Section: Partnerships and Cooperations

National Initiatives

CNRS

• CNRS PEPS JCJC INS2I 2016 project VESPA Verifying Equivalence Security in Protocols: Tools and Algorithms, duration: 1 year, leader: Jannik Dreier, participant: Vincent Cheval.

  Privacy-related notions such as unlinkability and anonymity are usually expressed as equivalence properties, which are notoriously difficult to prove. Due to the complexity of the protocols and the properties, tool support is a must, yet currently rather limited. Notably, there is currently no tool that can verify unlinkability of the electronic passport for an unbounded number of sessions, or anonymity in certain classic electronic cash protocols. The goal of this project is to enable the proofs for these and similar protocols using two complementary approaches: (1) by significantly advancing the state of the art of the algorithms used inside the tools to improve handling of branching and cryptographic primitives, and (2) by providing new reduction results that simplify the tools' inputs.

• CNRS PEPS INS2I 2016 project ASSI Analyse de Sécurité de Systèmes Industriels, duration: 1 year, leader: Pascal Lafourcade (Université Clermont-Ferrand), participant PESTO: Jannik Dreier, other participants: Marie-Laure Potet, Maxime Puys (University Grenoble-Alpes).

  The goal of the project is to develop an approach to verify protocols used in industrial control (SCADA) systems using tools such as TAMARIN or ProVerif. These protocols have specific security requirements such as flow integrity, going beyond the classical authentication and secrecy properties. The project also aims at analyzing different intruder models matching the particularities of industrial systems, and to develop specific modeling and verification techniques.

ANR

• ANR SEQUOIA Security properties, process equivalences and automated verification, duration: 4 years, since October 2014, leader: Steve Kremer. Most protocol analysis tools are restricted to analyzing reachability properties while many security properties need to be expressed in terms of some process equivalence. The increasing use of observational equivalence as a modeling tool shows the need for new tools and techniques that are able to analyze such equivalence properties. The aims of this project are (i) to investigate which process equivalences – among the plethora of existing ones – are appropriate for a given security property, system assumptions and attacker capabilities; (ii) to advance the state-of-the-art of automated verification for process equivalences, allowing for instance support for more cryptographic primitives, relevant for case studies; (iii) to study protocols that use low-entropy secrets expressed using process equivalences; (iv) to apply these results to case studies from electronic voting.

Fondation MAIF

Project Protection de l'information personnelle sur les réseaux sociaux, duration: 3 years, started in October 2014. The goal of the project is to lay the foundation for a risk verification environment on privacy in social networks. Given social relations, this environment will rely on the study of metrics to characterize the security level for a user. Next, by combining symbolic and statistical techniques, an objective is to synthesize a model of risk behavior as a rule base. Finally, a verifier à la model-checking will be developed to assess the security level of user. Partners are Pesto (leader), Orpailleur and Fondation Maif.