Conference Paper

A Formally Verified Device Authentication Protocol Using Casper/FDR

DOI: 10.1109/TrustCom.2012.27 Conference: Trust comm

ABSTRACT For communication in Next Generation Networks,
highly-developed mobile devices will enable users to store and
manage a lot of credentials on their terminals. Furthermore,
these terminals will represent and act on behalf of users when
accessing different networks and connecting to a wide variety
of services. In this situation, it is essential for users to trust
their terminals and for all transactions using them to be
secure. This paper analyses a number of the Authentication
and Key Agreement protocols between the users and mobile
terminals, then proposes a novel device authentication protocol.
The proposed protocol is analysed and verified using a formal
methods approach based on Casper/FDR compiler

  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Over-the-air dissemination of code updates in wireless sensor networks have been researchers' point of interest in the last few years, and, more importantly, security challenges toward the remote propagation of code updating have occupied the majority of efforts in this context. Many security models have been proposed to establish a balance between the energy consumption and security strength, having their concentration on the constrained nature of wireless sensor network (WSN) nodes. For authentication purposes, most of them have used a Merkle hash tree to avoid using multiple public cryptography operations. These models mostly have assumed an environment in which security has to be at a standard level. Therefore, they have not investigated the tree structure for mission-critical situations in which security has to be at the maximum possible level (e.g., military applications, healthcare). Considering this, we investigate existing security models used in over-the-air dissemination of code updates for possible vulnerabilities, and then, we provide a set of countermeasures, correspondingly named Security Model Requirements. Based on the investigation, we concentrate on Seluge, one of the existing over-the-air programming schemes, and we propose an improved version of it, named Seluge++, which complies with the Security Model Requirements and replaces the use of the inefficient Merkle tree with a novel method. Analytical and simulation results show the improvements in Seluge++ compared to Seluge.
    Sensors 03/2014; 14(3):5004-40. · 2.05 Impact Factor
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: We are seeing the deployment of new types of networks such as sensor networks for environmental and infrastructural monitoring, social networks such as facebook, and e-Health networks for patient monitoring. These networks are producing large amounts of data that need to be stored, processed and analysed. Cloud technology is being used to meet these challenges. However, a key issue is how to provide security for data stored in the Cloud. This paper addresses this issue in two ways. It first proposes a new security framework for Cloud security which deals with all the major system entities. Secondly, it introduces a Capability ID system based on modified IPv6 addressing which can be used to implement a security framework for Cloud storage. The paper then shows how these techniques are being used to build an e-Health system for patient monitoring.
    International Workshop on Cyber Security and Cloud Computing, Oxford. UK; 04/2014
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The Locator/ID Separation Protocol (LISP) is routing architecture that provides new semantics for IP addressing. In order to simplify routing operations and improve scalability in future Internet, the LISP separates the device identity from its location, into two different numbering spaces. The LISP also, introduces mapping protocol mechanisms to match the two spaces. This paper analyses the security and functionality of the LISP mapping procedure using formal methods approach based on Casper/FDR tool. The analysis points out several security issues in the current protocol and proposes changes that are compatible with the implementation of LISP.
    The 7th International Conference on Network and System Security (NSS 2013); 06/2013


Available from
Jun 2, 2014