Page d'accueil // SnT // News & E... // PhD Defense: A Multifaceted Formal Analysis of End-to-End Encrypted Email Protocols and Cryptographic Authentication Enhancements

PhD Defense: A Multifaceted Formal Analysis of End-to-End Encrypted Email Protocols and Cryptographic Authentication Enhancements

twitter linkedin facebook email this page
Add to calendar
Conférencier : Itzel Vazquez Sandoval
Date de l'événement : mardi 03 novembre 2020 14:30 - 16:00

Please click on this link to both register and connect on the day of the event.

Members of the defense committee:

  • Prof. Dr Peter Y. A. Ryan, University of Luxembourg, Chairman
  • Prof. Dr Luca Vigano', King's College London, UK, Deputy Chairman
  • A-Prof. Dr Gabriele Lenzini, University of Luxembourg, Supervisor
  • Prof. Dr Fabio Martinelli, IIT CNR, Pisa, Italy, Member
  • Prof. Dr Pascal LAFOURCADE, Université Clermont Auvergne - LIMOS, Aubière Cedex, France, Member
  • Dr Volker BIRK, Pretty Easy Privacy (pEp Security), Winterthur, Switzerland, Expert

Abstract:
Largely owing to cryptography, modern messaging tools (e.g., Signal) have reached a considerable degree of sophistication, balancing advanced security features with high usability. This has not been the case for email, which however, remains the most pervasive and interoperable form of digital communication. As sensitive information (e.g., identification documents, bank statements, or the message in the email itself) is frequently exchanged by this means, protecting the privacy of email communications is a justified concern, which has been emphasized in the last years.
A great deal of effort has gone into the development of tools and techniques for providing email communications with privacy and security, requirements that were not originally considered. Yet, drawbacks across several dimensions hinder the development of a global solution that would strengthen security while maintaining the standard features that we expect from email clients.
In this thesis, we present improvements to security in email communications. Relying on formal methods and cryptography, we design and assess security protocols and analysis techniques, and propose enhancements to implemented approaches for end-to-end secure email communication.
In the first part, we propose a methodical process relying on code reverse engineering, which we use to abstract the specifications of two end-to-end security protocols from a secure email solution (called pEp); then, we apply symbolic verification techniques to analyze such protocols with respect to privacy and authentication properties. We also introduce a novel formal framework that enables a system's security analysis aimed at detecting flaws caused by possible discrepancies between the user's and the system's assessment of security. Security protocols, along with user perceptions and interaction traces, are modeled as transition systems; socio-technical security properties are defined as formulas in computation tree logic (CTL), which can then be verified by model checking. Finally, we propose a protocol that aims at securing a password-based authentication system designed to detect the leakage of a password database, from a code-corruption attack.
In the second part, the insights gained by the analysis in Part I allow us to propose both, theoretical and practical solutions for improving security and usability aspects, primarily of email communication, but from which secure messaging solutions can benefit too. The first enhancement concerns the use of password-authenticated key exchange (PAKE) protocols for entity authentication in peer-to-peer decentralized settings, as a replacement for out-of-band channels; this brings provable security to the so far empirical process, and enables the implementation of further security and usability properties (e.g., forward secrecy, secure secret retrieval). A second idea refers to the protection of weak passwords at rest and in transit, for which we propose a scheme based on the use of a one-time-password; furthermore, we consider potential approaches for improving this scheme.
The hereby-presented research was conducted as part of an industrial partnership between SnT/University of Luxembourg and pEp Security S.A.