» Moving to Fortiss from February 2017;
» The Master Thesis of my student Yuri Gil Dantas, now at TU-Darmstadt, is among the finalists of the best master thesis in security in Brazil organized by SBSeg 2016;
» Our paper A Framework forthe Analysis of UAV Strategies using Co-simulation has been accepted to SBESC 2016).
Telephony Denial of Service (TDoS) attacks target telephony services, such as Voice over IP (VoIP), not allowing legitimate users to make calls. There are few defenses that attempt to mitigate TDoS attacks, most of them using IP filtering, with limited applicability. In our previous work, we proposed to use selective strategies for mitigating HTTP Application-Layer DDoS Attacks demonstrating their effectiveness in mitigating different types of attacks.Developing such types of defenses is challenging as there are many design options, \eg, which dropping functions and selection algorithms to use. Our first contribution is to demonstrate both experimentally and by using formal verification that selective strategies are suitable for mitigating TDoS attacks.We used our formal model to help decide which selective strategies to use with much less effort than carrying out experiments. Our second contribution is a detailed comparison of the results obtained from our formal models and the results obtained by carrying out experiments. We demonstrate that formal methods is a powerful tool for specifying defenses for mitigating Distributed Denial of Service attacks allowing to increase our confidence on the proposed defense before actual implementation.
Timed Intruder Models have been proposed for the verification of Cyber-Physical Security Protocols (CPSP) amending the traditional Dolev-Yao intruder to obey the physical restrictions of the environment. Since to learn a message, a Timed Intruder needs to wait for a message to arrive, mounting an attack may depend on where Timed Intruders are. It may well be the case that in the presence of a great number of intruders there is no attack, but there is an attack in the presence of a small number of well placed intruders. Therefore, a major challenge for the automated verification of CPSP is to determine how many Timed Intruders to use and where should they be placed. This paper answers this question by showing it is enough to use the same number of Timed Intruders as the number of participants. We also report on some preliminary experimental results in discovering attacks in CPSP.
In our previous work, we discovered a new attack on Distance Bounding Protocols, called AttackIn-Between-Ticks, showing that an Intruder can gain access to a resource although he is not within the pre-established distance to Verifier. The attack exploits the differences between discrete measurements used by Verifier and the actual distance. We then speculated that the Attack in Between Ticks could be mitigated by using a large number of challenge response rounds.This paper works out the details building the formal machinery to support this idea. We obtain some surprising (non-intuitive)results. We show that in the case where Verifier decides to grant theaccess by the simple majority, the effect of the repeated challenge responserounds can mitigate the attack but only for the specificvalues of the probability of the erroneous decision in one round.Whereas in the case where Verifier decides to grant the accessby the large majority (that is, with gaining a large specifiedlevel of support, for example, Prover responding in time in twothirds of the challenges) the idea of repeated challenge-responserounds works perfectly well for our protocol.