Formal Verification Tools Research Articles

Stick: An End-to-End Encryption Protocol Tailored for Social Network Platforms

End-to-End Encryption (E2EE) has become a de facto standard in messengers, especially after the development of the secure messaging protocol – Signal. However, the adoption of E2EE has been limited to messengers, and has not yet seen a noticeable trace in social network platforms, despite the increase in users’ privacy violations. In this paper, we propose, verify, implement and evaluate a novel E2EE protocol – Stick. Stick is a Signal-based protocol tailored for social network platforms. We believe our protocol is the first to support re-establishable encryption sessions in an asynchronous multi-device setting while preserving forward secrecy and introducing backward secrecy. Stick includes several innovative features, including a new session concept, multiple pairwise sessions and refreshing identity keys. We verified Stick using Verifpal - a formal verification tool in the symbolic model. Our security analysis shows our protocol does achieve a form of post-compromise security in many-to-many communications – the trait most group protocols lack. Most importantly, the Stick protocol can re-establish encryption sessions while ensuring authentication and confidentiality. We implemented our protocol as a stand-alone open-source API. Our evaluation shows the Stick protocol can be used in a real-world social network app with no noticeable compromise on usability or performance.

SEU injection framework for radiation-tolerant ASICs, a formal verification approach

Single Event Upsets (SEUs) represent a major challenge for digital electronics operated in a radiation environment. Triple Modular Redundancy (TMR) is one of the most popular approaches to increase digital electronics resilience to SEUs. Simulation is the most used approach for verifying the correct triplication of the designs. This contribution describes a novel approach for verifying the triplication. A formal verification tool is used, removing the need for a complete functional verification framework for the SEU injections in the design. The approach allows finding bugs earlier in the design phase hence reducing the development and debug time.

Practitioners’ Perspectives towards Requirements Engineering: A Survey

In this paper, we discuss the results of our survey among 84 practitioners in order to understand practitioners’ perspectives towards requirements engineering. We asked 28 questions to learn the practitioners’ motivations, the techniques and technologies used for different activities, practitioners’ experiences with customer involvement, and any challenges encountered. Some important results are as follows: the practitioners’ top motivations are the precise communication of requirements and analyzing the requirements to detect issues. Most practitioners (i) insist on using natural languages, (ii) specify requirements as the use case and scenario descriptions, (iii) neglect using/transforming requirements for making high-level decisions and reasoning about requirements, (iv) neglect the specifications of quality requirements and their reasoning while considering quality requirements important, and (v) neglect any technologies for facilitating requirements engineering (e.g., meta-modeling technologies, formal verification tools, and advanced tools). Practitioners are challenged by the cost and effort spent in specifying requirements, the omissions of errors, misinterpretations of requirements and their incorrect (manual) transformations, and customers’ lack of technical knowledge. With the survey results, practitioners can gain an awareness on the general perspectives, academics can trigger new research addressing the observed issues, and tool vendors can improve their tools with regard to the weaknesses determined.

Achieving Light-Weighted Secure Scheme for Communication in a Smart Grid

There are many security risks in the communication between the various nodes of the smart grid. Among these security risks, data leakage is a common one, which occurs in communicating between any two smart meters. In the existing studies, the data leakage is tackled by proposing various security strategies. In this paper, we propose a novel security communication scheme to ensure the security of transmission data between two smart meters against external malicious attacks. Specifically, an authentication scheme based on chaos theory is proposed for verifying the identity trustworthiness of smart meters. In the authentication phase, we use a chaos algorithm and a hash function to compute a shared session key that is used for authentication of both communicating parties, as well as for encryption of private information. Our proposed scheme implements a one-time session approach, i.e., each round of communication keys are unrelated to each other. In relevant validation experiments, we verify that the chaotic algorithm is sufficiently time efficient and compare the computational efficiency with other literature in terms of communication expenses, and the results prove that the proposed scheme is of lightweight nature. Finally we use the Proverif formal verification tool the BAN logic to verify the security as well as the feasibility of the proposed scheme.

