothèques de modèles réutilisables pour la spécification et la vérification d'objectifs et de menaces de sécurité par un expert en sécurité ; et (b) un processus de conception d'architecture sécurisé par un architecte s'appuyant sur les bibliothèques spécifiées dans le processus (a). Le processus (a) comprend les activités suivantes : (1) la spécification formelle d'objectifs et de menaces de sécurité comme propriétés d'un modèle en utilisant un langage de spécification indépendant technologiquement ; (2) l'interprétation des bibliothèques de modèles résultants dans un langage formel outillé ; et (3) la définition de politiques de sécurité en tant que solutions abstraites de sécurité pour assurer les propriétés de sécurité. Le processus (b) comprend les activités suivantes : (1) l'analyse d'un modèle d'architecture concret afin de vérifier les exigences et d'identifier les problèmes de sécurité en réutilisant les modèles de propriétés[...]

Published

2021