Dr David Gerault
Academic and research departments
Surrey Centre for Cyber Security, Computer Science Research Centre.About
Biography
I started working as a lecturer at the university of Surrey in September 2020, after a PhD. in Universite Clermont Auvergne (France) and a postdoc in NTU (Singapore).
University roles and responsibilities
- Year 2 personal tutor
ResearchResearch interests
My main research interest in the application of AI-related techniques (in particular, constraint programming and machine learning) to assist cryptanalysts. I also work on provable security for cryptographic protocols, in particular in distance bounding.
Research interests
My main research interest in the application of AI-related techniques (in particular, constraint programming and machine learning) to assist cryptanalysts. I also work on provable security for cryptographic protocols, in particular in distance bounding.
Supervision
Postgraduate research supervision
I am currently co-supervising (with Liqun Chen) the PhD. of Parthi Parthipan.
Teaching
I am responsible for the COMM046 module (Multimedia security and digital forensics).
Publications
Highlights
- David Gérault and Pascal Lafourcade and Marine Minier and Christine Solnon 2020. Computing AES related-key differential characteristics with constraint programming. Artif. Intell., 278.
- Ling Sun and David Gérault and Wei Wang and Meiqin Wang 2020. On the Usage of Deterministic (Related-Key) Truncated Differentials and Multidimensional Linear Approximations for SPN Ciphers. IACR Trans. Symmetric Cryptol., 2020(3), p.262–287.
- David Gérault and Pascal Lafourcade and Marine Minier and Christine Solnon 2018. Revisiting AES related-key differential attacks with constraint programming. Inf. Process. Lett., 139, p.24–29.
- Siwei Sun and David Gérault and Pascal Lafourcade and Qianqian Yang and Yosuke Todo and Kexin Qiao and Lei Hu 2017. Analysis of AES, SKINNY, and Others with Constraint Programming. IACR Trans. Symmetric Cryptol., 2017(1), p.281–306.
- Gildas Avoine and Xavier Bultel and Sébastien Gambs and David Gérault and Pascal Lafourcade and Cristina Onete and Jean-Marc Robert 2017. A Terrorist-fraud Resistant and Extractor-free Anonymous Distance-bounding Protocol. In Proceedings of the 2017 ACM on Asia Conference on Computer and Communications Security, AsiaCCS 2017, Abu Dhabi, United Arab Emirates, April 2-6, 2017 (pp. 800–814). ACM.
- David Gérault and Marine Minier and Christine Solnon 2017. Using Constraint Programming to solve a Cryptanalytic Problem. In Proceedings of the Twenty-Sixth International Joint Conference on Artificial Intelligence, IJCAI 2017, Melbourne, Australia, August 19-25, 2017 (pp. 4844–4848).
- David Gérault and Marine Minier and Christine Solnon 2016. Constraint Programming Models for Chosen Key Differential Cryptanalysis. In Principles and Practice of Constraint Programming - 22nd International Conference, CP 2016, Toulouse, France, September 5-9, 2016, Proceedings (pp. 584–601). Springer.
- David Gérault and Pascal Lafourcade 2016. Related-Key Cryptanalysis of Midori. In Progress in Cryptology - INDOCRYPT 2016 - 17th International Conference on Cryptology in India, Kolkata, India, December 11-14, 2016, Proceedings (pp. 287–304).
- Xavier Bultel and Sébastien Gambs and David Gérault and Pascal Lafourcade and Cristina Onete and Jean-Marc Robert 2016. A Prover-Anonymous and Terrorist-Fraud Resistant Distance-Bounding Protocol. In Proceedings of the 9th ACM Conference on Security & Privacy in Wireless and Mobile Networks, WISEC 2016, Darmstadt, Germany, July 18-22, 2016 (pp. 121–133). ACM.
Whilst proximity-checking mechanisms are on the rise, proximity-based attacks other than relaying have not been studied from a practical viewpoint, not even in academia. Are the simplest proximity-based attacks, namely distance frauds, a practical danger? Can an attacker make it look like they are here and there at the same time? In this paper, we first distinguish “credible” vs. impractical distance frauds, in a quantifiable, formal manner. Second, we implement two “credible” distance frauds on off-the-shelf NFC-enabled Android phones. We present an initial evaluation focused on their feasibility.
Distance-bounding protocols were introduced in 1993 as a countermeasure to relay attacks, in which an adversary fraudulently forwards the communication between a verifier and a distant prover. In the more than 40 different protocols that followed, assumptions were taken on the structure of distance-bounding protocols and their threat models. In this paper, we survey works disrupting these assumptions, and discuss the remaining challenges.
