Biblio

Filters: Keyword is formal analysis  [Clear All Filters]
2020-10-23
Weicheng Wang, Fabrizio Cicala, Syed Rafiul Hussain, Elisa Bertino, Ninghui Li.  2020.  Analyzing the Attack Landscape of Zigbee-Enabled IoT Systems and Reinstating Users' Privacy. 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks. :133–143.

Zigbee network security relies on symmetric cryptography based on a pre-shared secret. In the current Zigbee protocol, the network coordinator creates a network key while establishing a network. The coordinator then shares the network key securely, encrypted under the pre-shared secret, with devices joining the network to ensure the security of future communications among devices through the network key. The pre-shared secret, therefore, needs to be installed in millions or more devices prior to deployment, and thus will be inevitably leaked, enabling attackers to compromise the confidentiality and integrity of the network. To improve the security of Zigbee networks, we propose a new certificate-less Zigbee joining protocol that leverages low-cost public-key primitives. The new protocol has two components. The first is to integrate Elliptic Curve Diffie-Hellman key exchange into the existing association request/response messages, and to use this key both for link-to-link communication and for encryption of the network key to enhance privacy of user devices. The second is to improve the security of the installation code, a new joining method introduced in Zigbee 3.0 for enhanced security, by using public key encryption. We analyze the security of our proposed protocol using the formal verification methods provided by ProVerif, and evaluate the efficiency and effectiveness of our solution with a prototype built with open source software and hardware stack. The new protocol does not introduce extra messages and the overhead is as lows as 3.8% on average for the join procedure.

2021-02-16
Kang, E., Schobbens, P..  2020.  InFoCPS: Integrating Formal Analysis of Cyber-Physical Systems with Energy Prognostics. 2020 9th Mediterranean Conference on Embedded Computing (MECO). :1—5.
This paper is related to dissemination and exploitation of the InFoCPS PhD research project: Failure of Cyber-Physical Systems (CPS) may cause extensive damage. Safety standards emphasize the use of formal analysis in CPS development processes. Performance degradation assessment and estimation of lifetime of energy storage (electric batteries) are vital in supporting maintenance decisions and guaranteeing CPS reliability. Existing formal analysis techniques mainly focus on specifying energy constraints in simplified manners and checking whether systems operate within given energy bounds. Leading to overlooked energy features that impede development of trustworthy CPS. Prognostics and health management (PHM) estimate energy uncertainty and predict remaining life of systems. We aim to utilize PHM techniques to rigorously model dynamic energy behaviors; resulting models are amenable to formal analysis. This project will increase the degree of maintenance of CPS while (non)-functional requirements are preserved correctly.
2021-06-30
Chen, Jichang, Lu, Zhixiang, Zhu, Xueping.  2020.  A Lightweight Dual Authentication Protocol for the Internet of Vehicles. 2020 IEEE 3rd International Conference on Information Systems and Computer Aided Education (ICISCAE). :17—22.
With the development of 5G communication technology, the status of the Internet of Vehicles in people's lives is greatly improved in the general trend of intelligent transportation. The combination of vehicles and Radio Frequency Identification (RFID) makes the application prospects of vehicle networking gradually expand. However, the wireless network of the Internet of Vehicles is open and mobile, so it can be easily stolen or tampered with by attackers. Moreover, it will cause serious traffic security problems and even threat people's lives. In this paper, we propose a lightweight authentication protocol for the Internet of Vehicles based on a mobile RFID system and give corresponding security requirements for modeling potential attacks. The protocol is based on the three-party mutual authentication, and uses bit-operated left-cycle shift operations and hetero-oriented operations to generate encrypted data. The simultaneous inclusion of triparty shared key information and random numbers makes the protocol resistant to counterfeit attacks, violent attacks, replay attacks and desynchronization attacks. Finally, a simulation analysis of the security protocol using the ProVerif tool shows that the protocol secures is not accessible to attackers during the data transfer, and achieve the three-party authentication between sensor nodes (SN), vehicle nodes (Veh) and backend servers.
2020-12-07
Whitefield, J., Chen, L., Sasse, R., Schneider, S., Treharne, H., Wesemeyer, S..  2019.  A Symbolic Analysis of ECC-Based Direct Anonymous Attestation. 2019 IEEE European Symposium on Security and Privacy (EuroS P). :127–141.
Direct Anonymous Attestation (DAA) is a cryptographic scheme that provides Trusted Platform Module TPM-backed anonymous credentials. We develop Tamarin modelling of the ECC-based version of the protocol as it is standardised and provide the first mechanised analysis of this standard. Our analysis confirms that the scheme is secure when all TPMs are assumed honest, but reveals a break in the protocol's expected authentication and secrecy properties for all TPMs even if only one is compromised. We propose and formally verify a minimal fix to the standard. In addition to developing the first formal analysis of ECC-DAA, the paper contributes to the growing body of work demonstrating the use of formal tools in supporting standardisation processes for cryptographic protocols.
2019-11-12
Basin, David, Dreier, Jannik, Hirschi, Lucca, Radomirovic, Sa\v sa, Sasse, Ralf, Stettler, Vincent.  2018.  A Formal Analysis of 5G Authentication. Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. :1383-1396.

