A Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email

VAZQUEZ SANDOVAL, Itzel; LENZINI, Gabriele

doi:10.1007/978-3-030-39749-4_11

Communication publiée dans un ouvrage (Colloques, congrès, conférences scientifiques et actes)

A Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email

VAZQUEZ SANDOVAL, Itzel; LENZINI, Gabriele

2019 • In Emerging Technologies for Authorization and Authentication

Peer reviewed

Permalien
https://hdl.handle.net/10993/40580

DOI
10.1007/978-3-030-39749-4_11

Documents (1)Envoyer vers Détails Statistiques Bibliographie Publications similaires

Documents

Texte intégral

14.pdf

Postprint Auteur (727.13 kB)

Télécharger

The final authenticated version is available online at https://doi.org/10.1007/978-3-030-39749-4_11.

Tous les documents dans ORBilu sont protégés par une licence d'utilisation.

Envoyer vers

RIS BibTex APA Chicago Permalink X Linkedin

Détails

Mots-clés :

formal verification; authentication protocols; software security analysis; privacy-by-default; secure email; end-to-end encryption

Résumé :

[en] To send encrypted emails, users typically need to create and exchange keys which later should be manually authenticated, for instance, by comparing long strings of characters. These tasks are cumbersome for the average user. To make more accessible the use of encrypted email, a secure email application named pEp automates the key management operations; pEp still requires the users to carry out the verification, however, the authentication process is simple: users have to compare familiar words instead of strings of random characters, then the application shows the users what level of trust they have achieved via colored visual indicators. Yet, users may not execute the authentication ceremony as intended, pEp's trust rating may be wrongly assigned, or both. To learn whether pEp's trust ratings (and the corresponding visual indicators) are assigned consistently, we present a formal security analysis of pEp's authentication ceremony. From the software implementation in C, we derive the specifications of an abstract protocol for public key distribution, encryption and trust establishment; then, we model the protocol in a variant of the applied pi calculus and later formally verify and validate specific privacy and authentication properties. We also discuss alternative research directions that could enrich the analysis.

Disciplines :

Sciences informatiques

Auteur, co-auteur :

VAZQUEZ SANDOVAL, Itzel ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

LENZINI, Gabriele ; University of Luxembourg > Interdisciplinary Centre for Security, Reliability and Trust (SNT)

Co-auteurs externes :

Langue du document :

Anglais

Titre :

A Formal Security Analysis of the pEp Authentication Protocol for Decentralized Key Distribution and End-to-End Encrypted Email

Date de publication/diffusion :

2019

Nom de la manifestation :

2nd International Workshop on Emerging Technologies for Authorization and Authentication - ESORICS International Workshops

Lieu de la manifestation :

Luxembourg, Luxembourg

Date de la manifestation :

27-09-2019

Manifestation à portée :

International

Titre de l'ouvrage principal :

Emerging Technologies for Authorization and Authentication

Maison d'édition :

Springer

Peer reviewed :

Peer reviewed

Focus Area :

Security, Reliability and Trust

URL complémentaire :

https://doi.org/10.1007/978-3-030-39749-4_11

Disponible sur ORBilu :

depuis le 02 octobre 2019

Statistiques

Nombre de vues

318 (dont 20 Unilu)

Nombre de téléchargements

194 (dont 4 Unilu)

