A Privacy-Preserving Protocol for Utility-Based Routing in DTNs
Formal Analysis of a Privacy-Preserving Billing Protocol
12
? 1,2 2 1,3 1 2 3 ?
Transcript of Formal Analysis of a Privacy-Preserving Billing Protocol
Formal Analysis of a Privacy-Preserving Billing
Protocol?
Alessandro Armando1,2, Roberto Carbone2, and Alessio Merlo1,3
1 DIBRIS, Università degli Studi di Genova, Italy{alessandro.armando, alessio.merlo}@unige.it2 Security & Trust Unit, FBK-irst, Trento, Italy
{armando, carbone}@fbk.eu3 Università e-Campus, Italy
Abstract. We provide a formal model and a security analysis of thePrivate Billing Protocol. This formal analysis allowed us to spell outprecisely the details of the protocol, the security assumptions as well asthe expected security goals. For the formal analysis we used SATMC, amodel checker for security protocol analysis that supports the speci�ca-tion of security assumptions and goals as LTL formulae. Further analysisthat we conducted manually revealed that the protocol allows for imple-mentations that fail to meet the expected privacy goal. We describe theimplications of our �ndings and discuss how the problem can be avoided.
Keywords: Privacy, Smart Meters, Billing Protocol, Formal Analysis
1 Introduction
Smart Metering solutions are receiving growing attention as they support theautomatic collection of �ne-grained consumption pro�les of utilities (e.g. elec-tricity) thereby paving the way to sophisticated pricing schemes based, e.g., ontime or load. However, the adoption of Smart Metering solutions is to date con-troversial due to privacy concerns related to the release of consumption pro�lesto suppliers [1]. In order to address these concerns a number of security proto-cols for smart metering have been put forward [2�4]. A Private Billing Protocol(PBP) has been recently proposed [5]. By using a form of homomorphic encryp-tion, the protocol allows the Smart Meter to deliver the price associated withthe consumption pro�le without revealing the latter to the supplier.
In this paper we provide a formal model and a security analysis of PBP. Theformal analysis of the protocol allowed us to spell out precisely the details of theprotocol, the assumptions that are necessary for their proper functioning (namelythe trust assumptions and the assumptions on the communications channels
? This is a draft version of the o�cial paper. Please cite this paper as follows. A.Armando, R. Carbone, A. Merlo. Formal Analysis of a Privacy-PreservingBilling Protocol, in Smart Grid Security, LNCS 7823, 2013, pp. 108-119.
Smart Meter
Consumption Profile
Customer’s house Supplier’s site
Tariff
Price Calculation and Proof
Privacy Component Back-end System
Fig. 1. Overview of the Private Billing Protocol
used by the protocol to transport the messages), and the security goals that theprotocol is expected to meet. For the formal analysis of the protocol we usedSATMC [6, 7], a model checker for security protocol analysis that supports thespeci�cation of security assumptions and goals as LTL formulae. Further analysisof the protocol that we conducted manually revealed that the protocol allowsfor implementations that fail to meet the expected privacy goal. We describe theimplications of our �ndings and discuss how the problem can be avoided.
Structure of the paper. In the next section we introduce PBP. In Section 3 wepresent the formal model of the protocol and in Sections 4 and 5 we discussthe results of the security analysis. In Section 6 we provide an overview of therelated work and we conclude in Section 7 with some �nal remarks.
2 The Private Billing Protocol
The Private Billing Protocol (hereafter PBP) has been proposed by Jawurek etal. [5] as a protocol for billing customers in a privacy-preserving way. The aim ofPBP is to allow the supplier to charge customers for energy consumption keepingthe �ne-grained consumption pro�le of the customer private (i.e. not disclosingit to the supplier or other external stakeholders).
The PBP (see Fig. 1) involves three entities: the Smart Meter (SM), a Pri-vacy Component (PC) and the Back-End System (BS). SM is installed at thecustomer's house and registers the consumption pro�le, i.e. a set of energy con-sumption values registered at short-length intervals (typically from 10 to 20 min-utes). PC is a plug-in component placed in between SM and BS; it interceptsthe consumption pro�les produced by SM and the tari�s from BS and calculatesthe billing without disclosing the consumption pro�le to BS. BS provides tar-i�s to PC and receives the billing calculated by PC. The protocol allows BS toverify the billing produced by PC without knowing the consumption pro�le of
Smart Meter(SM)
Privacy Component(PC)
Back-End System(BS)
1. V,R,Commit(V,R), SIGi0SM2PC
2. TBS2PC
3. V ∗ T,R ∗ T,Commit(V,R), SIGi0PC2BS
Legend:
Amch B: A sends the message m to B on the communication channel ch.
