Avaliação do uso de agentes móveis em segurança computacional. / An evaluation of the use of mobile agents in computational security.

Bernardes, Mauro Cesar

22 December 1999

Em decorrência do aumento do número de ataques de origem interna, a utilização de mecanismos de proteção, como o firewall, deve ser ampliada. Visto que este tipo de ataque, ocasionado pelos usuários internos ao sistema, não permite a localização imediata, torna-se necessário o uso integrado de diversas tecnologias para aumentar a capacidade de defesa de um sistema. Desta forma, a introdução de agentes móveis em apoio a segurança computacional apresenta-se como uma solução natural, uma vez que permitirá a distribuição de tarefas de monitoramento do sistema e automatização do processo de tomada de decisão, no caso de ausência do administrador humano. Este trabalho apresenta uma avaliação do uso do mecanismo de agentes móveis para acrescentar características de mobilidade ao processo de monitoração de intrusão em sistemas computacionais. Uma abordagem modular é proposta, onde agentes pequenos e independentes monitoram o sistema. Esta abordagem apresenta significantes vantagens em termos de overhead, escalabilidade e flexibilidade. / The use of protection mechanisms must be improved due the increase of attacks from internal sources. As this kind of attack, made by internal users do not allow its immediate localization, it is necessary the integrated use of several technologies to enhance the defense capabilities of a system. Therefore, the introduction of mobile agents to provide security appears to be a natural solution. It will allow the distribution of the system monitoring tasks and automate the decision making process, in the absence of a human administrator. This project presents an evaluation of the use of mobile agents to add mobile capabilities to the process of intrusion detection in computer systems. A finer-grained approach is proposed, where small and independent agents monitor the system. This approach has significant advantages in terms of overhead, scalability and flexibility.

agentes móveis

computational security

intrusion detection systems

mobile agents

segurança computacional

sistemas de detecção de intrusão

Xenia: um sistema de segurança para grades computacionais baseado em cadeias de confiança / Xenia: a security system for grid computing based on trust chains

Pinheiro Junior, José de Ribamar Braga

18 April 2008

Os Sistemas de Grades Computacionais são intrinsecamente mais vulneráveis às ameaças de segurança que os Sistemas tradicionais, uma vez que abrangem um grande número de usuários e os recursos e as aplicações são geridas por diferentes domínios administrativos. A autenticação e a autorização são fatores imperativos para os Sistemas de Grade Computacional. Da mesma forma, a escalabilidade e a distribuição de dados vêm também sendo objeto de estudo de vários pesquisadores da área. Os serviços providos pelas Grades Computacionais devem evitar implementações centralizadas pela dificuldade do gerenciamento global. Outro importante requisito das Grades Computacionais é prover mecanismos para a delegação de direitos de acesso aos recursos. O proprietário do recurso deve ser capaz de delegar permissões para outro usuário, talvez por um tempo limitado, com base na confiança que possui neste. No entanto, a delegação deve ser usada com cuidado, pois uma longa cadeia de delegações poderia conduzir a uma utilização abusiva dos recursos pelos usuários maliciosos. Para tratar os principais requisitos de segurança das Grades Computacionais, desenvolvemos uma Arquitetura de Segurança denominada Xenia. Esta arquitetura é baseada em SPKI/SDSI, um modelo de segurança flexível, extensível e descentralizado que fornece autenticação, confidencialidade e controle de acesso. Propusemos uma extensão ao modelo SPKI/SDSI baseada em lógica subjetiva para representar relações de confiança entre indivíduos. / Grid Computing Systems are inherently more vulnerable to security threats than traditional systems, since they potentially encompass a large number of users, resources, and applications managed by different administrative domains. Authentication and authorization are imperative for grid systems. Since scalability and distribution are major concerns on grid environments, those services implementations should avoid centralized solutions. Another relevant requirement to consider is the provision of mechanisms for delegating access rights, since they minimize the overhead of grid administrators on providing access rights to grid resources. The owner of an access right should be able to delegate permissions to another user, maybe for a limited time, based on his trust on that user. However, delegation must be used with care. A long chain of delegations could lead to improper use of resources by malicious users. Confidentiality and integrity are also important security requirements for many grid applications. To address these problems, we designed a Security Architecture for Grid Systems named Xenia. This architecture is based on SPKI/SDSI, a flexible and extensible decentralized security model that provides authentication, confidentiality, and access control. We proposed an extension to the SPKI/SDSI model to represent trust relations between subjects based on subjective logic.