Voir plus de statistiques

citations Scopus^®

citations Scopus^®
sans auto-citations

OpenCitations

citations OpenAlex

Bibliographie

OpenPGP. https://www.openpgp.org/
PGP word list. https://en.wikipedia.org/wiki/PGP word list
Signal technical specifications. https://signal.org/docs/
Abadi, M., Fournet, C.: Mobile values, new names, and secure communication. In: Acm Sigplan Notices, vol. 36, pp. 104–115. ACM (2001)
Basin, D., Cremers, C., Dreier, J., Meier, S., Sasse, R., Schmidt, B.: Tamarin prover. https://tamarin-prover.github.io/
Basin, D., Cremers, C., Meier, S.: Provably repairing the ISO/IEC 9798 standard for entity authentication. J. Comput. Secur. 21(6), 817–846 (2013)
Basin, D., Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R., Stettler, V.: A formal analysis of 5G authentication. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security, pp. 1383–1396. ACM (2018)
Basin, D., Radomirovic, S., Schmid, L.: Modeling human errors in security protocols. In: 2016 IEEE 29th Computer Security Foundations Symposium (CSF), pp. 325–340. IEEE (2016)
Blanchet, B.: An efficient cryptographic protocol verifier based on prolog rules. In: 14th IEEE Computer Security Foundations Workshop, pp. 82–96. IEEE (2001)
Blanchet, B.: Security protocol verification: symbolic and computational models. In: Degano, P., Guttman, J.D. (eds.) POST 2012. LNCS, vol. 7215, pp. 3–29. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-28641-4 2
Clark, J., van Oorschot, P.C., Ruoti, S., Seamons, K., Zappala, D.: Securing email. arXiv preprint arXiv:1804.07706 (2018)
Cohn-Gordon, K., Cremers, C., Dowling, B., Garratt, L., Stebila, D.: A formal security analysis of the signal messaging protocol. In: 2017 IEEE European Symposium on Security and Privacy (EuroS&P), pp. 451–466. IEEE (2017)
Cremers, C.: Key exchange in IPsec revisited: formal analysis of IKEv1 and IKEv2. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 315–334. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-23822-2 18
Dechand, S., Schürmann, D., Busse, K., Acar, Y., Fahl, S., Smith, M.: An empirical study of textual key-fingerprint representations. In: 25th {USENIX} Security Symposium ({USENIX} Security 16), pp. 193–208 (2016)
Dolev, D., Yao, A.C.: On the security of public key protocols. In: Proceedings of the 22nd Annual Symposium on Foundations of Computer Science, SFCS 1981, pp. 350–357. IEEE Computer Society, Washington, DC (1981)
Dreier, J., Hirschi, L., Radomirovic, S., Sasse, R.: Automated unbounded verification of stateful cryptographic protocols with exclusive OR. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), pp. 359–373. IEEE (2018)
(IETF), I.E.T.F.: IANA registration of trustword lists. https://tools.ietf.org/html/draft-birk-pep-trustwords-03
(IETF), I.E.T.F.: pretty Easy privacy (pEp): privacy by default. https://www.ietf. org/id/draft-birk-pep-03.txt
Lowe, G.: Breaking and fixing the Needham-Schroeder Public-Key Protocol using FDR. In: Margaria, T., Steffen, B. (eds.) TACAS 1996. LNCS, vol. 1055, pp. 147– 166. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-61042-1 43
Lowe, G.: A hierarchy of authentication specifications. In: Proceedings 10th Computer Security Foundations Workshop, pp. 31–43. IEEE (1997)
Mauw, S., Cremers, C.: Operational Semantics and Verification of Security Protocols. Springer, Heidelberg (2012)
Pretty Easy Privacy: pep source code. https://pep.foundation/pep-software/index. html
Pretty Easy Privacy: pep user documentation. https://www.pep.security/docs/index.html
The Radicati Group: Email Statistics Report, 2018–2022. Technical report (2018)
Unger, N., et al.: SoK: secure messaging. In: 2015 IEEE Symposium on Security and Privacy, pp. 232–249. IEEE (2015)
Vazquez-Sandoval, I., Lenzini, G.: Experience report: how to extract security pro-tocols’ specifications from C libraries. In: IEEE 42nd Annual COMPSAC 2018, Tokyo, Japan, Vol. 2, pp. 719–724 (2018)
Whitten, A., Tygar, J.D.: Why Johnny can’t encrypt: a usability evaluation of PGP 5.0. In: USENIX Security Symposium, vol. 348 (1999)
Zimmermann, P.R.: The Official PGP User’s Guide. MIT Press, Cambridge (1995)