Opendata, web and dolomites

Report

Teaser, summary, work performed and final results

Periodic Reporting for period 2 - SPOOC (Automated Security Proofs of Cryptographic Protocols: Privacy, Untrusted Platforms and Applications to E-voting Protocols)

Teaser

The security of electronic transactions is ensured by cryptographic protocols. While historically their main goals were confidentiality and authentication the situation has changed. The ability of people to stay connected constantly combined with ill-conceived systems...

Summary

The security of electronic transactions is ensured by cryptographic protocols. While historically their main goals were confidentiality and authentication the situation has changed. The ability of people to stay connected constantly combined with ill-conceived systems seriously threatens people’s privacy. Due to viruses and malware, personal computers and mobile phones must not be considered trustworthy anymore; yet they execute the protocols that are to achieve security goals. To detect flaws, prove a protocol\'s security and propose new design principles the Spooc project will develop solid foundations and practical tools to analyse and formally prove security protocols that ensure user privacy as well as techniques for executing protocols on untrusted platforms. We will develop
- foundations and practical tools for specifying and verifying new security properties, in particular privacy properties;
- techniques for design and automated analysis of protocols that can be executed on untrusted platforms;
- apply these methods in particular to novel e-voting protocols, that aim for strong security guarantees without need to trust the voter client software.

Work performed

A wide range of security properties,e.g., anonymity in e-voting, unlinkability in RFID and mobile phone protocols, can be naturally expressed as observational equivalences in cryptographic process calculi. We made substantial contributions to the foundations and practice of their automated, symbolic verification. We have shown subtle differences between existing models, that were, by folklore, believed equivalent and obtained tight computational complexity results. From a practical point of view we develop several complementary (in terms of expressivity, precision and efficiency) automated verification tools. To ensure scalability we developed results for compositional verification: for e-voting protocols we have shown that if there is an attack on vote privacy then there is also an attack that involves at most 3 voters.

We need to take into account that a user\'s machine may be untrusted, e.g., due to malware. Therefore protocols may (1) involve the user to execute a security-critical action, or (2) rely on trusted, isolated hardware. Multi-factor authentication protocols, e.g., Google 2-factor, follow the first line. We propose a symbolic model, decision procedure and verification tool for this class of protocols and applied it to protocols from the ISO/IEC 9798-6:2010 standard. When using secure hardware modules, one major problem for automated verification is the need to maintain global, non-monotonic state. We propose a new process calculus, called SAPiC (Stateful Applied Pi Calculus) and an eponymous prototype tool together with a model for specifying and verifying applications based on Isolated Execution Environments, such as ARM TrustZone and Intel SGX. In collaboration with Orange Labs, we devised and formally proved the security of a new mobile payment protocol, secure even in the presence of malware.

E-voting protocols have to guarantee two fundamental properties: privacy and integrity. Some elections require more than vote-privacy: receipt-freeness ensures that a voter cannot convince a vote buyer or coercer how she voted. Election integrity is generally achieved through end-to-end verifiability: the protocol issues evidence that all, and only, eligible casted votes have been correctly tallied. Moreover, one cannot assume that the platform used by a voter is trusted. We have analysed Du-Vote, a recently presented malware resistant remote e-voting scheme and showed several attacks on both privacy and verifiability. We propose a new voting scheme, BeleniosRF, that offers both receipt-freeness and end-to-end verifiability, and implemented it for several platforms, including desktop computers and smartphones.

Final results

\"We will provide efficient automated verification tools able to verify properties expressed as equivalences. We have significantly improved our theoretical understanding of this verification method, and have built automated verification tools. The next step is to improve efficiency, provide support for more cryptographic primitives and a wider range of protocols. At the end, this should provide efficient \"\"push-button\"\" tools for protocol verification.

To widen the range of protocols that can be formally verified we have built methods and tools for protocols that rely on human intervention, or secure hardware modules. Both kinds of protocols are extremely important when using a malicious, e.g. malware infected, platform. We have developed attacker models, verification methods and tools for these protocols. Tool support for protocols relying on hardware modules is not fully automatic and the level of automation is to be improved.

E-voting is a particularly tricky application area for formal verification. It requires analysis of equivalence properties and hardware modules or human intervention to be malware resistant. Using our tools we will analyse e-voting protocols, to give a precise security assessment of which properties hold under what hypotheses. Our methods should provide a toolbox for formal security evaluation, an increasing requirement for electronic elections. We will also design new protocols that can ensure vote privacy and election verifiability, even on untrusted voting platforms.
\"

Website & more info

More info: https://members.loria.fr/skremer/files/spooc/index.html.