Improving Automated Symbolic Analysis of Ballot Secrecy for E-Voting Protocols: A Method Based on Sufficient Conditions

Hirschi, Lucca; Cremers, Cas

doi:10.1109/eurosp.2019.00052

Cited by 11 publications

(4 citation statements)

References 36 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The most important objective of PPCA, i.e., the secrecy of the location of the participating entities, has been formally verified using the formal verification tool ProVerif [41], in line with many recent scientific contributions on network security [42], [43], [44]. ProVerif is definitely the most correct choice for security analysis when applying a cryptographic primitive in a new application, in combination with additional security services and functionalities.…”

Section: Formal Verification Using Proverifmentioning

confidence: 80%

PPCA - Privacy-Preserving Collision Avoidance for Autonomous Unmanned Aerial Vehicles

Tedeschi

Sciancalepore

Pietro

2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rightsCopyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights.• Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal.If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the "Taverne" license above, please follow below link for the End User

show abstract

Section: Formal Verification Using Proverifmentioning

confidence: 80%

PPCA - Privacy-Preserving Collision Avoidance for Autonomous Unmanned Aerial Vehicles

Tedeschi

Sciancalepore

Pietro

2023

IEEE Trans. Dependable and Secure Comput.

View full text Add to dashboard Cite

show abstract

“…without time and location considerations. It has been successfully applied to secure messaging protocols [43], e-voting schemes [21,39], or avionic protocols [12]. ProVerif allows to model a wide class of cryptographic primitives like symmetric/asymmetric encryption, signatures, hash functions... and describes protocols through a process algebra close to the one presented in Section 3.2.1.…”

Section: Proverif In a Nutshellmentioning

confidence: 99%

So Near and Yet So Far – Symbolic Verification of Distance-Bounding Protocols

Debant

Delaune

Wiedling

2022

ACM Trans. Priv. Secur.

View full text Add to dashboard Cite

The continuous adoption of Near Field Communication (NFC) tags offers many new applications whose security is essential (e.g., contactless payments). In order to prevent flaws and attacks, we develop in this article a framework allowing us to analyse the underlying security protocols, taking into account the location of the agents and the transmission delay when exchanging messages. We propose two reduction results to render automatic verification possible relying on the existing verification tool ProVerif . Our first result allows one to consider a unique topology to catch all possible attacks. The second result simplifies the security analysis when considering Terrorist fraud. Then, based on these results, we perform a comprehensive case study analysis (27 protocols), in which we obtain new proofs of security for some protocols and detect attacks on some others.

show abstract

“…It handles an unbounded number of sessions and even if termination is not guaranteed, it works well in practice. For instance, this tool has been successfully used to analyse two avionic protocols that aim to secure air-ground communications [5], to perform a comprehensive analysis of the TLS 1.3 Draft-18 protocol [6], or more recently to analyse some e-voting protocols [10,17].…”

Section: Proverif In a Nutshellmentioning

confidence: 99%

Security Analysis and Implementation of Relay-Resistant Contactless Payments

Boureanu

Chothia

Debant

et al. 2020

Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security

View full text Add to dashboard Cite

Contactless systems, such as the EMV (Europay, Mastercard and Visa) payment protocol, are vulnerable to relay attacks. The typical countermeasure to this relies ondistance bounding protocols, in which a reader estimates an upper bound on its physical distance from a card by doing round-trip time (RTT) measurements. However, these protocols are trivially broken in the presence of rogue readers. At Financial Crypto 2019, we proposed two novel EMV-based relayresistant protocols: they integrate distance-bounding with the use of hardware roots of trust (HWRoT) in such a way that correct RTT-measurements can no longer be bypassed.Our contributions are threefold: first, we design a calculus to model this advanced type of distance-bounding protocols integrated with HWRoT; as an additional novelty, our calculus is also the first to allow for mobility of cards and readers during a proximity-checking phase. Second, to make it possible to analyse these protocols via more standard mechanisms and tools, we consider a 2018 characterisation of distance-bounding security that does away with physical aspects and relies only on the causality of events; we cast it in our richer calculus and extend its theoretical guarantees to our more expressive models (with mobility, potentially rogue readers, and HWRoT). Due to this extension, we can carry out the security analysis in the standard protocol verification tool ProVerif. Third, we provide the first implementation of Mastercard's relay-resistant EMV protocol PayPass-RRP as well as one of its 2019 extension with HWRoT called PayBCR. We evaluate their efficiency and their robustness to relay attacks, in presence of both honest and rogue readers. Our experiments are the first to show that Mastercard's PayPass-RRP and its HWRoT-based extension PayBCR are both practical in preventing relay attacks of the magnitude shown thus-far in EMV.

show abstract

Improving Automated Symbolic Analysis of Ballot Secrecy for E-Voting Protocols: A Method Based on Sufficient Conditions

Cited by 11 publications

References 36 publications

PPCA - Privacy-Preserving Collision Avoidance for Autonomous Unmanned Aerial Vehicles

PPCA - Privacy-Preserving Collision Avoidance for Autonomous Unmanned Aerial Vehicles

So Near and Yet So Far – Symbolic Verification of Distance-Bounding Protocols

Security Analysis and Implementation of Relay-Resistant Contactless Payments

Contact Info

Product

Resources

About