Fig. 2. Message sequence chart of the Private Billing Protocol
the customer. This is achieved through the homomorphic commitment schemeproposed in [8]. Given two values x and r, a commitment for x and r, in sym-bols Commit(x, r), is a pseudo-random, one-way function enjoying the followingproperties:
1. Given Commit(x, r), it is hard to compute x (Secrecy);2. Given Commit(x, r), x and r, it is hard to compute x′ 6= x such that
Commit(x′, r) = Commit(x, r) (Binding);3. Commit(x, r) ∗ Commit(y, s) = Commit(x+ y, r + s); and4. Commit(x, r)y = Commit(x ∗ y, r ∗ y).The PBP consists of the three steps shown in Fig. 2. In the �rst step of the
protocol SM sends PC:
� the consumption pro�le V = 〈vi0 , . . . , vin〉, where vik is the consumption inthe interval ik for k = 0, . . . , n,
� a vector R = 〈ri0 , . . . , rin〉 of random numbers,� a vector of commitments Commit(V,R) = 〈Commit(vi0 , ri0), . . . ,
Commit(vin , rin)〉, and� a signature SIGi0 over 〈i0,Commit(V,R)〉, where i0 is the interval of the�rst measurement in V . The signature is calculated using the private key ofSM.
In step 2, BS sends PC the tari� vector T . Finally, in step 3 PC computes theprice V ∗ T =
∑nk=0 vik ∗ tik associated with the consumption vector V , the
value R ∗ T =∑n
k=0 rik ∗ tik , and then sends V ∗ T , R ∗ T , Commit(V,R) andSIGi0 to BS. At this point BS veri�es the validity of the signature and whetherthe commitments in Commit(V,R) correspond to a commitment of the pricecomputed by PC by checking whether
Commit(vi0 , ri0)ti0 ∗ · · · ∗ Commit(vin , rin)
tin = Commit(V ∗ T,R ∗ T ) (1)
This completes the protocol.
Security Assumptions
SM and BS must agree on some signature scheme. This allows SM to sign thecommitments and BS to check the integrity and authenticity of the signed mes-sages. Moreover, SM is assumed to be trustworthy. SM is equipped with a TrustedPlatform Module to ensure that the reported consumption pro�les are trustwor-thy and reliable. The communication channels used to transport the messagesexchanged among the involved parties must o�er some level of security. However,the necessary security assumptions are not explicitly stated in [5]. In Section 4we consider di�erent assumptions, analyzing the consequences of the di�erentchoices from a security perspective.
Security Requirements
The purpose of the protocol is to ful�ll the security requirements of both thecustomer and the supplier.
� Supplier Requirements. BS must be sure that the price provided by PC is thecorrect one, i.e. that it has been calculated using the proper consumptionvalues and tari�s.
� Customer Requirements. PC must be sure to compute the proper price,i.e. the consumption vector V is the one provided by SM and the tari� isthe one provided by BS. Moreover, the customer has some privacy concerns:V must be kept secret between SM and PC.
In this paper, we focus on the latter.
3 Formal Modeling of the Private Billing Protocol
We focus on the problem of determining whether the concurrent execution of a�nite number of sessions of the protocol enjoys the expected security propertiesin spite of the interference of a malicious intruder. In particular, we speci�ed PBPusing ASLan [9], one of the speci�cation languages developed in the context ofthe AVANTSSAR Project [10] (www.avantssar.eu). For the sake of brevity inthis paper we present a simpli�ed version of ASLan, featuring only the aspectsof the language that are relevant for this work. ASLan supports the speci�cationof model checking problems of the form M |= φ, where M is a labeled transitionsystem modeling the behaviors of the honest principals and of the Dolev-Yaointruder (DY)4[11] and their initial state, and φ is a Linear Temporal Logic (LTL)formula stating that the expected security properties hold provided that theexchange of messages enjoys the level of protection guaranteed by the transportprotocols (See [12] for the details).
