Related papers: Formal Verification of Permission Voucher

Formal Verification of Permission Voucher

URL: http://arxiv.org/abs/2412.16224v1
Date: Wed, 18 Dec 2024 14:11:50 GMT
Title: Formal Verification of Permission Voucher
Authors: Khan Reaz, Gerhard Wunder,
Abstract summary: The Permission Voucher Protocol is a system designed for secure and authenticated access control in distributed environments. The analysis employs the Tamarin Prover, a state-of-the-art tool for symbolic verification, to evaluate key security properties. Results confirm the protocol's robustness against common attacks such as message tampering, impersonation, and replay.
Score: 1.4732811715354452
License:
Abstract: Formal verification is a critical process in ensuring the security and correctness of cryptographic protocols, particularly in high-assurance domains. This paper presents a comprehensive formal analysis of the Permission Voucher Protocol, a system designed for secure and authenticated access control in distributed environments. The analysis employs the Tamarin Prover, a state-of-the-art tool for symbolic verification, to evaluate key security properties such as authentication, confidentiality, integrity, mutual authentication, and replay prevention. We model the protocol's components, including trust relationships, secure channels, and adversary capabilities under the Dolev-Yao model. Verification results confirm the protocol's robustness against common attacks such as message tampering, impersonation, and replay. Additionally, dependency graphs and detailed proofs demonstrate the successful enforcement of security properties like voucher authenticity, data confidentiality, and key integrity. The study identifies potential enhancements, such as incorporating timestamp-based validity checks and augmenting mutual authentication mechanisms to address insider threats and key management challenges. This work highlights the advantages and limitations of using the Tamarin Prover for formal security verification and proposes strategies to mitigate scalability and performance constraints in complex systems.

Related papers

Balancing Confidentiality and Transparency for Blockchain-based Process-Aware Information Systems [46.404531555921906]
We propose an architecture for blockchain-based PAISs aimed at preserving both confidentiality and transparency. Smart contracts enact, enforce and store public interactions, while attribute-based encryption techniques are adopted to specify access grants to confidential information.
arXiv Detail & Related papers (2024-12-07T20:18:36Z)
Securing Legacy Communication Networks via Authenticated Cyclic Redundancy Integrity Check [98.34702864029796]
We propose Authenticated Cyclic Redundancy Integrity Check (ACRIC) ACRIC preserves backward compatibility without requiring additional hardware and is protocol agnostic. We show that ACRIC offers robust security with minimal transmission overhead ( 1 ms)
arXiv Detail & Related papers (2024-11-21T18:26:05Z)
Excavating Vulnerabilities Lurking in Multi-Factor Authentication Protocols: A Systematic Security Analysis [2.729532849571912]
Single-factor authentication (SFA) protocols are often bypassed by side-channel and other attack techniques. To alleviate this problem, multi-factor authentication (MFA) protocols have been widely adopted recently.
arXiv Detail & Related papers (2024-07-29T23:37:38Z)
Quantum-Secure Certificate-Less Conditional Privacy-Preserving Authentication for VANET [4.8124555241328375]
Existing lattice-based authentication schemes fall short of addressing the potential challenges of the leakage of the master secret key and key-escrow problem. This paper proposes the emphfirst quantum secure authentication scheme to eliminate the flaws while maintaining the system's overall efficiency intact.
arXiv Detail & Related papers (2024-03-20T16:50:36Z)
Evidence Tampering and Chain of Custody in Layered Attestations [0.0]
In distributed systems, trust decisions are made on the basis of integrity evidence generated via remote attestation. We present algorithms for identifying all such tampering opportunities for given evidence as well as tampering "strategies" by which an adversary can modify incriminating evidence without being detected. Our efforts are intended to help protocol designers ensure their protocols reduce evidence tampering opportunities to the smallest, most trustworthy set of components possible.
arXiv Detail & Related papers (2024-01-31T21:54:53Z)
A Survey and Comparative Analysis of Security Properties of CAN Authentication Protocols [92.81385447582882]
The Controller Area Network (CAN) bus leaves in-vehicle communications inherently non-secure. This paper reviews and compares the 15 most prominent authentication protocols for the CAN bus. We evaluate protocols based on essential operational criteria that contribute to ease of implementation.
arXiv Detail & Related papers (2024-01-19T14:52:04Z)
Rely-guarantee Reasoning about Concurrent Memory Management: Correctness, Safety and Security [0.0]
An incorrect specification and implementation of the memory management may lead to system crashes or exploitable attacks. This article presents the first formal specification and mechanized proof of a concurrent memory management for a real-world OS.
arXiv Detail & Related papers (2023-09-17T03:41:10Z)
FedSOV: Federated Model Secure Ownership Verification with Unforgeable Signature [60.99054146321459]
Federated learning allows multiple parties to collaborate in learning a global model without revealing private data. We propose a cryptographic signature-based federated learning model ownership verification scheme named FedSOV.
arXiv Detail & Related papers (2023-05-10T12:10:02Z)
Quantum Proofs of Deletion for Learning with Errors [91.3755431537592]
We construct the first fully homomorphic encryption scheme with certified deletion. Our main technical ingredient is an interactive protocol by which a quantum prover can convince a classical verifier that a sample from the Learning with Errors distribution in the form of a quantum state was deleted.
arXiv Detail & Related papers (2022-03-03T10:07:32Z)
Joint Differentiable Optimization and Verification for Certified Reinforcement Learning [91.93635157885055]
In model-based reinforcement learning for safety-critical control systems, it is important to formally certify system properties. We propose a framework that jointly conducts reinforcement learning and formal verification.
arXiv Detail & Related papers (2022-01-28T16:53:56Z)

This list is automatically generated from the titles and abstracts of the papers in this site.