Cadeias de Confiança.

Computational Grids

Computational Security

Grades computacionais

Segurança computacional

Trust Chains.

Computational soundness of formal reasoning about indistinguishability and non-malleability of cryptographic expressions

Hajiabadi, Mohammad

24 August 2011

Analysis and verification of security protocols are typically carried out in two different models of cryptography: formal cryptography and computational cryptography. Formal cryptography, originally inspired by the work of Dolev and Yao [14], takes an abstract and idealized view of security, and develops its proof techniques based on methods and ideas from logic and theory of programming languages. It makes strong assumptions about cryptographic operations by treating them as perfectly-secure symbolic operations. Computational cryptography, on the other hand, has developed its foundations based on complexity theory. Messages are viewed as bit-strings, and cryptographic operations are treated as actual transformations on bit-strings with certain asymptotic properties.In this thesis, we explore the relation between the Dolev-Yao model and the computational model of public-key cryptography in two contexts: indistinguishability and non-malleability of expressions. This problem in the absence of key-cycles is partially addressed in [20, 21] by Herzog. We adapt our approach to use the co-inductive definition of symbolic security, whose private-key treatment was considered in coinduction, and establish our main results as follow: Using a co-inductive approach, we extend the indistinguishability and non-malleability results of Herzog in the presence of key-cycles. By providing a counter-example, we show that the indistinguishability property in this setting is strictly stronger than the non-malleability property, which gives a negative answer to Herzog's conjecture that they are equivalent. we prove that despite the fact that IND-CCA2 security provides non-malleability in our setting, the same result does not hold for IND-CCA1 security. We prove that, under certain hypothesis, our co-inductive formal indistinguishability is computationally-complete in the absence of key-cycles and with respect to any \emph{length-revealing} encryption scheme. In the presence of key-cycles, we prove that the completeness does not hold even with respect to IND-CPA security. / Graduate

Computational Soundness

Dolev-Yao Non-Malleability

Indistinguishability of Expressions

Avaliação do uso de agentes móveis em segurança computacional. / An evaluation of the use of mobile agents in computational security.

Mauro Cesar Bernardes

22 December 1999

Em decorrência do aumento do número de ataques de origem interna, a utilização de mecanismos de proteção, como o firewall, deve ser ampliada. Visto que este tipo de ataque, ocasionado pelos usuários internos ao sistema, não permite a localização imediata, torna-se necessário o uso integrado de diversas tecnologias para aumentar a capacidade de defesa de um sistema. Desta forma, a introdução de agentes móveis em apoio a segurança computacional apresenta-se como uma solução natural, uma vez que permitirá a distribuição de tarefas de monitoramento do sistema e automatização do processo de tomada de decisão, no caso de ausência do administrador humano. Este trabalho apresenta uma avaliação do uso do mecanismo de agentes móveis para acrescentar características de mobilidade ao processo de monitoração de intrusão em sistemas computacionais. Uma abordagem modular é proposta, onde agentes pequenos e independentes monitoram o sistema. Esta abordagem apresenta significantes vantagens em termos de overhead, escalabilidade e flexibilidade. / The use of protection mechanisms must be improved due the increase of attacks from internal sources. As this kind of attack, made by internal users do not allow its immediate localization, it is necessary the integrated use of several technologies to enhance the defense capabilities of a system. Therefore, the introduction of mobile agents to provide security appears to be a natural solution. It will allow the distribution of the system monitoring tasks and automate the decision making process, in the absence of a human administrator. This project presents an evaluation of the use of mobile agents to add mobile capabilities to the process of intrusion detection in computer systems. A finer-grained approach is proposed, where small and independent agents monitor the system. This approach has significant advantages in terms of overhead, scalability and flexibility.

