Verification of cryptographic protocols: modular analysis of equivalence properties

Lead Research Organisation: University of Edinburgh
Department Name: Sch of Informatics

Abstract

Our societies are critically dependent on computerised systems. Unfortunately, and as often reported by the media, the mechanisms employed for defending these systems against malicious offensives are repeatedly defeated, seriously threatening our individual security and privacy. Rigorous and formal analysis of sensitive computerised systems thus needs to be conducted before their deployment, to exclude the existence of security vulnerabilities.

Formal verification techniques have proved very useful so far for analysing the security and privacy guarantees of digital systems. However, existing technologies fail to handle many nowadays real-life systems, as these become more and more complex, and their intended properties become more and more subtle. For example, the UMTS standard specifies tens of sub-protocols running in composition in 3G mobile phone systems. But, our tools have not kept pace with the growing complexity of nowadays systems. Currently, one may hope to automatically verify some of the sub-components of a system in isolation, but it is unrealistic to expect that the whole protocol suite can be automatically checked using one and the same tool.

In order to enable automatic analysis of privacy of crypto-protocols underlying complex real life , this research project will develop theoretical composition results for equivalence properties and integrate them to existing tools. Such results will permit to leverage state-of-the-art protocol analysers. The idea being to enable automatic verification by applying the divide-and-conquer strategy, with the goal to infer global security and privacy properties of complex systems from local properties of their components.

A very important aspect of this project is that it will ground the theoretical investigations in the needs of real-world computerised systems, to ensure the achievement of significant and applicable results and impact. We will focus on at least three applications important to society: electronic voting which is attracting government and industry interest, mobile telephony which is used daily by billions of subscribers everywhere they go, and electronic passports of which 40 countries have together issued many millions. These three applications raise numerous security and privacy concerns resulting in failure of confidence among users, politicians, commentators and public alike.

In short, the combination of theoretical outcomes of this project (and their implementation) with readily available cryptographic protocol analysers are the exact combination needed for fully-automated analysis of many modern sensitive applications.

Planned Impact

The following will benefit from our research:

* The wider public. Improving the privacy guarantees of very widely deployed systems such as mobile telephony systems will primarily benefit every one of us.

* Private sector. Providers of sensitive applications will be able to improve the security and privacy guarantees of their systems by using our tools. The ICAO and 3GPP consortium will in particular also benefit from the outcomes of our analysis of the new generation of electronic passports and mobile telephony systems.

* Public sector such as governments. Our results will help analyse, and design better electronic voting systems. These promise an efficient and convenient way for conducting elections, avoiding human errors in tallying.

* Research community across several areas of security. They will gain insights to where some of the challenges in security verification lie. This work will also shed light for them on subtle pitfalls in the development of a secure system.



They will benefit in the following ways:

1. The project will provide usable and effective techniques and software tools;

2. The project will provide guidance (prudent engineering techniques) for designing new secure sensitive applications.



To deliver the impact, we shall do the following:

* Establish industrial collaborations with the 3GPP consortium (and its successor) in charge of developing the UMTS standard (and the next generation mobile standard respectively), and the ICAO in charge of developing the standards for electronic passports. We have already been in contact with these two consortiums in the past, when earlier works of ours brought to the light security vulnerabilities in these systems.

* Provide packaged solutions for industry to evaluate.

* Continue active interaction with leading researchers on security verification such as Ve 'ronique Cortier and Steve Kremer from LORIA in France, Mark Ryan and Tom Chothia from the University of Birmingham in the UK, or Ste 'phanie Delaune from LSV in France.

* Publish the results of our research in top venues to ensure maximum visibility.

* Deliver seminars, public lectures, and enhance existing and create new teaching modules based on the outcomes of this project.
 
Description Our work is the first to: (i) stress the importance of securing Bitcoin transactions and preserving the account's privacy at the wallet level, (ii) consider a minimal threat model for hardware Bitcoin wallets, and (iii) address the security issues originating in low-level communication of Bitcoin devices, by showcasing practical attacks. We provide a thorough analysis of the Ledger wallets by extracting their protocols, analysing them and showing practical attacks. We propose a lightweight and user-friendly fix which is general enough to
be adapted to all wallets regardless the hardware technology. As, the Ledger protocols are not publicly available, we reverse-engineered the communication protocol and abstracted its implementations.
Exploitation Route This work was the first in a line of research on hardware anchored security. We are continuing the research initiated so far and foresee several research outputs that will help understand how to better secure our system with the help of small hardware anchors. Also as our theoretical investigations are evaluated against real world applications such as the harware bitcoin wallets considered so far (others will be investigated later in the project), we expect the research conducted to enhance the security of important sensitive complex real world applications such as Cryptocurrencies.
Sectors Digital/Communication/Information Technologies (including Software)

Financial Services

and Management Consultancy

 
Description Our work on hardware bitcoin wallet has uncovered some serious vulnerabilities on the Ledger Nano and Ledger Nano S bitcoin wallets, leaving their user's bitcoin funds unprotected. Given the wide adoption of hardware wallets, and with an estimated average daily Bitcoin transaction value of US$200K, exploitation of these vulnerabilities could be catastrophic. After publication of our work, the Ledger Nano which was shown to be broken by design was withdrawn from the market, and the Ledger Nano S was updated as per our recommendations. These devices used to manage accounts on the innovative payment system Bitcoin have thus been improved to provide better protection against hackers after our findings.
First Year Of Impact 2017
Sector Digital/Communication/Information Technologies (including Software),Financial Services, and Management Consultancy
Impact Types Economic

 
Description Impact on industrial products analysed in ISC paper
Geographic Reach Multiple continents/international 
Policy Influence Type Implementation circular/rapid advice/letter to e.g. Ministry of Health
Impact Our ISC 2017 work showed that devices used to manage accounts on the innovative payment system Bitcoin were vulnerable to security hacks. Our work shows how easy it is to access a user's funds, even when sophisticated hardware is incorporated. We contacted the CEO and CTO of the company manufacturing the analysed devices directly in order to privately disclose and fix the issue prior to publication of our work. We've received a single reply, asking to hand over the details of our findings, which we did. We then received an answer that Ledger would not issue any fix/change. However, Ledger did subsequently withdraw totally from the market LN wallets, and updated the LNs firmware to support encrypted communications, as per our recommendations. Also the LNs displays full recipient addresses since publication of our work. These changes improve the security of the Bitcoin funds using these devices.
 
Description Communication and outreach: media coverage of ISC 2017 paper 
Form Of Engagement Activity A press release, press conference or response to a media enquiry/interview
Part Of Official Scheme? No
Geographic Reach International
Primary Audience Media (as a channel to the public)
Results and Impact Following a press release from the University of Edinburgh in January 2018, several media worldwide have covered our work presented at 2017, naming few such as ACM TechNews - https://technews.acm.org/archives.cfm?fo=2018-01-jan/jan-26-2018.html - and Science Daily - https://www.sciencedaily.com/releases/2018/01/180123112553.htm.
Year(s) Of Engagement Activity 2018
URL https://www.ed.ac.uk/science-engineering/news-events/bitcoin-wallet-devices-vulnerable-to-security-h...