Mobile-Chain: Secure blockchain based decentralized authentication system for global roaming in mobility networks

Designing a secure and efficient authentication protocol is crucial and challenging in the mobility network. Due to the seamless roaming of mobile users over multiple foreign agents and the broadcast nature of the communication channel, the mobile networks are often exposed to several network attacks. To achieve perfect authentication and secure communication among mobility entities like MU (Mobile User), FA (Foreign Agent) and HA (Home Agent), the researchers have proposed numerous authentication protocols in the past. However, the existing protocols for the mobility environments are insufficient to address the fundamental security concerns and an adversary can impersonate the mobile user at anytime. Thus, we propose Mobile-Chain, a secure blockchain-based authentication system for mobility environments. The proposed Mobile-Chain is designed to protect user privacy and guarantees provable security like authentication, anonymity, untraceability, confidentiality, data integrity, and decentralization. The implementation of the security framework has been done on the ethereum blockchain platform using smart contracts written in a solidity programming language. The security analysis reveals that Mobile-Chain is robust against various security threats to which mobility networks are vulnerable. Besides, the authentication framework has been measured through a formal security verification tool known as Automated Validation of Internet Security Protocol and Application (AVISPA). Notably, the performance evaluation of the proposed protocol proves that it maintains performance gain, computationally efficient, and implementable in resource-limited wireless and mobility environments.

A Group-Based Multicast Service Authentication and Data Transmission Scheme for 5G-V2X

5G Vehicular to everything (5G-V2X) has grown more vigorously than ever before, and services massive vehicles can obtain provided by content providers via the network in all fields are widely acknowledged, such as listening to news channels and traffic channels. In the 5G-V2X network, content providers can provide service messages to a group of vehicles belonging to a specific area in point-to-multipoint transmission mode. However, various challenges are in front of the way when vehicles obtain multicast services due to the unique features of 5G-V2X, such as massive vehicles and strong mobility. In this paper, we present a typical vehicle multicast service model in 5G-V2X and propose a group-based multicast service authentication and data transmission scheme based on this model. In the scheme, massive vehicles within the same RAN coverage are constructed into a group and connected to the content provider to gain access to a multicast service using the distributed keys securely by the 5G home network. Subsequently, the multicast service key for protecting the multicast service data is distributed to each vehicle so that the multicast service data can be securely transmitted to vehicles in point-to-multipoint mode. The security analysis results using the formal verification tool and informal security analysis show that the proposed scheme supports the multicast services authentication and authorization, multicast service data protection, key distribution protection, anonymity, unlinkability, and protocol attack resistance. The performance analysis results regarding signaling, computational and communication overheads show that the proposed scheme outperforms other related schemes.

SF-LAP: Secure M2M Communication in IIoT with a Single-Factor Lightweight Authentication Protocol

Machine-to-machine communication allows smart devices like sensors, actuators, networks, gateways, and other controllers to communicate with one another. The industrial Internet of things (IIoT) has become a vital component. Many industrial devices are connected to perform a task automatically in machine-to-machine communication, but they are not properly secured, allowing an adversary to compromise them against a variety of attacks due to communication system vulnerabilities. Recently, a secure lightweight authentication protocol (SLAP) was proposed by Panda et al. They asserted that every known attack that could happen in the IIoT is deterred by their suggested protocol. In this study, we prove that the SLAP protocol is vulnerable to desynchronization, impersonation, replay, and eavesdropping attacks. To prevent these attacks and enhance that protocol, we need to implement a secure authentication mechanism that ensures the security of communication. This paper proposed a secure M2M Communication in IIoT with a single-factor lightweight authentication protocol (SF-LAP). Single-factor authentication is a simple and secure way to communicate. It uses less power and communication overhead while providing a secure mechanism for conversation. In the machine-to-machine (M2M) scenario, the proposed protocol uses an exclusive-OR operation and a hashing function to ensure secure communication between the sensor and the controller. The proposed mechanism uses a secure preshared key and timestamp technique to protect and safeguard this connection against desynchronization attacks and eavesdropping attacks. We used Burrows Abadi Needham (BAN) Gong, Needham, and Yahalom (GNY) logic, and the automated validation of Internet security protocols applications (AVISPA) tool for formal verification and perform a security analysis as an informal verification to make sure the suggested protocol is secure. Analysis that shows the SF-LAP consumes the least computing and communication overhead and is more secure because it prevents desynchronization and eavesdropping attacks to all of the known attacks that are modification attacks, tracing attacks, impersonation, man-in-the-middle, and replay attacks.