The states ofM are sets of ground (i.e. variable-free) facts, i.e. atomic formu-lae of the form given in the left column of Table 1 and whose informal meaning is
Table 1. Facts and their informal meaning
Fact Meaning
stater(j, a, es, s) Principal a, playing role r, is ready to execute step j in sessions of the protocol, and es is a list of expressions representingthe internal state of a.
ik(m) The intruder knows message m.sent(rs, b, a,m, c) Principal rs has sent message m on channel c to principal a
pretending to be principal b.rcvd(a, b,m, c) Messagem (supposedly sent by principal b) has been received
on channel c by principal a.authentic(c, p) Channel c provides authenticity to p, i.e. its input is exclu-
sively producible by a speci�ed sender p.confidential(c, p) Channel c provides con�dentiality to p, i.e. its output is ex-
clusively accessible to a given receiver p.
explained in the right column. The facts authentic(c, p) and confidential(c, p)trigger LTL formulae stating the property of the channels. More details can befound in [7, 12].
The initial state of the system de�nes the initial knowledge of the intruder(usually including its cryptographic material, various agent identi�ers, and theirpublic keys) and the initial state of all the honest principals involved in theconsidered protocol sessions.
Transitions are represented by rewrite rules of the form (Lrn(var1,...,varn)−−−−−−−−−−−→
R), where L and R are �nite sets of facts, rn is a rule name, i.e. a functionsymbol uniquely associated with the rule, and var1, . . . , varn are the variablesoccurring in L. Here and in the sequel we use typewriter font to denote statesand rewrite rules with the additional convention that variables are capitalized(e.g. PC, T0), while constants and function symbols begin with a lower-case letter(e.g. pc, t0). The constant i is used to denote the intruder.
The behavior of honest participants is speci�ed by rules of the form:
sent(RS, B, a, M, Ch)receive(B,RS,M,Ch)−−−−−−−−−−−→ rcvd(a, B, M, Ch) (2)
rcvd(a, b,m, ch) � stater (j, a, es, S)sendj(S,...)−−−−−−−→
sent(a, a, b′,m′, ch′) � stater (l, a, es′, S) (3)
for all honest principals a and suitable terms b, b′, ch, ch′, es, es′, m, and m′.Rule (2) models the reception of a message by an honest agent, whereas rule (3)models the processing of a previously received message and the sending of thenext protocol message. More in detail, rule (3) states that if principal a is at
4 A Dolev-Yao intruder has complete control over the network and can generate newmessages both from its initial knowledge and the messages exchanged over the net-work.
step j in session S of the protocol and she has received message m on channelch (supposedly) by b, then she can send message m′ to b′ on channel ch′ andchange her internal state accordingly preparing for step l.
To simplify the presentation in the sequel we use the in�x notation for thearithmetic operators instead of the pre�x one as required in ASLan. We de�nethem, together with the commit binary operator c, as non invertible public func-tions. Moreover 〈m1, . . . ,mk〉 stands for pair(m1, pair(. . . ,mk)). To illustratewe consider the protocol steps 2 and 3, in which PC receives the tari� valuesfrom BS and it sends back the last message to BS. This transition is modeledby the following rule, for any positive integer n:
rcvd(PC, BS, 〈T0, . . . , Tn〉, BS2PC) � statePC(2, PC, [BS, BS2PC, PC2BS . . .], S)send2(PC,...,S)−−−−−−−−→
sent(PC, PC, BS, 〈(V0 ∗ T0) + . . .+ (Vn∗Tn), (R0 ∗ T0) + . . .+ (Rn∗Tn),c(V0, R0), . . . , c(Vn, Rn),sign(inv(pk(SM)), 〈I, c(V0, R0), . . . , c(Vn, Rn)〉)〉, PC2BS) �
statePC(3, PC, [BS, BS2PC, PC2BS, T0, . . . , Tn, . . .], S)
where sign(inv(pk(SM)),m) is the digital signature of the message m with theprivate key of SM, and BS2PC and PC2BS are the channels used by BS and PC tocommunicate with each other. (Channels in our model are unidirectional: if xand y are principals, then x2y denotes a channel used by x to send messages toy and y2x denotes a channel used by y to send messages to x.)