agentes móveis

segurança computacional

sistemas de detecção de intrusão

computational security

intrusion detection systems

mobile agents

Xenia: um sistema de segurança para grades computacionais baseado em cadeias de confiança / Xenia: a security system for grid computing based on trust chains

José de Ribamar Braga Pinheiro Junior

18 April 2008

Os Sistemas de Grades Computacionais são intrinsecamente mais vulneráveis às ameaças de segurança que os Sistemas tradicionais, uma vez que abrangem um grande número de usuários e os recursos e as aplicações são geridas por diferentes domínios administrativos. A autenticação e a autorização são fatores imperativos para os Sistemas de Grade Computacional. Da mesma forma, a escalabilidade e a distribuição de dados vêm também sendo objeto de estudo de vários pesquisadores da área. Os serviços providos pelas Grades Computacionais devem evitar implementações centralizadas pela dificuldade do gerenciamento global. Outro importante requisito das Grades Computacionais é prover mecanismos para a delegação de direitos de acesso aos recursos. O proprietário do recurso deve ser capaz de delegar permissões para outro usuário, talvez por um tempo limitado, com base na confiança que possui neste. No entanto, a delegação deve ser usada com cuidado, pois uma longa cadeia de delegações poderia conduzir a uma utilização abusiva dos recursos pelos usuários maliciosos. Para tratar os principais requisitos de segurança das Grades Computacionais, desenvolvemos uma Arquitetura de Segurança denominada Xenia. Esta arquitetura é baseada em SPKI/SDSI, um modelo de segurança flexível, extensível e descentralizado que fornece autenticação, confidencialidade e controle de acesso. Propusemos uma extensão ao modelo SPKI/SDSI baseada em lógica subjetiva para representar relações de confiança entre indivíduos. / Grid Computing Systems are inherently more vulnerable to security threats than traditional systems, since they potentially encompass a large number of users, resources, and applications managed by different administrative domains. Authentication and authorization are imperative for grid systems. Since scalability and distribution are major concerns on grid environments, those services implementations should avoid centralized solutions. Another relevant requirement to consider is the provision of mechanisms for delegating access rights, since they minimize the overhead of grid administrators on providing access rights to grid resources. The owner of an access right should be able to delegate permissions to another user, maybe for a limited time, based on his trust on that user. However, delegation must be used with care. A long chain of delegations could lead to improper use of resources by malicious users. Confidentiality and integrity are also important security requirements for many grid applications. To address these problems, we designed a Security Architecture for Grid Systems named Xenia. This architecture is based on SPKI/SDSI, a flexible and extensible decentralized security model that provides authentication, confidentiality, and access control. We proposed an extension to the SPKI/SDSI model to represent trust relations between subjects based on subjective logic.

Cadeias de Confiança.

Grades computacionais

Segurança computacional

Computational Grids

Computational Security

Trust Chains.

Preuves symboliques de propriétés d’indistinguabilité calculatoire / Symbolic Proofs of Computational Indistinguishability