LK-AKA: A lightweight location key-based authentication and key agreement protocol for S2S communication

As a supplement to terrestrial networks, satellite communication networks have a lot of advantages, such as wide coverage, large communication capacity, reliable communication quality, and seamless global connectivity, which are highly competitive with traditional communication technologies. However, there are still many security issues and efficiency problems in satellite networks due to the characteristics of satellite communications, such as highly exposed satellite links, dynamical topology, and the limited computational power and storage resources of satellites. Therefore, it is a crucial issue to design a lightweight and secure authentication mechanism to ensure the security of satellite-to-satellite communication (S2S). This paper proposes a lightweight authentication and key agreement scheme for S2S communication based on the symmetric cryptographic system and the satellite location key (LK) constructed by satellite orbital parameters and location information. The formal verification tool Scyther is employed to evaluate the proposed scheme’s security. The security analysis results show that it has good performance in providing security properties and resistance to typical attacks, such as replay attacks, impersonation attacks, and Man-In-The-Middle (MITM) attacks. In addition, the performance analysis results demonstrate that our scheme has desired efficiency in terms of signaling overhead, computational overhead, and bandwidth overhead.

RPRIA: Reputation and PUF-Based Remote Identity Attestation Protocol for Massive IoT Devices

The smart city is a vision for urban development that combines new-generation information technologies to improve the quality of life. The Internet of Things (IoT) technology is a key technology of smart city, which provides the support for the automatic collection and transmission of massive information in smart city. However, there are some challenges for the IoT devices in a smart city in terms of security and performance, such as various security vulnerabilities and a large amount of computational overhead. With the explosive growth of the number of IoT devices and the data they generate, it is very necessary to ensure that a large number of IoT devices can establish secure and reliable communication with the central server. In this article, we design a massive IoT device remote identity attestation protocol based on the reputation mechanism and physically unclonable function (PUF). Our protocol can efficiently and securely accomplish the mutual authentication and key agreement between massive IoT devices and central server, and between IoT devices. The Burrows–Abadi–Needham (BAN) logic and a formal verification tool called Scyther are employed to prove the security of our protocol. We also evaluate the performance by comparing our protocol with other related protocols in terms of computational overhead, communication overhead, etc. The security and performance results show that our protocol has ideal security and performance.

Towards a Digital Highway Code using Formal Modelling and Verification of Timed Automata

One of the challenges in designing safe, reliable and trustworthy Autonomous Vehicles (AVs) is to ensure that the AVs abide by traffic rules. For this, the AVs need to be able to understand and reason about traffic rules. In previous work, we introduce the spatial traffic logic USL-TR to allow for the unambiguous, machine-readable, formalisation of traffic rules. This is only the first step towards autonomous traffic agents that verifiably follow traffic rules. In this research preview, we focus on two further steps: a) retrieving behaviour diagrams directly from traffic rules and b) converting the behaviour diagrams into timed automata that are using formulae of USL-TR in guards and invariants. With this, we have a formal representation for traffic rules and can move towards the establishment of a Digital Highway Code. We briefly envision further steps which include adding environment and agent models to the timed automata to finally implement and verify these traffic rule models using a selection of formal verification tools.

