Your search keyword '"Helen Treharne"' showing total 3 results

1. Formal Analysis and Implementation of a TPM 2.0-based Direct Anonymous Attestation Scheme

Author

Liqun Chen, Jorden Whitefield, Christopher J. P. Newton, Stephan Wesemeyer, Helen Treharne, and Ralf Sasse

Subjects

021110 strategic, defence & security studies, Authentication, Cryptographic primitive, Formal verification, Security protocols, TPM, DAA, business.industry, Computer science, 0211 other engineering and technologies, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Cryptographic protocol, Digital signature, Embedded system, 0202 electrical engineering, electronic engineering, information engineering, Direct Anonymous Attestation, Trusted Platform Module, business

Abstract

Direct Anonymous Attestation (Daa) is a set of cryptographic schemes used to create anonymous digital signatures. To provide additional assurance, Daa schemes can utilise a Trusted Platform Module (Tpm) that is a tamper-resistant hardware device embedded in a computing platform and which provides cryptographic primitives and secure storage. We extend Chen and Li's Daa scheme to support: 1) signing a message anonymously, 2) self-certifying Tpm keys, and 3) ascertaining a platform's state as recorded by the Tpm's platform configuration registers (PCR) for remote attestation, with explicit reference to Tpm2.0 API calls. We perform a formal analysis of the scheme and are the first symbolic models to explicitly include the low-level Tpm call details. Our analysis reveals that a fix pro-posed by Whitefield et al. to address an authentication attack on an Ecc-Daa scheme is also required by our scheme. Developing a fine-grained, formal model of a Daa scheme contributes to the growing body of work demonstrating the use of formal tools in supporting security analyses of cryptographic protocols. We additionally provide and benchmark an open-source C++implementation of this Daa scheme supporting both a hardware and a software Tpm and measure its performance., Proceedings of the 15th ACM Asia Conference on Computer and Communications Security, ISBN:978-1-4503-6750-9

Published

2020

2. Interactive tool support for CSP || B consistency checking.

Author

Neil Evans and Helen Treharne

Subjects

*COMPUTER systems, *AUTOMATION, *ELECTRONIC systems, *SEMANTICS

Abstract

Abstract  CSP || B is an integration of two well known formal notations: CSP and B. It provides a method for modelling systems with both complex state (described in B machines) and control flow (described as CSP processes). Consistency checking within this approach verifies that a controller process never calls a B operation outside its precondition. Otherwise the behaviour of the operation cannot be predicted. In previous work, this check was carried out by manually decomposing the model before preprocessing the CSP processes to perform a hand-written weakest precondition proof. In this paper, a framework is described that mechanises consistency checking in a theorem prover and removes the need for preprocessing. This work is based on an existing PVS embedding of the CSP traces model, but it is extended by introducing a notion of state so that the interaction between processes and machines can be analysed. Numerous rules have been defined (and proved) which enable consistency checking and decomposition via PVS proof. These rules also formally justify the relaxation of previous constraints on CSP || B architectures, thereby widening the scope of CSP || B modelling. The PVS embedding and rules presented in this paper are not only applicable to CSP || B specifications, but to other combined approaches which use a non-blocking semantics for the state-based operations. [ABSTRACT FROM AUTHOR]

Published

2007

3. CSP theorems for communicating B machines.

Author

Steve Schneider and Helen Treharne

Abstract

Recent work on combining CSP and B has provided ways of describing systems comprised of components described in both B (to express requirements on state) and CSP (to express interactive and controller behaviour). This approach is driven by the desire to exploit existing tool support for both CSP and B, and by the need for compositional proof techniques. This paper is concerned with the theory underpinning the approach, and proves a number of results for the development and verification of systems described using a combination of CSP and B. In particular, new results are obtained for the use of the hiding operator, which is essential for abstraction. The paper provides theorems which enable results obtained (possibly with tools) on the CSP part of the description to be lifted to the combination. Also, a better understanding of the interaction between CSP controllers and B machines in terms of non-discriminating and open behaviour on channels is introduced, and applied to the deadlock-freedom theorem. The results are illustrated with a toy lift controller running example. [ABSTRACT FROM AUTHOR]

Published

2005