This paper relates the collaboration between industrial and academic teams for the design and the verification of a security protocol. The protocol is about trust establishment in large communities of devices where infrastructure components are not always reachable. The collaboration covers the writing of formal specifications up to their verification, using both manual and automated verificati...

With the rise of the Internet and other open networks, a large number of security protocols have been developed and deployed in order to provide secure communication. The analysis of such security protocols has turned out to be extremely difficult for humans, as witnessed by the fact that many protocols were found to be flawed after deployment. This has driven the research in formal analysis of...

In this paper, we propose a lightweight mutual authentication protocol for low-cost Radio Frequency IDentification (RFID) tags. Although RFID systems promise a fruitful future, security and privacy concerns have affected the proliferation of the RFID technology. The proposed protocol aims to protect RFID tags against a wide variety of attacks and especially Denial of Service (DoS) attacks. We f...

In 2012, Xie proposed an authentication scheme based on Elliptic Curve Cryptography (ECC) for Session Initiation Protocol (SIP). However, this paper demonstrates that the Xie's scheme is vulnerable to impersonation at-tack by which an active adversary can easily forge the server's identity. Based on this attack, we also show that the Xie's scheme is also defenceless to off-line password guessin...

Résumé — L'identification par radiofréquence (RFID) et les technologies biométriques ont connu des évolutions rapides au cours des dernières années et qui sont utilisés dans plusieurs applications, tel que le contrôle d’accès. Parmi les caractéristiques importantes dans les tags des systèmes RFID on trouve la limitation des ressources (mémoire, énergie, ...). L’enregistrement des données biomét...

The EPC Class-1 Generation-2 (Gen2 for short) is a standard Radio Frequency Identification (RFID) technology that has gained a prominent place on the retail industry. The Gen2 standard lacks, however, of verifiable security functionalities. Eavesdropping attacks can, for instance, affect the security of monitoring applications based on the Gen2 technology. We are working on a key establishment ...

ASLan is the input language of the verification tools of the AVANTSSAR platform, and an extension of the AVISPA Intermediate Format IF. One of ASLan’s core features over IF is to integrate a transition system with Horn clauses that are evaluated at every state. This allows for modeling many common situations in security such as the interaction between the workflow of a system with its access co...