Koutsos, Adrien

27 September 2019

Notre société utilise de nombreux systèmes de communications. Parce que ces systèmes sont omniprésents et sont utilisés pour échanger des informations sensibles, ils doivent être protégés. Cela est fait à l'aide de protocoles cryptographiques. Il est crucial que ces protocoles assurent bien les propriétés de sécurité qu'ils affirment avoir, car les échecs peuvent avoir des conséquences importantes. Malheureusement, concevoir des protocoles cryptographiques est notoirement difficile, comme le montre la régularité avec laquelle de nouvelles attaques sont découvertes. Nous pensons que la vérification formelle est le meilleur moyen d'avoir de bonnes garanties dans la sécurité d'un protocole: il s'agit de prouver mathématiquement qu'un protocole satisfait une certaine propriété de sécurité.Notre objectif est de développer les techniques permettant de vérifier formellement des propriétés d'équivalence sur des protocoles cryptographiques, en utilisant une méthode qui fournit de fortes garanties de sécurités, tout en étant adaptée à des procédures de preuve automatique. Dans cette thèse, nous défendons l'idée que le modèle Bana-Comon pour les propriétés d'équivalences satisfait ces objectifs. Nous soutenons cette affirmation à l'aide de trois contributions.Tout d'abord, nous étayons le modèle Bana-Comon en concevant des axiomes pour les fonctions usuelles des protocoles de sécurités, et pour plusieurs hypothèses cryptographiques. Dans un second temps, nous illustrons l'utilité de ces axiomes et du modèle en réalisant des études de cas de protocoles concrets: nous étudions deux protocoles RFID, KCL et LAK, ainsi que le protocole d'authentification 5G-AKA, qui est utilisé dans les réseaux de téléphonie mobile. Pour chacun de ces protocoles, nous montrons des attaques existentes ou nouvelles, proposons des versions corrigées de ces protocoles, et prouvons que celles-ci sont sécurisées. Finalement, nous étudions le problème de l'automatisation de la recherche de preuves dans le modèle Bana-Comon. Pour cela, nous prouvons la décidabilité d'un ensemble de règles d'inférences qui est une axiomatisation correcte, bien que incomplète, de l'indistingabilité calculatoire, lorsque l'on utilise un schéma de chiffrement IND-CCA2. Du point de vue d'un cryptographe, cela peut être interprété comme la décidabilité d'un ensemble de transformations de jeux. / Our society extensively relies on communications systems. Because such systems are used to exchange sensitive information and are pervasive, they need to be secured. Cryptographic protocols are what allow us to have secure communications. It is crucial that such protocols do not fail in providing the security properties they claim, as failures have dire consequences. Unfortunately, designing cryptographic protocols is notoriously hard, and major protocols are regularly and successfully attacked. We argue that formal verification is the best way to get a strong confidence in a protocol security. Basically, the goal is to mathematically prove that a protocol satisfies some security property.Our objective is to develop techniques to formally verify equivalence properties of cryptographic protocols, using a method that provides strong security guarantees while being amenable to automated deduction techniques. In this thesis, we argue that the Bana-Comon model for equivalence properties meets these goals. We support our claim through three different contributions.First, we design axioms for the usual functions used in security protocols, and for several cryptographic hypothesis. Second, we illustrate the usefulness of these axioms and of the model by completing case studies of concrete protocols: we study two RFID protocols, KCL et LAK, as well as the 5G-AKA authentication protocol used in mobile communication systems. For each of these protocols, we show existing or new attacks against current versions, propose fixes, and prove that the fixed versions are secure. Finally, we study the problem of proof automation in the Bana-Comon model, by showing the decidability of a set of inference rules which is a sound, though incomplete, axiomatization of computational indistinguishability when using an IND-CCA2 encryption scheme. From a cryptographer's point of view, this can be seen as the decidability of a fixed set of cryptographic game transformations.

Protocole de sécurité

Sécurité calculatoire

Preuves automatiques

Indistinguabilité

Security protocols

Computational security

Automatic proofs

Indistinguishability

Quantum coin flipping and bit commitment : optimal bounds, pratical constructions and computational security / Pile-ou-face et mise-en-gage de bit quantique : bornes optimales, constructions pratiques et sécurité calculatoire