Since SATMC does not support reasoning about homomorphic encryptionwe replaced the check of equation (1) with pattern matching. Namely, in the lefthand side of the last rule of BS, we explicitly state which pattern must have themessage received in order to be accepted by BS. For each admissible pattern,we add a similar rule leading to the same �nal state. As we will see, this levelof abstraction is enough to detect the issues reported in Section 4. Moreover, inSection 5 we point out which kind of attacks can be lost.
For the sake of brevity, we omit here the rules modeling the abilities of theDY intruder. He can overhear and divert messages, and by using the knowledgegleaned from the observed tra�c he forges and sends fraudulent messages to thehonest participants.
3.1 Security Requirements
The use of LTL allows for the speci�cation of the security goals of the protocol.The language of LTL we consider here uses facts as atomic formulae, the usualpropositional connectives (namely, ∨, ∧, ⇒), and the temporal operators G(globally) and O (once).
Let us focus on the customer's requirements that the PBP is expected toenjoy (cf. end of Section 2). They can be expressed in terms of authenticationand secrecy properties, de�ned as follows:
Authentication. To de�ne the authentication goals of the protocol we rely onthe de�nition given in [13]: whenever principal b (playing role r2) completes arun of the protocol apparently with principal a (playing role r1), then (i) a haspreviously been running the protocol apparently with b, and (ii) the two agentsagree on m. We then say that b authenticates a on m in session s if and only ifthe following formula holds:
authentication(b, a,m, s) :=
G∀(stater2(j2, b, [a, . . . ,m, . . .], s)⇒∃O stater1(j1, a, [b, . . . ,m, . . .], s))
where j1 is the protocol step in which m is sent by an agent playing role r1 andj2 is the last protocol step of an agent playing role r2.
Secrecy. The secrecy of a message m is guaranteed if, and only if, the intruderdoes not know m. This is formalised by the following formula:
secret(m) := G¬ ik(m)
Thus, for each protocol session s, this amounts to including the followingformulae in φ:
authentication(pc, sm, v, s)
authentication(pc, bs, t, s)
secret(v) provided that i 6∈ {sm, pc}
where sm, pc, and bs are the agents playing in session s the roles SM, PC, andBS respectively, while v and t are the data values of V and T as exchanged bythe agents in s. (Clearly, the intruder is entitled to access v if, and only if, it isplaying in s one of those agents that is legitimated to do so i.e., the intruder iseither sm or pc.)
4 Formal Security Analysis
We have mechanically analyzed the formal model of PBP presented in Section 3using SATMC, a state-of-the-art model checker for security protocols. At thecore of SATMC lies a procedure that automatically generates a propositionalformula whose satisfying assignments (if any) correspond to counterexamples(i.e. execution traces of M that falsify φ) of length bounded by some integerk. Finding attacks (of length k) on the protocol therefore boils down to solv-ing propositional satis�ability problems. SATMC relies on state-of-the-art SATsolvers for this task which can handle propositional satis�ability problems withhundreds of thousands of variables and clauses or more. SATMC can be in-structed to perform an iterative deepening on k. More details on SATMC canbe found in [14, 7].
In our analysis, we set the number n of time intervals to 2. This value issu�cient to spot issues, thereby maintaining the problem concise. We focusedon the customer's requirements and considered a variety of protocol scenarios.Among them, we selected two signi�cant scenarios. In both of them SM and PCare assumed to be trustworthy. In the �rst scenario, BS is trustworthy as well,and he is only vulnerable to passive attacks. The rationale is that active attacksare much more di�cult to perform (e.g. for a malicious employee), and theywould be easy to detect, if they have a certain dimension, because customerswould be paying strange bills with unexpected amounts. In the second scenario,we assume that BS is not trustworthy and can misbehave. Even considering thisscenario, the customer's requirements should be guaranteed.
