Mohamed Mejri

A new logic for electronic commerce protocols

The primary objective of this paper is to present the definition of a new dynamic, linear and modal logic for security protocols. The logic is compact, expressive and formal. It allows the specification of classical security properties (authentication, secrecy and integrity) and also electronic commerce properties (non-repudiation, anonymity, good atomicity, money atomicity, certified delivery, etc.). The logic constructs are interpreted over a trace-based model. Traces reflect valid protocol executions in the presence of a malicious smart intruder. The logic is endowed with a tableau-based proof system that leads to a modular denotational semantics.

Formal automatic verification of authentication cryptographic protocols

We address the formal analysis of authentication cryptographic protocols. We present a new verification algorithm that generates from the protocol description the set of possible flaws, if any, as well as the corresponding attack scenarios. This algorithm does not require any property or invariant specification. The algorithm involves three steps: extracting the protocol roles, modeling the intruder abilities and verification. In addition to the classical known intruder computational abilities such as encryption and decryption, we also consider those computations that result from different instrumentations of the protocol. The intruder abilities are modeled as a deductive system. The verification is based on the extracted roles as well as the deductive system. It consists in checking whether the intruder can answer all the challenges uttered by a particular role. If it is the case, an attack scenario is automatically constructed. The extracted proof system does not ensure the termination of deductions. For that purpose, we present a general transformation schema that allows one to automatically rewrite the non-terminating proof system into a terminating one. The transformation schema is shown to be correct. To exemplify the usefulness and efficiency of our approach, we illustrate it on the Woo and Lam (1992) authentication protocol. Abadi and Needham have shown that the protocol is insecure and they proposed a new corrected version. Thanks to this method we have discovered new unknown flaws in the Woo and Lam protocol and in the corrected version of Abadi and Needham.

Formal Analysis of SET and NSL Protocols Using the Interpretation Functions-Based Method

Most applications in the Internet such as e-banking and e-commerce use the SET and the NSL protocols to protect the communication channel between the client and the server. Then, it is crucial to ensure that these protocols respect some security properties such as confidentiality, authentication, and integrity. In this paper, we analyze the SET and the NSL protocols with respect to the confidentiality (secrecy) property. To perform this analysis, we use the interpretation functions-based method. The main idea behind the interpretation functions-based technique is to give sufficient conditions that allow to guarantee that a cryptographic protocol respects the secrecy property. The flexibility of the proposed conditions allows the verification of daily-life protocols such as SET and NSL. Also, this method could be used under different assumptions such as a variety of intruder abilities including algebraic properties of cryptographic primitives. The NSL protocol, for instance, is analyzed with and without the homomorphism property. We show also, using the SET protocol, the usefulness of this approach to correct weaknesses and problems discovered during the analysis.

Secrecy of cryptographic protocols under equational theory

This paper gives a novel approach to verify the secrecy property of cryptographic protocols under equational theories. Indeed, by using the notion of interpretation functions, this paper presents some sufficient and practical conditions allowing to guarantee the secrecy property of cryptographic protocols under any equational theory. An interpretation function is a safe means by which an agent can estimate the security level of message components that he receives so that he can handle them correctly. Also, this paper proves that polynomials help a lot with the construction of an interpretation function and gives a guideline on how to construct such functions together with an example and how to use it to analyse a cryptographic protocol.

An environment for the specification and analysis of cryptoprotocols

We present the environment CPV (Cryptographic Protocol Verifier), a tool-set for the specification and analysis of cryptographic protocols. The CPV environment is based on the LSFM method that has been advanced as a formal, automatic and implicit verification method for security protocols. We recall briefly the essence of this method and present the architecture of the CPV environment. We discuss its main software components and detail the key issues in its implementation. Finally, we illustrate the LSFM method and the CPV environment on two case studies.

Using Edit Automata for Rewriting-Based Security Enforcement

Execution monitoring (EM) is a widely adopted class of security mechanisms. EM-enforceable security properties are usually characterized by security automata and their derivatives. However Edit automata (EA) have been recently proposed to specify more powerful EMs. Being able to feign the execution of sensitive program actions, these EMs are supposed to enforce more security properties. However, feigning program actions will usually make the program behaving in discordance with its specification since the effects of feigned actions are not reflected in the program states. In this paper we highlight this problem and show how program rewriting can be a reliable enforcement alternative. The paper contribution is mainly a semantics foundation for program rewriting enforcement of EA-enforceable security properties.

Fast and Effective Clustering of Spam Emails Based on Structural Similarity

Spam emails yearly impose extremely heavy costs in terms of time, storage space and money to both private users and companies. Finding and persecuting spammers and eventual spam emails stakeholders should allow to directly tackle the root of the problem. To facilitate such a difficult analysis, which should be performed on large amounts of unclassified raw emails, in this paper we propose a framework to fast and effectively divide large amount of spam emails into homogeneous campaigns through structural similarity. The framework exploits a set of 21 features representative of the email structure and a novel categorical clustering algorithm named Categorical Clustering Tree (CCTree). The methodology is evaluated and validated through standard tests performed on three dataset accounting to more than 200k real recent spam emails.

Clustering spam emails into campaigns

Spam emails constitute a fast growing and costly problems associated with the Internet today. To fight effectively against spammers, it is not enough to block spam messages. Instead, it is necessary to analyze the behavior of spammer. This analysis is extremely difficult if the huge amount of spam messages is considered as a whole. Clustering spam emails into smaller groups according to their inherent similarity, facilitates discovering spam campaigns sent by a spammer, in order to analyze the spammer behavior. This paper proposes a methodology to group large sets of spam emails into spam campaigns, on the base of categorical attributes of spam messages. A new informative clustering algorithm, named Categorical Clustering Tree (CCTree), is introduced to cluster and characterize spam campaigns. The complexity of the algorithm is also analyzed and its efficiency has been proven.

Security by typing

We present an approach for analyzing cryptographic protocols that are subject to attack from an active intruder who takes advantage of knowledge of the protocol rules. The approach uses a form of type system in which types are communication steps and typing constraints characterize all the messages available to the intruder. This reduces verification of authentication and secrecy properties to a typing problem in our type system. We present the typing rules, prove soundness of a type inference algorithm, and establish the correctness of the typing rules with respect to the protocol execution and intruder actions. The protocol specifications used in the approach can be automatically extracted from the conventional, informal cryptographic protocol notation commonly found in the literature. To validate the approach, we implement our algorithm in a tool called DYMNA, which is a practical and efficient environment for the specification and analysis of cryptographic protocols.

The Theory of Witness-Functions

Cryptographic protocols are distributed programs that ensure security in all communications. They guarantee agents authentication, data confidentiality, data integrity, atomicity of goods and money, non-repudiation, etc. They are used in all areas: e-commerce, military fields, electronic voting, etc. The use of cryptography is essential to ensure protocols’ security, however, it is not sufficient. Indeed, in the literature, a significant number of cryptographic protocols have long been considered safe, but they were shown faulty many years after their use. Saying that a protocol is correct or not is an undecidable problem in general. However, several methods (logic-based methods, Model-Checking-based methods, typing-based methods, etc.) have emerged to answer this hard question under restrictive assumptions and led to varying results. Here, we present a new formal method to analyze cryptographic protocols statically for the property of secrecy. It consists in inspecting the level of security of every component of exchanged messages in the protocol by new metrics, called witness-functions, and making sure that it does not diminish during its life cycle. If yes, we declare that the protocol keeps its secret inputs. We analyze here an amended version of the Woo-Lam protocol using the witness-functions’ theory.