Naipeng Dong

Analysis of a receipt-free auction protocol in the applied pi calculus

We formally study two privacy-type properties for online auction protocols: bidding-price-secrecy and receipt-freeness. These properties are formalised as observational equivalences in the applied π calculus. We analyse the receipt-free auction protocol by Abe and Suzuki. Bidding-price-secrecy of the protocol is verified using ProVerif, whereas receipt-freeness of the protocol is proved manually.

Challenges in ehealth: from enabling to enforcing privacy

Privacy is recognised as a fundamental requirement for eHealth systems. Proposals to achieve privacy have been put forth in literature, most of which approach patient privacy as either an access control or an authentication problem. In this paper, we investigate privacy in eHealth as a communication problem, since future eHealth systems will be highly distributed and require interoperability of many sub-systems. In addition, we research privacy needs for others than patients. In our study, we identify two key privacy challenges in eHealth: enforced privacy and privacy in the presence of others. We believe that these privacy challenges are vital for secure eHealth systems, and more research is needed to understand these challenges. We propose to use formal techniques to understand and define these new privacy notions in a precise and unambiguous manner, and to build an efficient verification framework.

Formal Analysis of Privacy in an eHealth Protocol

Given the nature of health data, privacy of eHealth systems is of prime importance. An eHealth system must enforce that users remain private, even if they are bribed or coerced to reveal themselves or others. Consider e.g. a pharmaceutical company that bribes a pharmacist to reveal information which breaks a doctor’s privacy. In this paper, we identify and formalise several new but important privacy notions on enforcing doctor privacy. Then we analyse privacy of a complicated and practical eHealth protocol. Our analysis shows to what extent these properties as well as properties such as anonymity and untraceability are satisfied by the protocol. Finally, we address the found ambiguities resulting in privacy flaws, and propose suggestions for fixing them.

Enforcing Privacy in the Presence of Others: Notions, Formalisations and Relations

Protecting privacy against bribery/coercion is a necessary requirement in electronic services, like e-voting, e-auction and e-health. Domain-specific privacy properties have been proposed to capture this. We generalise these properties as enforced privacy: a system enforces a user’s privacy even when the user collaborates with the adversary. In addition, we account for the influence of third parties on a user’s privacy. Third parties can help to break privacy by collaborating with the adversary, or can help to protect privacy by cooperating with the target user. We propose independency of privacy to capture the negative privacy impact that third parties can have, and coalition privacy to capture their positive privacy impact. We formally define these privacy notions in the applied pi calculus and build a hierarchy showing their relations.

Formal modelling and analysis of receipt-free auction protocols in applied pi

We formally study two privacy-type properties for e-auction protocols: bidding-price-secrecy and receipt-freeness. These properties are formalised as observational equivalences in the applied pi calculus. We analyse two receipt-free auction protocols: one proposed by Abe and Suzuki in 2002 (AS02) and the other by Howlader etal. in 2014 (HRM14). Bidding-price-secrecy of the AS02 protocol is verified using the automatic verifier ProVerif, whereas receipt-freeness of the two protocols, as well as bidding-price-secrecy of the HRM14 protocol, are proved manually.

Verification of Nash-Equilibrium for Probabilistic BAR Systems

A BAR system specifies a cooperation between agents who can be altruistic when they follow the specified behaviours, Byzantine when they randomly deviate from specifications and rational when they deviate to increase their own benefits. We consider whether a rational agent indeed follows the specification of a probabilistic BAR system as verifying whether the system is a Nash-equilibrium in the corresponding stochastic games. In this article, we propose an intuitive specification for probabilistic BAR systems and an algorithm to automatically verify Nash-equilibrium. To validate our implementation of the algorithm, we present two case studies – the three-player Rock-paper-scissors game and a probabilistic secret sharing protocol.

Verification of Strong Nash-equilibrium for Probabilistic BAR Systems

Verifying whether rational participants in a BAR system (a distributed system including Byzantine, Altruistic and Rational participants) would deviate from the specified behaviour is important but challenging. Existing works consider this as Nash-equilibrium verification in a multi-player game. If the game is probabilistic and non-terminating, verifying whether a coalition of rational players would deviate becomes even more challenging. There is no automatic verification algorithm to address it. In this article, we propose a formalization to capture that coalitions of rational players do not deviate, following the concept of Strong Nash-equilibrium (SNE) in game-theory, and propose a model checking algorithm to automatically verify SNE of non-terminating probabilistic BAR systems. We implemented a prototype and evaluated the algorithm in three case studies.

A Framework for Formal Analysis of Privacy on SSO Protocols

Single Sign-on (SSO) protocols, which allow a website to authenticate its users via accounts registered with another website, are forming the basis of user identity management in contemporary websites. Given the critical role they are playing in safeguarding the privacy-sensitive web services and user data, SSO protocols deserve a rigorous formal verification. In this work, we provide a framework facilitating formal modeling of SSO protocols and analysis of their privacy property. Our framework incorporates a formal model of the web infrastructure (e.g., network and browsers), a set of attacker models (e.g., malicious IDP) and a formalization of the privacy property with respect to SSO protocols. Our analysis has identified a new type of attack that allows malicious participants to learn which websites the victim users have logged in to.

App genome: callback sequencing in Android

Recent analysis shows that the callback sequences are of great importance in the analysis of Android applications (apps for short), due to the apps event-driven nature. However, existing works only extract a part of the callback sequences, depending on the need for their specific properties. We propose App Genome sequencing, an automatic fine-grained callback extraction, covering lifecycle and non-lifecycle, inner-and inter-component callback relations, as well as related attributes, including global objects and operations, along the callback sequences. The extracted App Genome facilitates more complete analysis of Android apps, since it contains more callback sequences and data information, than existing works. We use a process algebra called CSP# to represent the App Genome. We implement our method as a tool, which takes an app as input, automatically generates the CSP# model of the App Genome and automatically invokes the model checker to verify a given property.

Inferring Implicit Assumptions and Correct Usage of Mobile Payment Protocols

Although mobile shopping has risen rapidly as mobile devices become the dominant portal to the Internet, it remains challenging for a developer of mobile shopping Apps to implement a correct and secure payment protocol. This can be partly attributed to the misunderstanding, confusion of responsibility and implicit assumptions among multiple separate participants of the payment protocols, which involve at least users, merchants and third-party cashiers (e.g., PayPal). In addition, the documentation of the payment SDK which is written in informal natural languages is often inaccurate, ambiguous and incomplete, such that the developers might be confused. In this paper, we seek to infer the correct usage and hidden assumptions of the most commonly used mobile payment libraries, i.e., PayPal and Visa Checkout. Our approach starts with building mobile checkout systems strictly following the documents of PayPal SDK and Visa Checkout SDK. Afterwards, we propose an algorithm to automatically generate test cases embedding different attacker models to check the correctness and security of the payment procedure. During the testing, our algorithm analyzes the security violations so as to infer the correct usage of these payment libraries. Using our approach, we have successfully found several non-trivial hidden assumptions and bugs in these two payment libraries.