Antonio Gonzalez Burgueño successfully completed his PhD trial lecture and thesis defense at the University of Oslo on Wednesday, the 18th of June 2020 and will be awarded the degree of Doctor of Philosophy.
The title of his thesis is “Formal Analysis for Security Ceremonies” and the given topic for his trial lecture was “Verifying and attacking machine learning systems for cyber security”.
In this thesis, he has developed a mathematical framework that can be used to accurately represent and reason about communication processes that include different kinds of actors, including human beings, with different capabilities and knowledge.
He has also used this mathematical framework to analyze the security properties of a range of systems, including the YubiKey authentication device and its secure hardware module (YubiHSM) used by a wide range of companies like Google, Facebook, GitHub or Microsoft. Furthermore, it provided him with the possibility to analyze security properties as secrecy and authentication in communication processes in which different actors with different capabilities and knowledge, including human beings, can interact to achieve a common goal.
He also presents how some of today’s modern security systems, as the RSA Laboratories Public Key Standards PKCS#11, a standard in the industry, the YubiKey, and the YubiHSM, can be logically and automatically analyzed using the state-of-the-art Maude-NPA security analysis tool. This research progresses with the research on the PKCS#11 verification by performing the API analysis in a more general and realistic model than in other previous works. Besides, by using the Maude-NPA tool, we can perform the analysis of the PKCS#11 API in a fully-unbounded session model. Furthermore, in the YubiKey and YubiHSM devices’ analysis, we automatically prove the secrecy and authentication properties of YubiKey and found two different attacks on the YubiHSM HSM, going further than any other previous work.
The following committee has been appointed to evaluate his thesis, trial lecture and defense:
- First external opponent: Associate Professor Osman Hasan, National University of Science & Technology, Pakistan.
- Second external opponent: Senior Scientist Gudmund Grov, Norwegian Defence Establishment, Norway.
- Internal member and committee administrator: Associate Professor Nils Gruschka, Department of Informatics, University of Oslo, Norway.
- Chair of defence: Associate Professor Petter Nielsen, Department of Informatics, UiO
Antonio Gonzalez Burgueño carried out his PhD work at the Department of Informatics, Faculty of Mathematics and Natural Sciences, University of Oslo.
His main supervisor was Professor Peter Csaba Ølveczky, Department of Informatics, UiO and co-supervisor Professor Olaf Owe, Department of Informatics, UiO.