Chailloux, André

24 June 2011

L'avènement de l'informatique quantique permet de réétudier les primitives cryptographiques avec une sécurité inconditionnelle, c'est à dire sécurisé même contre des adversaires tout puissants. En 1984, Bennett et Brassard ont construit un protocole quantique de distribution de clé. Dans ce protocole, deux joueurs Alice et Bob coopèrent pour partager une clé secrète inconnue d'une tierce personne Eve. Ce protocole a une sécurité inconditionnelle et n'a pasd'équivalent classique.Dans ma thèse, j'ai étudié les primitives cryptographiques à deux joueurs où ces joueurs ne se font pas confiance. J'étudie principalement le pile ou face quantique et la mise-en-gage quantique de bit. En informatique classique, ces primitivessont réalisables uniquement avec des hypothèses calculatoires, c'est-à-dire en supposant la difficulté d'un problème donné. Des protocoles quantiques ont été construits pour ces primitives où un adversaire peut tricher avec une probabilité constante strictement inférieure à 1, ce qui reste impossible classiquement. Néanmoins, Lo et Chau ont montré l'impossibilité de créer ces primitives parfaitement même en utilisant l'informatique quantique. Il reste donc à déterminer quelles sont les limites physiques de ces primitives.Dans une première partie, je construis un protocole quantique de pile ou face où chaque joueur peut tricher avec probabilité au plus 1/racine(2) + eps pour tout eps > 0. Ce résultat complète un résultat de Kitaev qui dit que dans un jeu de pile ou face quantique, un joueur peut toujours tricher avec probabilité au moins 1/racine(2). J'ai également construit un protocole de mise-en-gage de bit quantique optimal où un joueur peut tricher avec probabilité au plus 0,739 + eps pour tout eps > 0 puis ai montré que ce protocole est en fait optimal. Finalement, j'ai dérivé des bornes inférieures et supérieures pour une autre primitive: la transmission inconsciente, qui est une primitive universelle.Dans une deuxième partie, j'intègre certains aspects pratiques dans ces protocoles. Parfois les appareils de mesure ne donnent aucun résultat, ce sont les pertes dans la mesure. Je construis un protocole de lancer de pièce quantique tolérant aux pertes avec une probabilité de tricher de 0,859. Ensuite, j'étudie le modèle dispositif-indépendant où on ne suppose plus rien sur les appareils de mesure et de création d'état quantique.Finalement, dans une troisième partie, j'étudie ces primitives cryptographiques avec un sécurité computationnelle. En particulier, je fais le lien entre la mise en gage de bit quantique et les protocoles zero-knowledge quantiques. / Quantum computing allows us to revisit the study of quantum cryptographic primitives with information theoretic security. In 1984, Bennett and Brassard presented a protocol of quantum key distribution. In this protocol, Alice and Bob cooperate in order to share a common secret key k, which has to be unknown for a third party that has access to the communication channel. They showed how to perform this task quantumly with an information theoretic security; which is impossible classically.In my thesis, I study cryptographic primitives with two players that do not trust each other. I study mainly coin flipping and bit commitment. Classically, both these primitives are impossible classically with information theoretic security. Quantum protocols for these primitives where constructed where cheating players could cheat with probability stricly smaller than 1. However, Lo, Chau and Mayers showed that these primitives are impossible to achieve perfectly even quantumly if one requires information theoretic security. I study to what extent imperfect protocols can be done in this setting.In the first part, I construct a quantum coin flipping protocol with cheating probabitlity of 1/root(2) + eps for any eps > 0. This completes a result by Kitaev who showed that in any quantum coin flipping protocol, one of the players can cheat with probability at least 1/root(2). I also constructed a quantum bit commitment protocol with cheating probability 0.739 + eps for any eps > 0 and showed that this protocol is essentially optimal. I also derived some upper and lower bounds for quantum oblivious transfer, which is a universal cryptographic primitive.In the second part, I study some practical aspects related to these primitives. I take into account losses than can occur when measuring a quantum state. I construct a Quantum Coin Flipping and Quantum Bit Commitment protocols which are loss-tolerant and have cheating probabilities of 0.859. I also construct these primitives in the device independent model, where the players do not trust their quantum device. Finally, in the third part, I study these cryptographic primitives with information theoretic security. More precisely, I study the relationship between computational quantum bit commitment and quantum zero-knowledge protocols.

Pile ou face quantique

Mise-en-gage quantique

Transmission inconsciente quantique

Cryptographie quantique

Primitives cryptographiques

Bornes inférieures

Bornes supérieures

Tolérance aux pertes

Dispositif-indépendant

Sécurité inconditionnelle

Sécurité calculatoire

Protocoles zero-knowledge quantiques

Quantum coin flipping

Quantum bit commitment

Quantum oblivious transfer

Quantum cryptography

Cryptographic primitives

Lower bound

Upper bound

Loss-tolerant

Device independent

Information theoretic security

Computational security

Quantum zero-knowledge protocols