In PBP the assumptions on the properties of the communication channelsbetween the agents are not explicitly stated, thus we checked di�erent channelcon�gurations. Moreover, we modeled the customer's requirements by using thesecrecy and authentication properties described in Section 3.1. We discuss themin turn.
secret(v)
We considered an initial scenario comprising two sessions in which the roles ofthe protocol are played by trustworthy agents (namely sm, pc, and bs) and inwhich all messages are exchanged over insecure channels. As expected, SATMCdetected an attack to the secrecy property secret(v). Indeed, it is easy to seethat in this scenario the intruder can overhear the message sent by sm to pc onchannel sm2pc, thereby learning the consumption value v. This indicates that thecommunication channel sm2pc used to transport the messages from SM to PCmust ensure con�dentiality. Thus, we added the fact confidential(sm2pc,pc)to the initial state of the protocol and fed the resulting speci�cation to the modelchecker. SATMC did not �nd any attack when applied to the resulting model. Itmust be noted that since BS is not necessarily trustworthy, the secrecy propertymust hold even when the intruder plays the role of BS. We therefore changedthe model of the protocol accordingly. Also in this case SATMC did not �nd anyviolation on the secrecy property.
authentication(pc,sm,v,s)
Assuming that PC is able to verify the validity of the signature of SM, SATMCdid not report any attack on this property. Indeed, in the �rst step of the proto-col, the vector of commitments is explicitly signed by SM, as well as the intervali0, thus allowing PC to check the authenticity of the values.
authentication(pc,bs,t,s)
The protocol is clearly violated if BS is malicious. We therefore focused only onscenarios in which all the protocol participants are trustworthy. SATMC reported
the following attack: a malicious agent i, pretending to be bs, can send to pc
a fake value for the tari� vector t. The consequence is that pc can be inducedto produce a wrong bill. This indicates that the communication channel used totransport the messages from BS to PC must ensure authenticity of the messages.By adding the fact authentic(bs2pc,bs) on the initial state, SATMC did not�nd any violation on the authentication property.
5 Further Security Considerations
As shown above, model-checkers are helpful for detecting security weaknesses insecurity protocols. However the results of analysis must be interpreted carefullyby considering the limitations of the tools. SATMC does not currently supportreasoning about the algebraic properties of the cryptographic operators andtherefore it may fail in detecting attacks that rely strictly on them.
By manual inspection of the protocol we realized that, in case BS is nottrustworthy, he can acquire the whole consumption pro�le of the customer. Letn be the number of time intervals for each consumption pro�le. By sending asequence of n fake tari� vectors T1, . . . , Tn to PC, BS receives the correspondingprices p1, . . . , pn. Given that the prices are computed by PC using the sameconsumption pro�le V , then V ∗ Ti = pi for i ∈ [1..n], and BS can determine V ,by solving a system of n equations.
This issue could be prevented by changing the protocol as follows. The mes-sage 2 in Fig. 2 should be enriched including the interval i0 of the �rst measure-ment in V . When receiving that message, PC must check whether i0 is the onereceived from SM in step 1. Moreover, if PC obtains several requests containingthe same i0, he must only repeat his previous answer. Notice that, BS can stillforge and send PC a fake tari� vector T ′
k = 〈t′1, . . . , t′n〉 such that t′k = 1 andt′i = 0 for all i 6= k, for k ∈ [1..n]. It is easy to see that in this case the pricecomputed by PC and sent to BS is equal to vk. Nevertheless, using the solutionproposed, it is possible to control the amount of information leakage: BS canobtain at most a single consumption value vk for each time frame, while it isprevented to acquire the whole consumption pro�le.
6 Related Work
Smart Metering is a privacy-sensitive scenario, due to the involvement of (po-tentially untrusted) third-party aggregators which gather and analyze streamsof data [15]. In general, the goal with smart metering is to allow aggregatorsto infer less information as possible on the behavior of customer while retain-ing the ability to deliver the expected functionalities (e.g. billing). To this aim,recent literature provides di�erent cryptographic schemes aimed at preservingthe customer privacy from untrusted aggregators and under di�erent scenarioassumptions.
