Analyzing and Improving Security-Enhanced Communication Protocols

Security and privacy are one of the top concerns when experts select for communication protocols. When a protocol is confirmed with problems, such as leaking users’ privacy, the protocol developers will upgrade it to an advanced version to cover those concerns in a short interval, or the protocol will be discarded or replaced by other secured ones.

There are always communication protocols failing to protect users’ privacy or exposing users’ accounts under attack. A malicious user or an attacker can utilize the vulnerabilities in the protocol to gain private information, or even take control of the users’ devices. Hence, it is important to expose those protocols and improve them to enhance the security properties. Some protocols protect users’ privacy but in a less efficient way. Due to the new cryptography technique or the modern hardware support, the protocols can be improved with less overhead and enhanced security protection.

In this dissertation, we focus on analyzing and improving security-enhanced communication protocols in three aspects:

(1) We systematically analyzed an existing and widely used communication protocol: Zigbee. We identified the vulnerabilities of the existing Zigbee protocols during the new device joining process and proposed a security-enhanced Zigbee protocol. The new protocol utilized public-key primitives with little extra overhead with capabilities to protect against the outsourced attackers. The new protocol is formally verified and implemented with a prototype.

(2) We explored one type of communication detection system: Keyword-based deep packet inspection. The system has several protocols, such as BlindBox, PrivDPI, PE-DPI, mbTLS, and so on. We analyzed those protocols and identified their vulnerabilities or inefficiencies. To address those issues, we proposed three enhanced protocols: MT-DPI, BH-DPI, and CE-DPI which work readily with AES-based encryption schemes deployed and well-supported by AES-NI. Specifically, MT-DPI utilized multiplicative triples to support multi-party computation.

(3) We developed a technique to support Distributed confidential computing with the use of a trusted execution environment. We found that the existing confidential computing cannot handle multiple-stakeholder scenarios well and did not give reasonable control over derived data after computation. We analyzed six real use cases and pointed out what is missing in the existing solutions. To bridge the gap, we developed a language SeDS policy that was built on top of the trusted execution environment. It works well for specific privacy needs during the collaboration and gives protection over the derived data. We examined the language in the use cases and showed the benefits of applying the new policies.