Showing papers by "Benjamin Richard published in 2016"

Achieving Better Privacy for the 3GPP AKA Protocol

Abstract: Proposed by the 3rd Generation Partnership Project (3GPP) as a standard for 3G and 4G mobile-network communications, the AKA protocol is meant to provide a mutually-authenticated key-exchange between clients and associated network servers. As a result AKA must guarantee the indistinguishability from random of the session keys (key-indistinguishability), as well as client- and server-impersonation resistance. A paramount requirement is also that of client privacy, which 3GPP defines in terms of: user identity confidentiality, service untraceability, and location untraceability. Moreover, since servers are sometimes untrusted (in the case of roaming), the AKA protocol must also protect clients with respect to these third parties. Following the description of client-tracking attacks e.g. by using error messages or IMSI catchers, van den Broek et al. and respectively Arapinis et al. each proposed a new variant of AKA, addressing such problems. In this paper we use the approach of provable security to show that these variants still fail to guarantee the privacy of mobile clients. We propose an improvement of AKA, which retains most of its structure and respects practical necessities such as key-management, but which provably attains security with respect to servers and Man-in-the- Middle (MiM) adversaries. Moreover, it is impossible to link client sessions in the absence of client-corruptions. Finally, we prove that any variant of AKA retaining its mutual authentication specificities cannot achieve client-unlinkability in the presence of corruptions. In this sense, our proposed variant is optimal.

Beam-particle approach to model cracking and energy dissipation in concrete: Identification strategy and validation

Abstract: This paper focuses on the application of a beam-particle model to study the failure of concrete under complex loading. The formulation of the model is based both on lattice models and discrete elements models in order to capture cohesion, failure and frictional contact of the crack surfaces. To correctly describe the elastic phase, the peak load and the post-peak phase, the failure criteria is discussed and heterogeneities are introduced. The calibration of this model is detailed and illustrated. Finally, several test cases are analysed in order to validate the model.

A Cryptographic Analysis of UMTS/LTE AKA.

Abstract: Secure communications between mobile subscribers and their associated operator networks require mutual authentication and key derivation protocols. The 3GPP standard provides the AKA protocol for just this purpose. Its structure is generic, to be instantiated with a set of seven cryptographic algorithms. The currently-used proposal instantiates these by means of a set of AES-based algorithms called MILENAGE; as an alternative, the ETSI SAGE committee submitted the TUAK algorithms, which rely on a truncation of the internal permutation of Keccak. In this paper, we provide a formal security analysis of the AKA protocol in its complete three-party setting. We formulate requirements with respect to both Man-in-the-Middle (MiM) adversaries, i.e. keyindistinguishability and impersonation security, and to local untrusted serving networks, denoted “servers”, namely state-confidentiality and soundness. We prove that the unmodified AKA protocol attains these properties as long as servers cannot be corrupted. Furthermore, adding a unique server identifier suffices to guarantee all the security statements even in in the presence of corrupted servers. We use a modular proof approach: the first step is to prove the security of (modified and unmodified) AKA with generic cryptographic algorithms that can be represented as a unitary pseudorandom function –PRF– keyed either with the client’s secret key or with the operator key. A second step proceeds to show that TUAK and MILENAGE guarantee this type of pseudorandomness, though the guarantee for MILENAGE requires a stronger assumption. Our paper provides (to our knowledge) the first complete, rigorous analysis of the original AKA protocol and these two instantiations. We stress that such an analysis is important for any protocol deployed in real-life scenarios.

Development of a sink–source interaction model for the growth of short-rotation coppice willow and in silico exploration of genotype×environment effects

Abstract: Identifying key performance traits is essential for elucidating crop growth processes and breeding. In Salix spp., genotypic diversity is being exploited to tailor new varieties to overcome environmental yield constraints. Process-based models can assist these efforts by identifying key parameters of yield formation for different genotype×environment (G×E) combinations. Here, four commercial willow varieties grown in contrasting environments (west and south-east UK) were intensively sampled for growth traits over two 2-year rotations. A sink–source interaction model was developed to parameterize the balance of source (carbon capture/mobilization) and sink formation (morphogenesis, carbon allocation) during growth. Global sensitivity analysis consistently identified day length for the onset of stem elongation as most important factor for yield formation, followed by various ‘sink>source’ controlling parameters. In coastal climates, the chilling control of budburst ranked higher compared with the more eastern climate. Sensitivity to drought, including canopy size and rooting depth, was potentially growth limiting in the south-east and west of the UK. Potential yields increased from the first to the second rotation, but less so for broad- than for narrow-leaved varieties (20 and 47%, respectively), which had established less well initially (–19%). The establishment was confounded by drought during the first rotation, affecting broad- more than narrow-leaved canopy phenotypes (–29%). The analysis emphasized quantum efficiency at low light intensity as key to assimilation; however, on average, sink parameters were more important than source parameters. The G×E pairings described with this new process model will help to identify parameters of sink–source control for future willow breeding.

A Cryptographic Analysis of UMTS/LTE AKA

Abstract: Secure communications between mobile subscribers and their associated operator networks require mutual authentication and key deri-vation protocols. The \(\mathsf {3GPP}\) standard provides the \(\mathsf {AKA}\) protocol for just this purpose. Its structure is generic, to be instantiated with a set of seven cryptographic algorithms. The currently-used proposal instantiates these by means of a set of \(\mathsf {AES}\)-based algorithms called \(\mathsf {MILENAGE}\); as an alternative, the ETSI SAGE committee submitted the \(\mathsf {TUAK}\) algorithms, which rely on a truncation of the internal permutation of \(\mathsf {Keccak}\).