Learn More
The following full text is a preprint version which may differ from the publisher's version. Abstract We describe a largely automated and systematic analysis of TLS implementations by what we call 'protocol state fuzzing': we use state machine learning to infer state machines from protocol implementations, using only black-box testing, and then inspect the(More)
IMSI catching is a problem on all generations of mobile telecommunication networks, i.e., 2G (GSM, GPRS), 3G (HDSPA, EDGE, UMTS) and 4G (LTE, LTE+). Currently, the SIM card of a mobile phone has to reveal its identity over an insecure plaintext transmission, before encryption is enabled. This identifier (the IMSI) can be intercepted by adversaries that(More)
Learning techniques allow the automatic inference of the behaviour of a system as a finite state machine. We demonstrate that learning techniques can be used to extract such formal models from software on banking smartcards which - as most bank cards do - implement variants of the EMV protocol suite. Such automated reverse-engineering, which only observes(More)
State machine learning is a useful technique for automating reverse engineering. In essence, it involves fuzzing different sequences of inputs for a system. We show that this technique can be successfully used to reverse engineer hand-held smartcard readers for Internet banking, by using a Lego robot to operate these devices. In particular , the state(More)
Mobile phones are increasingly used for security sensitive activities such as online banking or mobile payments. This usually involves some cryptographic operations, and therefore introduces the problem of securely storing the corresponding keys on the phone. In this paper we evaluate the security provided by various options for secure storage of key(More)
We present a security analysis of an internet banking system used by one of the bigger banks in the Netherlands, in which customers use a USB-connected device – a smartcard reader with a display and numeric keyboard – to authorise transactions with their bank card and PIN code. Such a setup could provide a very strong defence against online attackers,(More)
This paper looks at relay attacks against contactless payment cards, which could be used to wirelessly pickpocket money from victims. We discuss the two leading contactless EMV payment protocols (Visa's payWave and Mas-terCard's PayPass). Stopping a relay attack against cards using these protocols is hard: either the overhead of the communication is low(More)
Motivated by Murray's work on the limits of refinement testing for CSP, we propose the use of ProB to check liveness properties under assumptions of strong and weak event fairness, whose refinement-closures cannot generally be expressed as refinement checks for FDR. Such properties are necessary for the analysis of fair exchange protocols in CSP, which(More)
—cMix is a cryptographic protocol for mix networks that uses precomputations of a group-homomorphic encryption function to avoid all real-time public-key operations by the senders, mix nodes, and receivers. Like other mix network protocols, cMix can enable an anonymity service that accepts inputs from senders and delivers them to an output buffer, in a way(More)