Carsten Rudolph

Security evaluation of scenarios based on the TCG's TPM specification

The Trusted Platform Module TPM is a basic but nevertheless very complex security component that can provide the foundations and the root of security for a variety of applications. In contrast to the TPM, other basic security mechanisms like cryptographic algorithms or security protocols have frequently been subject to thorough security analysis and formal verification. This paper presents a first methodic security analysis of a large part of the TPM specification. A formal automata model based on asynchronous product automata APA and a finite state verification tool SHVT are used to emulate a TPM within an executable model. On this basis four different generic scenarios were analysed with respect to security and practicability: secure boot, secure storage, remote attestation and data migration. A variety of security problems and inconsistencies was found. Subsequently, the TPM specification was adapted to overcome the problems identified. In this paper, the analysis of the remote attestation scenario and some of the problems found are explained in more detail.

Security Analysis of (Un-) Fair Non-repudiation Protocols

An approach to protocol analysis using asynchronous product automata (APA) and the simple homomorphism verification tool (SHVT) is demonstrated on several variants of the well known Zhou-Gollmann fair non-repudiation protocol. Attacks on these protocols are presented, that, to our knowledge, have not been published before. Finally, an improved version of the protocol is proposed.

Covert Identity Information in Direct Anonymous Attestation (DAA)

Direct anonymous attestation (DAA) is a practical and efficient protocol for authenticated attestation with satisfaction of strong privacy requirements. This recently developed protocol is already adopted by the Trusted Computing Group and included in the standardized trusted platform module TPM. This paper shows that the main privacy goal of DAA can be violated by the inclusion of covert identity information. This problem is very relevant, as the privacy attack is both efficient and very difficult to detect.

Security Digital Evidence

Non-repudiation of digital evidence is required by various use cases in today’s business cases for example in the area of medical products but also in public use cases like congestion charges. These use cases have in common that at a certain time an evidence record is generated to attest for the occurrence of a certain event. To allow for non-repudiation of such an evidence record it is required to provide evidence on the used device itself, its configuration, and the software running at the time of the event. Digital signatures as used today provide authenticity and integrity of the evidence record. However the signature gives no information about the state of the Measurement Instrument at the time of operation. The attestation of the correct operation of the evidence collector is discussed in this paper and an implemented solution is presented.

A business process-driven approach to security engineering

A challenging task in security engineering concerns the specification and integration of security with other requirements at the top level of requirements engineering. Empirical studies show that it is common that end users are able to express their security needs at the business process level. Since many security requirements originate at this level, it is natural to try to capture and express them within the context of business models where end users feel most comfortable and where they conceptually belong. In this paper, we develop these views, present an ongoing work intended to create a UML-based and business process-driven framework for the development of security-critical systems and propose an approach to a rigorous treatment of security requirements supported by formal methods.

Secure Web Service Workflow Execution

In this paper we identify specific security requirements for distributed workflows and provide a decentralized workflow execution mechanism that ensures their satisfaction. With our composition concept we ensure that each web service can access only the information which is needed for the correct execution of the invoked operations and we provide an execution proof of the fulfilled assignments. Our approach relies on a data structure, called process slip, which is passed among the web services participating in the composition.

Trust infrastructures for future energy networks

Efficient use and distribution in future energy infrastructures largely depend on distributed control, metering and accounting functionalities. In such a Smart Grid essential components are distributed over the complete infrastructure, in particular parts of the infrastructure will be placed under possibly hostile end-users control. Thus, the dependability of the Smart Grid depends on the security of every component deployed. Considering the large variety of known attacks on IT infrastructures proper protection mechanisms need to be considered already in the early design of Smart Grid architecture and their components. The notion of Trusted Computing established in the PC area can also be used in Smart Grids to establish trust among all involved stakeholders and to ensure the proper functioning of devices. This paper discusses relevant security requirements and introduces a vision of a security infrastructure for energy networks built on hardware trust anchors.

Security engineering for embedded systems: the SecFutur vision

Security is usually not in the main focus in the development of embedded systems. However, strongly interconnected embedded systems play vital roles in many everyday processes and also in industry and critical infrastructures. Therefore, security engineering for embedded systems is a discipline that currently attracts more interest. This paper presents the vision of security engineering for embedded systems formulated by the FP7 project SecFutur [1].

Secure Digital Chains of Evidence

Computers, mobile phones, embedded devices and other components of IT systems can often be easily manipulated. Therefore, in forensic use of digital evidence it is necessary to carefully check that the probative force of the evidence is sufficient. For applications where critical processes can lead to disputes and resolving disputed relies on digital evidence one open question is how to build the system in a way that secure digital evidence is available. This paper introduces the notion of secure digital chains of evidence and proposes a high-level architecture for systems that can provide such chains of evidence. Finally, possible building blocks are explored for the realisation of a distributed and heterogeneous system with support for secure digital chains of evidence.

On the Security of Fair Non-repudiation Protocols

We analyzed two non-repudiation protocols and found some new attacks on the fairness and termination property of these protocols. Our attacks are enabled by several inherent design weaknesses, which also apply to other non-repudiation protocols. To prevent these attacks, we propose generic countermeasures that considerably strengthen the design and implementation of non-repudiation protocols. The application of these countermeasures is finally shown by our construction of a new fair non-repudiation protocol.