Section: Partnerships and Cooperations

National Initiatives

CNRS

CNRS PEPS INS2I 2016-2018 project ASSI Analyse de Sécurité de Systèmes Industriels, duration: 2 years, leader: Pascal Lafourcade (Univ Clermont-Ferrand), participant Pesto: Jannik Dreier, other participants: Marie-Laure Potet, Maxime Puys (Univ Grenoble-Alpes).

The goal of the project is to develop an approach to verify protocols used in industrial control (SCADA) systems using tools such as TAMARIN or ProVerif. These protocols have specific security requirements such as flow integrity, going beyond the classical authentication and secrecy properties. The project also aims at analyzing different intruder models matching the particularities of industrial systems, and to develop specific modeling and verification techniques.

ANR

• ANR SEQUOIA Security properties, process equivalences and automated verification, duration: 4 years, since October 2014, leader: Steve Kremer, other partners: ENS Cachan, Univ Luxembourg. Most protocol analysis tools are restricted to analyzing reachability properties while many security properties need to be expressed in terms of some process equivalences. The increasing use of observational equivalence as a modeling tool shows the need for new tools and techniques that are able to analyze such equivalence properties. The aims of this project are (i) to investigate which process equivalences — among the plethora of existing ones — are appropriate for a given security property, system assumptions and attacker capabilities; (ii) to advance the state of the art of automated verification for process equivalences, allowing for instance support for more cryptographic primitives, relevant for case studies; (iii) to study protocols that use low-entropy secrets expressed using process equivalences; (iv) to apply these results to case studies from electronic voting.

• ANR TECAP Protocol Analysis — Combining Existing Tools, duration: 4 years, starting in 2018, leader: Vincent Cheval, other partners: ENS Cachan, Inria Paris, Inria Sophia Antipolis, IRISA, LIX. Despite the large number of automated verification tools, several cryptographic protocols (e.g. stateful protocols) still represent a real challenge for these tools and reveal their limitations. To cope with these limits, each tool focuses on different classes of protocols depending on the primitives, the security properties, etc. Moreover, the tools cannot interact with each other as they evolve in their own model with specific assumptions. The aim of this project is to get the best of all these tools, that is, to improve the theory and implementations of each individual tool towards the strengths of the others and to build bridges that allow the cooperations of the methods/tools. We will focus in this project on CryptoVerif, EasyCrypt, Scary, ProVerif, TAMARIN, Akiss and APTE. In order to validate the results obtained in this project, we will apply our results to several case studies such as the Authentication and Key Agreement protocol from the telecommunication networks, the Scytl and Helios voting protocols, and the low entropy 3D-Secure authentication protocol. These protocols have been chosen to cover many challenges that the current tools are facing.

Fondation MAIF

Project Protection de l'information personnelle sur les réseaux sociaux, from October 2014 to March 2018. The goal of the project is to lay the foundation for a risk verification environment on privacy in social networks. Given social relations, this environment will rely on the study of metrics to characterize the security level for a user. Next, by combining symbolic and statistical techniques, our objective is to synthesize a model of risk behavior as a rule base. Finally, a verifier based on model-checking will be developed to assess the security level of user. The partners are Pesto (leader), Orpailleur and Fondation MAIF.