Use this URL to cite or link to this record in EThOS:
Title: Component-based security under partial compromise
Author: Dehnel-Wild, Martin
ISNI:       0000 0004 7654 1057
Awarding Body: University of Oxford
Current Institution: University of Oxford
Date of Award: 2018
Availability of Full Text:
Access from EThOS:
Full text unavailable from EThOS. Please try the link below.
Access from Institution:
In our increasingly connected world, daily life depends on the correct and unimpaired operation of the computers controlling our infrastructure. These systems are increasingly complex, both within the computers themselves, and in the communications between them that create larger systems. This complexity increases both functionality and potential vulnerability. In turn, this makes ensuring the security of these critical systems simultaneously harder and more important than ever. Ensuring that systems are not meaningfully vulnerable to attack requires a wide range of techniques. During design and implementation, the foremost of these is formal verification. Large, real-world systems and protocols made up of multiple computers or components are rarely designed with verification or analysis in mind. By the same token, these same systems have very often proved tricky to analyse formally. Can we meaningfully verify the security properties of large, real-world, multi-component systems, in a reasonable amount of time? Is there value in making the modelling and analysis as fine-grained as we can, or does the extra effort fail to buy us anything? Can these systems still operate correctly and securely even when partially compromised by an attacker? Can we improve the languages and tools we use to model systems under partial compromise? In this thesis, we address these questions through a mixture of theory and practice. We first consider a major power grid communications standard, DNP3. We show that its "Secure Authentication" protocols meet their security goals, and that a previously claimed attack is not possible. We then consider the security of 5G, and its main Authentication and Key-Agreement protocol. Our analysis reveals that 5G-AKA's security relies on unstated assumptions; in practice this means 'correct' implementations can be vulnerable to a security-critical race condition. Our analyses show how far we have to go in terms of resilience under partial compromise. Neither studied system fares well against attackers which control any one of its components: this is no longer acceptable in elements of critical national infrastructure, as these systems increasingly come under sophisticated attack. We then consider the formalisation of partial compromise, building the idea of an attacker controlling part of a system into models from the start. Our new techniques give approachable yet powerful ways to model a wide range of multi-component systems and protocols against fine-grained threat models. We finish with two main conclusions. First, the time is now right for formal methods. We show that precise, fine-grained modelling of complex, multi-component protocols is both possible and valuable in the real world. Second, partial compromise resilience must be built in from the start. With little hope of securing all end-points completely, it is essential that resilience is also built into the network protocols.
Supervisor: Cremers, Cas ; Martin, Andrew Sponsor: Not available
Qualification Name: Thesis (Ph.D.) Qualification Level: Doctoral
EThOS ID:  DOI: Not available