Transcript Data Communications Security Laboratory UL

Data Communication Security
Laboratory
Department of Electronic & Computer
Engineering
University of Limerick
www.dcsl.ul.ie
Research Team
•
•
•
•
•
Professor Tom Coffey (Director)
Dr Reiner Dojen (UL)
Dr Thomas Newe (UL)
Jim Morrison (Letterkenny Institute of Technology)
Professor Ioan Salomie, (Professor of Computer Science, Technical
University of Cluj, Romania. Visiting academic at University of
Limerick)
• Dr Robert Gyorodi (University of Oradea, Romania - external
member).
• Postgraduate Researchers
22 (including 8 at Cluj and 3 at Oradea)
Tom Coffey
The Data Communication Security Laboratory
Research History
Refereed papers:
221
Research Funding:
€3.2 million
Graduated PhD/
Masters students:
39
Funding Agencies
EI, SFI, IRCSET, EOLAS, Forbairt, NBST, EU, Irish and
International Companies
Industrial partners:
Collaborative Research undertaken with 12 Irish and
International partners
Academic Partners
University of Ulster, Technical University of Cluj:Napoca(Romainia), University of Oradea (Romainia), Letterkenny
Institute of Technology, University of Lund (Sweden),
University of Sunderland (UK), University of Wales,
University of Aveiro (Portugal),University of Essen
(Germany), Aristotle University (Greece), Soka
University(Japan)
Tom Coffey
The Data Communication Security Laboratory
Research Topics
 Development of verifiably secure protocols and
algorithms and for open hostile environments.
 Formal verification of security protocols using logicbased and state-space-based techniques. Generation of
automated proving systems for security protocol
verification
 Investigation into the cryptographic strength of new
ciphers.
 Watermarking techniques for multimedia document
protection.
 Multi-layer security architectures for virtual networks
 Robust power-line LAN protocols and systems.
- Security services for power-line systems
 Mobile Agents, eLearning Systems
Tom Coffey
The Data Communication Security Laboratory
Cryptographic Security Protocols

Security protocols are one of the most critical elements in
enabling the secure communication and processing of
information

Provide Services like Authentication, Key-agreement, NonRepudiation, E-voting, Secure E-mail, etc.

These protocols are vulnerable to a host of subtle attacks, so
designing protocols to be impervious to such attacks has
proved to be extremely challenging and error prone.
Protocol failure often result of subtle defect(s), e.g. NeedhamSchröder protocol, BCY protocol
Hard to get it “right”
Need systematic way of finding defects => formal methods