One of the �rst privacy-preserving scheme for smart metering has been pro-posed by Rial and Denezis [16] and has been enhanced and applied to di�erent
contexts. In this paper, we formally have analyzed the privacy-preserving billingprotocol described in [5], based on Pedersen Commitments and Zero-KnowledgeProof as a basis to provide veri�cation. Also in [2] Zero-Knowledge Proof is usedin a billing protocol speci�cally optimized for low consumption. In [17] authorspropose a scheme able to allow aggregators to get data from di�erent smartmeters in a privacy-preserving way: each customer may challenge the aggrega-tor to prove that his privacy has been preserved. Moreover, the same schemeis robust against failures of the involved smart meters. Furthermore, in [4] theauthors propose a distributed scheme for di�erential privacy preservation thatdoes not rely on trusted third parties. Schemes for detecting attempts to violatethe consumer privacy have also been de�ned. For instance, in [18] a scheme forthe detection of leakage and fraud attempts is presented. Finally, in [3] schemesfor allowing spatial (i.e. data coming from di�erent smart meters at the sametime) and temporal (i.e. data from di�erent periods in the same smart meter)privacy-preserving aggregation are discussed.
The e�cacy of all previous schemes are proved against adversarial modelaimed at breaking the cryptographic scheme. However, to the best of our knowl-edge no systematic and formal analysis considering the interleaving of multipleprotocol sessions among protocol participants and the intruder have ever beenapplied.
Concerning formal analysis, besides SATMC, the AVANTSSAR Platformfeatures two other model-checkers for security protocols, namely CL-AtSe [19],and OFMC [20]. Both CL-AtSe and OFMC support reasoning about the alge-braic properties of cryptographic operators. This is very helpful to detect �awsin a variety of protocols, but unfortunately homomorphic encryption is not yetsupported by the tools. It must be noted that this is very active research area.For instance, the decidability of uni�cation modulo homomorphic encryption hasbeen proved only recently [21]. On the contrary, SATMC supports model check-ing of LTL formulae, allowing for the speci�cation of assumptions on principalsand communication channels as well as of complex security properties that arenormally not handled by state-of-the-art security protocol analysers.
7 Conclusions
In this paper we provided a preliminary formal analysis of a smart meteringprotocol (the Private Billing Protocol), also discussing security issues relatedto di�erent assumptions that may hold in actual implementations. We showedthat�under certain assumptions�the security of the protocol can be violated.
Acknowledgments
We are grateful to Jorge Cuéllar for stimulating discussions on these topics andfeedback he provided. This work has partially been supported by the activity�TSES 12178 SESSec-EU - Networked Smart Energy Systems Security in Eu-rope� of the action line TSES Smart Energy Systems of the EIT ICT Labs, by
the FP7-ICT Project SPaCIoS (no. 257876), and by the project SIAM fundedin the context of the FP7 EU �Team 2009 - Incoming� COFUND action.
References
1. W. Heck. Smart energy meter will not be compulsory. NRC Handelsblad, April2009.
2. Andres Molina-Markham, George Danezis, Kevin Fu, Prashant Shenoy, and DavidIrwin. Designing privacy-preserving smart meters with low-cost microcontrollers.In Proceedings of the 16th International Conference on Financial Cryptography andData Security, FC '12, February 2012.
3. Zekeriya Erkin and Gene Tsudik. Private computation of spatial and temporalpower consumption with smart meters. In Feng Bao, Pierangela Samarati, andJianying Zhou, editors, Applied Cryptography and Network Security, volume 7341of Lecture Notes in Computer Science, pages 561�577. Springer Berlin / Heidelberg,2012. 10.1007/978-3-642-31284-7_33.
4. Gergely Ács and Claude Castelluccia. I have a dream!: di�erentially private smartmetering. In Proceedings of the 13th international conference on Information hid-ing, IH'11, pages 118�132, Berlin, Heidelberg, 2011. Springer-Verlag.
5. Marek Jawurek, Martin Johns, and Florian Kerschbaum. Plug-in privacy for smartmetering billing. In Simone Fischer-Hübner and Nicholas Hopper, editors, PrivacyEnhancing Technologies, volume 6794 of Lecture Notes in Computer Science, pages192�210. Springer Berlin Heidelberg, 2011.
6. Alessandro Armando and Luca Compagna. SATMC: a SAT-based model checkerfor security protocols. In Proceedings of the 9th European Conference on Logics inArti�cial Intelligence (JELIA'04), volume 3229 of LNAI, pages 730�733, Lisbon,Portugal, 2004. Springer-Verlag.
7. Alessandro Armando, Roberto Carbone, and Luca Compagna. LTL Model Check-ing for Security Protocols. In Journal of Applied Non-Classical Logics, special issueon Logic and Information Security, pages 403�429. Hermes Lavoisier, 2009.