PROLEAD

Even today, Side-Channel Analysis attacks pose a serious threat to the security of cryptographic implementations fabricated with low-power and nanoscale feature technologies. Fortunately, the masking countermeasures offer reliable protection against such attacks based on simple security assumptions. However, the practical application of masking to a cryptographic algorithm is not trivial, and the designer may overlook possible security flaws, especially when masking a complex circuit. Moreover, abstract models like probing security allow formal verification tools to evaluate masked implementations. However, this is computationally too expensive when dealing with circuits that are not based on composable gadgets. Unfortunately, using composable gadgets comes at some area overhead. As a result, such tools can only evaluate subcircuits, not their compositions, which can become the Achilles’ heel of such masked implementations.In this work, we apply logic simulations to evaluate the security of masked implementations which are not necessarily based on composable gadgets. We developed PROLEAD, an automated tool analyzing the statistical independence of simulated intermediates probed by a robust probing adversary. Compared to the state of the art, our approach (1) does not require any power model as only the state of a gate-level netlist is simulated, (2) can handle masked full cipher implementations, and (3) can detect flaws related to the combined occurrence of glitches and transitions as well as higher-order multivariate leakages. With PROLEAD, we can evaluate masked mplementations that are too complex for existing formal verification tools while being in line with the robust probing model. Through PROLEAD, we have detected security flaws in several publicly-available masked implementations, which have been claimed to be robust probing secure.

A Distributed Connectivity Maintenance Algorithm With Formal Guarantees for a Communication-Constrained Network of Unmanned Underwater Vehicles

This article presents a distributed connectivity maintenance algorithm for a multiagent system composed of unmanned underwater vehicles (UUVs). We consider a homogeneous network of UUVs that move on a 2-D plane with bounded linear speeds. The time-division multiple-access protocol, which is a commonly used communication protocol for UUVs, is used by the agents in the network to communicate with each other. Due to the communication constraints imposed by the protocol, the agents do not have access to the current positions of their neighbors. This presents a significant challenge in developing a connectivity maintenance algorithm that can be formally verified. Using only local information from an agent’s neighbors, the algorithm provides motion constraints for each agent in the network, which can then be used by each UUV’s motion planner to plan a connectivity-preserving reference trajectory. In addition to providing mathematical proofs expressed in a way that is typical in the systems and control community, we give formal proofs of the results that establish network connectivity for the presented algorithm under suitable assumptions on each agent’s motion planner and controller. The formal proofs are carried out using the KeYmaera X theorem prover, which is an interactive formal verification tool for hybrid systems. This article also highlights the utility of formal verification tools in identifying scenarios that could be overlooked when employing proofs that are not carried out in a formal system for complex distributed algorithms such as the one presented in this article.

A two-factor security authentication scheme for wireless sensor networks in IoT environments

As an important part of the Internet of Things, wireless sensor networks have been widely used in all aspects of people's lives. Identity authentication in wireless sensor networks guarantees security for users to safely access real-time data in sensor nodes. In the literature, numerous research works have been done on designing an efficient and secure authentication scheme for wireless sensor networks, but most of them suffer from various security flaws. In 2019, Sharif et al. proposed an efficient user authentication scheme, which was later found insecure by Chen et al. who then proposed an enhanced scheme. However, we find that Chen et al.’s scheme is vulnerable to off-line password guessing attack, impersonation attack and fails to achieve perfect forward secrecy, user anonymity, and unlinkability. To overcome those weaknesses, we propose a two-factor authentication scheme based on elliptic curve cryptosystem, and prove its security by formal verification tool ProVerif. Compared with related schemes, our scheme provides higher level of security, meanwhile achieves acceptable efficiency in computational cost. To the best of our knowledge, this is the first scheme fulfilling both two-factor security and user anonymity under sensor node captured attack.