Tom Coffey
The Data Communication Security Laboratory
Protocol Design
Publication
Formal Verification
Publication of
Corrected Protocol
Traditional Approach to Security Protocol Design
Protocol Design
Formal Verification
Publication
Re-Design
Protocol
Design Process for Security Protocols – As it should be
Tom Coffey
The Data Communication Security Laboratory
Verification of Security Protocols
 Informal verification techniques insufficient
- cannot always detect subtle protocol errors
 Formal verification more reliable
- they provide a rigid and thorough means of testing the
correctness of cryptographic protocols
 Verification Techniques
 Testing Techniques
Generally comprising exhaustive testing or scenario analysis,
involve examining the protocol in search of security breaches
• Algebraic Term Rewriting and Theorem Proving
Verification Logics
Involve a process of deductive reasoning, whereby the desired
protocol goals are deduced by applying a set of axioms and
inference rules to the assumptions and message exchanges of the
protocol.
Tom Coffey
The Data Communication Security Laboratory
Logic-Based Protocol Verification
•
Computationally Feasible:
•
Good at detecting both passive and active attacks on
protocols
•
Reasonably easy to apply
•
Good at forcing protocol designers to explicitly state the
goals and assumptions of their protocols.
•
Logic-based verification accomplished by deductive
reasoning based on ‘the application of valid rules of
inference to sets of valid axioms (application of logical
postulates)’
Tom Coffey
The Data Communication Security Laboratory
Logic-Based Protocol Verification
Informal Protocol
Specification
Logic-Based Verification Process
Protocol
Specification in
Language of Logic
Specification of
Initial
Assumptions
Specification of
Protocol Goals
Verification
Result
Tom Coffey
The Data Communication Security Laboratory
Application of
Logical Postulates
Digital Image Watermarking
 Watermarking involves the embedding of information in an
image in such a way that it is imperceptible and cannot be
removed.
 This enables the originator to prove ownership of the
image if required.
 Watermarking differs from conventional encryption
systems that protect data from being viewed or modified
during transmission as encryption must be removed for the
display or use of image data.
 Watermarks should survive all attacks that do not degrade
the perceived quality of the image.
Tom Coffey
The Data Communication Security Laboratory
Current work on Digital Image Watermarking
 Existing schemes make use of the principles of Spread Spectrum
communications. However, these schemes are known to be vulnerable
to geometric transformations.
 Current work is aimed at the development of new Discrete Cosine
Transform-based watermarking schemes for the copyright protection
of images.
 The new scheme is designed to exhibit robustness against
– Noise attacks
– Estimation attacks
– Geometric transformations
Tom Coffey
The Data Communication Security Laboratory
Selected Recent Projects
Title:
Automated Verification of Security Protocols (2003-2006)
Funding Body:
Irish Research Council for Science Engineering and Technology
(IRCSET) / EI – Basic Research Grant Programme (SC02/237)
Collaborators
DCSL, UL, Univ of Cluj, Romania, Compaq Systems Research
Center, USA.
Title:
Wireless sensor networks: security protocol design and verification
Funding Body:
Collaborators
(WSN-SPDV) (2005-2008)
Science Foundation Ireland: Research Frontiers Fund
DCSL-UL
Title:
Funding Body:
Collaborators:
Verification of security protocols using state-space techniques (2003-2006)
Irish Research Council for Science Engineering and Technology /EI
Postgraduate Scholarship Award Programme
DCSL-UL
Title:
Data Security Services for Power-Line Lans (1996-1999)
Awarding Body:
Collaborators
Busicom Corporation, Tokyo, Japan
DCSL, Busicom Irl.
Tom Coffey
The Data Communication Security Laboratory
Selected Publications
 Dojen, R ., Coffey, T., “The Concept of Layered Proving Trees and its
Application to the Automation of Security Protocol Verification”, in:
ACM Transactions on Information and System Security (In Press, 2005).
 Dojen, R. and Coffey, T., "Applying Conditional Linear Cryptanalysis to
Ciphers with Key-Dependant Operations", in: WSEAS Transactions on
COMPUTERS, Issue 5, Volume 3, November 2004 pp. 1425-1437.
 Morrison, J., Coffey, T., “An Experimental Analysis of Geometric
Attacks on DCT-Based Watermarks”, in: Transactions on Information
Science and Applications, Issue 6, Volume 1, pp 1656-1661, December
2004. ISSN 1790-0832.
 Coffey T., Dojen R., Flanagan T., “Formal verification: an imperative
step in the design of security protocols”, in: Computer Networks (The
International Journal of Computer and Telecommunications Networking
– Elsevier Science), Vol. 43, No. 5, Dec 2003, pp 601-618. ISSN: 13891286.
Tom Coffey
The Data Communication Security Laboratory
Selected Publications
 Newe, T., Coffey, T., 2003. “Minimum-Knowledge Schemes for low-power,
low-memory Devices”, in: WSEAS Transactions on Circuits and Systems,
Issue 2, Volume 2, April 2003. pp 460-465.
 Newe T., Coffey T., “Formal Verification logic for hybrid security
protocols”, in: International Journal of Computer Systems Science &
Engineering, Vol.18 no 1, Jan 2003, pp 17-25.
 Coffey, T. and Newe, T.; "Realisation of a minimum-knowledge
identification and signature scheme", Computers and Security, Vol 17,
No.3, pp 253-264, 1998.
 Coffey, T. and Saidha, P., "Logic for verifying public key
cryptographic protocols", in: IEE Computers and Digital Techniques,
Vol. 144, Issue 1, pp 28-32, Jan. 1997.
 Coffey, T., Saidha, P., "Non-Repudiation with Mandatory Proof of
Receipt", in: ACM Computer Communication Review; Vol. 26, No. 1,
p6-17. Jan 1996.
Tom Coffey
The Data Communication Security Laboratory
Data Communication Laboratory Contributions
to Secure Communications in the…
 Development of verifiably secure protocols
and algorithms and for open hostile
environments, including wireless
 Formal verification of security protocols
using logic-based and state-space-based
techniques.
Tom Coffey
The Data Communication Security Laboratory