Mobile communication networks connect much of the world's population. The security of users' calls, SMSs, and mobile data depends on the guarantees provided by the Authenticated Key Exchange protocols used. For the next-generation network (5G), the 3GPP group has standardized the 5G AKA protocol for this purpose. We provide the first comprehensive formal model of a protocol from the AKA family: 5G AKA. We also extract precise requirements from the 3GPP standards defining 5G and we identify missing security goals. Using the security protocol verification tool Tamarin, we conduct a full, systematic, security evaluation of the model with respect to the 5G security goals. Our automated analysis identifies the minimal security assumptions required for each security goal and we find that some critical security goals are not met, except under additional assumptions missing from the standard. Finally, we make explicit recommendations with provably secure fixes for the attacks and weaknesses we found. 

2018-09-12
Datta, Amarjit, Rahman, Mohammad Ashiqur.  2017.  Cyber Threat Analysis Framework for the Wind Energy Based Power System. Proceedings of the 2017 Workshop on Cyber-Physical Systems Security and PrivaCy. :81–92.
Wind energy is one of the major sources of renewable energy. Countries around the world are increasingly deploying large wind farms that can generate a significant amount of clean energy. A wind farm consists of many turbines, often spread across a large geographical area. Modern wind turbines are equipped with meteorological sensors. The wind farm control center monitors the turbine sensors and adjusts the power generation parameters for optimal power production. The turbine sensors are prone to cyberattacks and with the evolving of large wind farms and their share in the power generation, it is crucial to analyze such potential cyber threats. In this paper, we present a formal framework to verify the impact of false data injection attack on the wind farm meteorological sensor measurements. The framework designs this verification as a maximization problem where the adversary's goal is to maximize the wind farm power production loss with its limited attack capability. Moreover, the adversary wants to remain stealthy to the wind farm bad data detection mechanism while it is launching its cyberattack on the turbine sensors. We evaluate the proposed framework for its threat analysis capability as well as its scalability by executing experiments on synthetic test cases.
2018-06-07
Rocchetto, Marco, Tippenhauer, Nils Ole.  2017.  Towards Formal Security Analysis of Industrial Control Systems. Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security. :114–126.
We discuss the use of formal modeling to discover potential attacks on Cyber-Physical systems, in particular Industrial Control Systems. We propose a general approach to achieve that goal considering physical-layer interactions, time and state discretization of the physical process and logic, and the use of suitable attacker profiles. We then apply the approach to model a real-world water treatment testbed using ASLan++ and analyze the resulting transition system using CL-AtSe, identifying four attack classes. To show that the attacks identified by our formal assessment represent valid attacks, we compare them against practical attacks on the same system found independently by six teams from industry and academia. We find that 7 out of the 8 practical attacks were also identified by our formal assessment. We discuss limitations resulting from our chosen level of abstraction, and a number of modeling shortcuts to reduce the runtime of the analysis.
2018-08-23
Seal, S. K., Cianciosa, M. R., Hirshman, S. P., Wingen, A., Wilcox, R. S., Unterberg, E. A..  2017.  Parallel Reconstruction of Three Dimensional Magnetohydrodynamic Equilibria in Plasma Confinement Devices. 2017 46th International Conference on Parallel Processing (ICPP). :282–291.

Fast, accurate three dimensional reconstructions of plasma equilibria, crucial for physics interpretation of fusion data generated within confinement devices like stellarators/ tokamaks, are computationally very expensive and routinely require days, even weeks, to complete using serial approaches. Here, we present a parallel implementation of the three dimensional plasma reconstruction code, V3FIT. A formal analysis to identify the performance bottlenecks and scalability limits of this new parallel implementation, which combines both task and data parallelism, is presented. The theoretical findings are supported by empirical performance results on several thousands of processor cores of a Cray XC30 supercomputer. Parallel V3FIT is shown to deliver over 40X speedup, enabling fusion scientists to carry out three dimensional plasma equilibrium reconstructions at unprecedented scales in only a few hours (instead of in days/weeks) for the first time.

Matsuo, S..  2017.  How formal analysis and verification add security to blockchain-based systems. 2017 Formal Methods in Computer Aided Design (FMCAD). :1–4.

Blockchain is an integrated technology to ensure keeping record and process transactions with decentralized manner. It is thought as the foundation of future decentralized ecosystem, and collects much attention. However, the maturity of this technology including security of the fundamental protocol and its applications is not enough, thus we need more research on the security evaluation and verification of Blockchain technology This tutorial explains the current status of the security of this technology, its security layers and possibility of application of formal analysis and verification.

2017-11-03
Dennis, R., Owenson, G., Aziz, B..  2016.  A Temporal Blockchain: A Formal Analysis. 2016 International Conference on Collaboration Technologies and Systems (CTS). :430–437.

This paper presents a possible solution to a fundamental limitation facing all blockchain-based systems; scalability. We propose a temporal rolling blockchain which solves the problem of its current exponential growth, instead replacing it with a constant fixed-size blockchain. We conduct a thorough analysis of related work and present a formal analysis of the new rolling blockchain, comparing the results to a traditional blockchain model to demonstrate that the deletion of data from the blockchain does not impact on the security of the proposed blockchain model before concluding our work and presenting future work to be conducted.