|
|
|
| e-Pub |
Previous | 
Home
Section: New Results
Design
E-voting protocols
Participants : Véronique Cortier, Alicia Filipiak.
Building upon a recently proposed voting scheme, BeleniosRF, we design a new voting scheme that ensures both verifiability and privacy against a compromised voting machine, as well as a compromised voting server. It assumes that the voter has two devices: one computer for casting a vote and another device (typically a smartphone or a tablet) to, optionally, audit the material (a voting sheet) sent to the voter. Neither the computer nor the smartphone learns how the voter voted unless they collude. The resulting protocol has been formally analysed in ProVerif w.r.t. both verifiability and privacy. Analysing verifiability in ProVerif cannot be done directly as it would require counting. Instead, we propose a set of properties that can be handled by ProVerif and that entail verifiability. This work is one of the contribution of the thesis manuscript of Alicia Filipiak and will be submitted.
Designing and proving an EMV-compliant payment protocol for mobile devices
Participants : Véronique Cortier, Alicia Filipiak.
In collaboration with Gharout, Traoré and Florent (Orange Labs), we devised a payment protocol that can be securely used on mobile devices, even infected by malicious applications. Our protocol only requires a light use of Secure Elements, which significantly simplifies certification procedures and protocol maintenance. It is also fully compatible with the EMV-SDA protocol and allows off-line payments for the users. We provide a formal model and full security proofs of the protocol using the TAMARIN prover. This work has been presented at EuroS&P'17 [22].
Composition and design of PKIs
Participants : Vincent Cheval, Véronique Cortier.
In protocol analysis one makes the (strong) assumption that honestly generated keys are available to all parties and that the link between identities and public keys is fixed and known to everyone. The abstraction is grounded in solid intuition but there are currently no theoretical underpinnings to justify its use. Cheval and Cortier, in collaboration with Warinschi (Univ Bristol, UK), initiate a rigorous study of how to use PKIs within other protocols, securely. They first show that the abstraction outlined above is in general unsound by exhibiting a simple protocol which is secure with idealized key distribution but fails in the presence of more realistic PKI instantiation. Their main result is a generic composition theorem that identifies under which conditions protocols that require public keys can safely use any PKI protocol (which satisfies a security notion which we identify). Interestingly, unlike most existing composition results in symbolic models they do not require full tagging of the composed protocols. Furthermore, the results confirm the recommended practice that keys used in the PKI should not be used for any other cryptographic task. This work has been presented at CSF'17 [19].
Privacy Protection in Social Networks
Participants : Younes Abid, Hector Dang-Nhu, Andrii Dychka, Abdessamad Imine, Michaël Rusinowitch, Valentin Salquebre.
In order to demonstrate privacy threats in social networks we show how to infer user preferences by random walks in a multiple graph representing simultaneously attributes and relationships links. For the approach to scale in a first phase we reduce the space of attribute values by partition in balanced homogeneous clusters. Following the Deepwalk approach, the random walks are considered as sentences. Hence unsupervised learning techniques from natural languages processing can be employed in a second phase to deduce semantic similarities of some attributes. We conduct initial experiments on real datasets to evaluate our approach. This work was presented at DEXA'17 [15].
Compressed and Verifiable Filtering Rules in Software-defined Networking
Participants : Haftay Gebreslasie Abreha, Michaël Rusinowitch.
In a joint project with EPI Madynes and Cynapsys, we are starting to work on the design, implementation and evaluation of multi-masked techniques for building a compressed and a verifiable filtering rules in Software Defined Networks with the possibility of distributing the workload processing among several packet filtering devices operating in parallel.