Facing emerging challenges in connected vehicles: a formally proven, legislation compliant, and post-quantum ready security protocol

Modern vehicles are expected to integrate a variety of connectivity features to enrich safety, entertainment, and driver comfort. This connectivity raises confidentiality and privacy concerns with the risk for the driver to lose control on his data. As vehicles are intended to be used for several years, a major challenge is also to design stable but flexible solutions that can withstand changes in legislation as well as advances in cryptography. Legal frameworks are currently being investigated and implemented to regulate the use of drivers’ and vehicles’ private information. However, the transcription of these regulations in practice remains an open problem. In this paper, the first formally proven security protocol for connected vehicles is proposed. It enforces a fined-grained access control policy while providing the flexibility to support recent schemes resistant to a quantum adversary. Its detailed security analysis is assessed using the ProVerif formal verification tool. In addition, a method to generate the access control policy in compliance with the laws is proposed along with an illustrating use case. The method supports both legislation and driver access control to data. Finally, a performance evaluation of the security protocol is provided.

On the Security of a Lightweight and Secure Access Authentication Scheme for Both UE and mMTC Devices in 5G Networks

The Internet of Things (IoT) and 5G networks play important roles in the latest systems for managing and monitoring various types of data. These 5G based IoT environments collect various data in real-time using micro-sensors as IoT things devices and sends the collected data to a server for further processing. In this scenario, a secure authentication and key agreement scheme is needed to ensure privacy when exchanging data between IoT nodes and the server. Recently, Cao et al. in “LSAA: A lightweight and secure access authentication scheme for both UE and mMTC devices in 5G networks” presented a new authentication scheme to protect user privacy. They contend that their scheme not only prevents various protocol attacks, but also achieves mutual authentication, session key security, unlinkability, and perfect forward/backward secrecy. This paper demonstrates critical security weaknesses of their scheme using informal and formal (mathemati) analysis: it does not prevent a single point of failure and impersonation attacks. Further, their proposed scheme does not achieve mutual authentication and correctness of security assumptions, and we perform simulation analysis using a formal verification tool to its security flaws. To ensure attack resilience, we put forward some solutions that can assist constructing more secure and efficient access authentication scheme for 5G networks.

Untraceable Authentication Protocol for IEEE802.11s Standard

In the current paper, a new handover authentication protocol for IEEE802.11s Wireless mesh networks is presented. The new protocol divides the network into a number of cells, each cell contains a number of access points and based on the concept of ticket authentication, the mesh user takes a new ticket when enters the region of a new cell which decreases the handover latency. Moreover, in the current paper, a new idea for ticket generation is proposed, called Chain Ticket Derivation Function (CTDF), which uses the concept of a chain. Using CTDF in our proposed protocol raises the level of privacy for the users. The security analysis presented in the paper showed more strengths in our proposed scheme. Two formal verification tools, AVISPA and BAN logic are used to test the proposed protocol.

A measurable refinement method of design and verification for micro-kernel operating systems in communication network

A secure operating system in the communication network can provide the stable working environment, which ensures that the user information is not stolen. The micro-kernel operating system in the communication network retains the core functions in the kernel, and unnecessary tasks are implemented by calling external processes. Due to the small amount of code, the micro-kernel architecture has high reliability and scalability. Taking the micro-kernel operating system in the communication network prototype VSOS as an example, we employ the objdump tool to disassemble the system source code and get the assembly layer code. On this basis, we apply the Isabelle/HOL, a formal verification tool, to model the system prototype. By referring to the mathematical model of finite automata and taking the process scheduling module as an example, the security verification based on the assembly language layer is developed. Based on the Hoare logic theory, each assembly statement of the module is verified in turn. The verification results show that the scheduling module of VSOS has good functional security, and also show the feasibility of the refinement framework.