8. Torben P. Pedersen. Non-interactive and information-theoretic secure veri�ablesecret sharing. In Proceedings of the 11th Annual International Cryptology Confer-ence on Advances in Cryptology, CRYPTO '91, pages 129�140, London, UK, UK,1992. Springer-Verlag.
9. AVANTSSAR. Deliverable 2.1: Requirements for modelling and ASLan v.1. Avail-able at http://www.avantssar.eu, 2008.
10. Alessandro Armando, Wihem Arsac, Tigran Avanesov, Michele Barletta, AlbertoCalvi, Alessandro Cappai, Roberto Carbone, Yannick Chevalier, Luca Compagna,Jorge Cuéllar, Gabriel Erzse, Simone Frau, Marius Minea, Sebastian Mödersheim,David von Oheimb, Giancarlo Pellegrino, Serena Elisa Ponta, Marco Rocchetto,Michaël Rusinowitch, Mohammad Torabi Dashti, Mathieu Turuani, and Luca Vi-ganò. The AVANTSSAR Platform for the Automated Validation of Trust and Se-curity of Service-Oriented Architectures. In Cormac Flanagan and Barbara König,editors, TACAS, volume 7214 of Lecture Notes in Computer Science, pages 267�282. Springer, 2012.
11. D. Dolev and A. Yao. On the Security of Public-Key Protocols. IEEE Transactionson Information Theory, 2(29), 1983.
12. Alessandro Armando, Roberto Carbone, Luca Compagna, Jorge Cuellar, andLlanos Tobarra Abad. Formal Analysis of SAML 2.0 Web Browser Single Sign-On:
Breaking the SAML-based Single Sign-On for Google Apps. In Proceedings of the6th ACM Workshop on Formal Methods in Security Engineering (FMSE 2008),Hilton Alexandria Mark Center, Virginia, USA, 2008. ACM Press.
13. Gavin Lowe. A Hierarchy of Authentication Speci�cations. In Proceedings of the10th IEEE Computer Security Foundations Workshop (CSFW'97), pages 31�43.IEEE Computer Society Press, 1997.
14. Alessandro Armando and Luca Compagna. SAT-based Model-Checking for Secu-rity Protocols Analysis. International Journal of Information Security, 7(1):3�32,January 2008.
15. Elaine Shi, Hubert Chan, Eleanor Rie�el, Richard Chow, and Dawn Song. Privacy-preserving aggregation of time-series data. In Proc. of the 18th Annual Network andDistributed System Security Symposium (NDS 2011). National Science FoundationExpeditions in Computing, 2011.
16. Alfredo Rial and George Danezis. Privacy-preserving smart metering. In Proceed-ings of the 10th annual ACM workshop on Privacy in the electronic society, WPES'11, pages 49�60, New York, NY, USA, 2011. ACM.
17. T.-H.Hubert Chan, Elaine Shi, and Dawn Song. Privacy-preserving stream aggre-gation with fault tolerance. In Angelos D. Keromytis, editor, Financial Cryptogra-phy and Data Security, volume 7397 of Lecture Notes in Computer Science, pages200�214. Springer Berlin Heidelberg, 2012.
18. Klaus Kursawe, George Danezis, and Markulf Kohlweiss. Privacy-friendly aggre-gation for the smart-grid. In Proceedings of the 11th international conference onPrivacy enhancing technologies, PETS'11, pages 175�191, Berlin, Heidelberg, 2011.Springer-Verlag.
19. Mathieu Turuani. The CL-Atse Protocol Analyser. In Term Rewriting and Appli-cations (Proceedings of RTA'06), LNCS 4098, pages 277�286, 2006.
20. David Basin, Sebastian Mödersheim, and Luca Viganò. OFMC: A symbolic modelchecker for security protocols. International Journal of Information Security,4(3):181�208, 2005.
21. Siva Anantharaman, Hai Lin, Christopher Lynch, Paliath Narendran, and MichaëlRusinowitch. Uni�cation modulo homomorphic encryption. In Proceedings of the7th international conference on Frontiers of combining systems, FroCoS'09, pages100�116, Berlin, Heidelberg, 2009. Springer-Verlag.