An Efficient Authentication and Key Distribution Protocol for Multicast Service in Space-Ground Integration Network

Satellite communication technology has attracted the attention of researchers in the study of the sixth-generation (6G) mobile communication network because of its advantages of achieving global coverage with high cost-effectiveness and not being affected by terrain factors and human activities. In order to achieve efficient interconnection between terminals and networks, it is a new development trend of communication technology to integrate satellite communication networks and ground communication networks to construct the Space-Ground Integration Network (SGIN). Multicast service is widely used by network service providers to provide business services to users. Due to the characteristics of higher delay of space communication and unstable link compared with the ground network, if the ground multimedia multicast security protocol is directly applied to the space communication, it is difficult to guarantee the efficiency of the corresponding business service. The existing security protocols in the space information network are usually designed to ensure the security of end-to-end communication, and there are few studies on the security of multimedia multicast services. In view of the above situation, we design a new multicast service security protocol for the SGIN to realize the secure and efficient transmission in multicast services. In the protocol, we first design a key derivation scheme for the shared key between UE and BM-SC based on the existing 5G-AKA mechanism. Then, we propose a group-based multicast service registration mechanism. Finally, we propose a secure and efficient key distribution and update process of multicast service group key based on China Remainder Theorem (CRT). The formal verification tool Scyther is employed to analyze the security of the proposed protocol, and the results show that our scheme has valid security properties. We analyze the performance of the scheme by comparing it with the existing schemes in three aspects, such as signaling overhead, computational overhead, and bandwidth overhead. The comparison results show that our scheme is superior to other existing schemes. Finally, we build an experimental environment and test the delay, transmission rate, and CPU usage of the proposed system. The results show that our scheme improves the efficiency of multicast services while ensuring network security.

Design of a secure and privacy preserving authentication protocol for telecare medical information systems

AbstractWith the advancement of communication technology, Telecare Medicine Information Systems (TMIS) provides convenient healthcare services for patients, doctors, and health organizations over the insecure Internet. As a result, when accessing sensitive medical data over an insecure connection, user privacy, data security, and user authentication is very crucial. A secure authentication protocol plays a crucial role in securing communications over TMIS, these environments are very vulnerable to numerous attacks due to resource constraints and the nature of the communication medium. Recently, an efficient authentication framework has been introduced for TMIS to address various security issues. However, the existing mutual authentication and key agreement protocols are vulnerable to replay attacks, insider attacks, impersonation attacks, and password guessing attacks. Furthermore, the current authentication systems do not guarantee user privacy and the fair key agreement between the patient and the medical server. We propose a more robust authentication approach for healthcare information systems to address these security issues. To assess the authentication protocol's security strength, we employ formal verification tools like Automated Validation of Internet Security Protocols and Applications (AVISPA). Finally, a thorough performance analysis demonstrates that the proposed mutual authentication framework not only ensures privacy but also maintains a low computing overhead. As a result, when compared to other related systems, the proposed authentication protocol is both secure and computationally efficient.

A Novel PUF-Based Group Authentication and Data Transmission Scheme for NB-IoT in 3GPP 5G Networks

With the gradual commercialization of the fifth-generation (5G) network, the narrowband Internet of Things (NB-IoT) system would have potential and prospective applications in future relying on the infrastructure. Meanwhile, predictably, there are several security requirements to be satisfied, including concurrent access authentication for massive devices, identity privacy protection, physical attack resistance, application traffic security, etc. In this article, we present a novel group authentication and data transmission scheme using the physically unclonable function (PUF) for NB-IoT in which the output of PUF is viewed as shared root key to achieve the mutual authentication along with key agreement. By this scheme, a Group Leader is employed to aggregate and relay authentication information and, thus, it reduces the signaling cost and communication cost followed by activating attach request messages from a sea of devices. The network side as well can surely find fake ones through individual truncated authentication code and detect honest devices with high probability when aggregated authentication code is invalid. Furthermore, the revised security model and the formal verification tool Scyther are employed to evaluate the security of the scheme. Finally, performance analysis results show that our solution has the desired efficiency.