HB+ is a lightweight authentication scheme, which is secure against passive attacks if the Learning Parity with Noise Prob- lem (LPN) is hard. However, HB+ is vulnerable to a key- recovery, man-in-the-middle (MiM) attack dubbed GRS. The HB+DB protocol added a distance-bounding dimension to HB+, and was experimentally proven to resist the GRS attack. We exhibit several security flaws in HB+DB. First, we refine the GRS strategy to induce a different key-recovery MiM attack, not deterred by HB+DB's distance bounding. Second, we prove HB+DB impractical as a secure distance-bounding (DB) protocol, as its DB security-levels scale poorly compared to other DB protocols. Third, we refute that HB+DB's security against passive attackers relies on the hardness of LPN; more-over, (erroneously) requiring such hardness lowers HB+DB's efficiency and security. We also propose a new distance-bounding protocol called BLOG. It retains parts of HB+DB, yet BLOG is provably secure and enjoys better (asymptotical) security.
In relay attacks, a man-in-the-middle adversary impersonates a legitimate party and makes it this party appear to be of an authenticator, when in fact they are not. In order to counteract relay attacks, distance-bounding protocols provide a means for a verifier (e.g., an payment terminal) to estimate his relative distance to a prover (e.g., a bankcard). We propose FlexiDB, a new cryptographic model for distance bounding, parameterised by different types of fine-grained corruptions. FlexiDB allows to consider classical cases but also new, generalised corruption settings. In these settings, we exhibit new attack strategies on existing protocols. Finally, we propose a proof-of-concept mechanisation of FlexiDB in the interactive cryptographic prover EasyCrypt. We use this to exhibit a flavour of man-in-the-middle security on a variant of MasterCard's contactless-payment protocol.
In the current generation of networks, there has been a strong focus on security and integrity. In sixth-generation (6G) networks trust will also be an important requirement, but how do we build trust in a network? Many researchers have started to pay attention to this, but research in this field is still at an early stage. Taking our lead from the development of trusted computing for single devices we require a root of trust and a mechanism for reliably measuring and reporting on the state of the network. In this paper, we survey existing technologies that we feel can be used to achieve this. We explore trusted computing technologies that enable a single device to be trusted and suggest how they can be adapted to help build a trusted network. For reporting, we need a mechanism to immutably store measurements on the system. We consider that distributed ledger technologies could fulfil this role as they offer immutability, decentralised consensus, and transparency.
Additional publications
- Ling Sun and David Gérault and Adrien Benamira and Thomas Peyrin 2020. NeuroGIFT: Using a Machine Learning Based Sat Solver for Cryptanalysis. In Cyber Security Cryptography and Machine Learning - Fourth International Symposium, CSCML 2020, Be'er Sheva, Israel, July 2-3, 2020, Proceedings (pp. 62–84). Springer.
- David Gérault and Pascal Lafourcade 2019. Towards Secure TMIS Protocols. In Foundations and Practice of Security - 12th International Symposium, FPS 2019, Toulouse, France, November 5-7, 2019, Revised Selected Papers (pp. 337–344). Springer.
- Ioana Boureanu and David Gérault and James Lewis 2019. Here and There at Once, with my Mobile Phone!. In Proceedings of the 16th International Joint Conference on e-Business and Telecommunications, ICETE 2019 - Volume 2: SECRYPT, Prague, Czech Republic, July 26-28, 2019 (pp. 478–484). SciTePress.
- David Gérault and Ioana Boureanu 2019. Distance bounding under different assumptions: opinion. In Proceedings of the 12th Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2019, Miami, Florida, USA, May 15-17, 2019 (pp. 245–248). ACM.
- Hardik Gajera and Matthieu Giraud and David Gérault and Manik Lal Das and Pascal Lafourcade 2019. Verifiable and Private Oblivious Polynomial Evaluation. In Information Security Theory and Practice - 13th IFIP WG 11.2 International Conference, WISTP 2019, Paris, France, December 11-12, 2019, Proceedings (pp. 49–65). Springer.
- David Gérault, 2018. Security analysis of contactless communication protocols. (Analyse de sécurité des protocoles de communication sans contact). (Doctoral dissertation, University of Clermont Auvergne, Clermont-Ferrand, France).
- Xavier Bultel and Manik Lal Das and Hardik Gajera and David Gérault and Matthieu Giraud and Pascal Lafourcade 2017. Verifiable Private Polynomial Evaluation. In Provable Security - 11th International Conference, ProvSec 2017, Xi'an, China, October 23-25, 2017, Proceedings (pp. 487–506). Springer.
- Ioana Boureanu and David Gérault and Pascal Lafourcade and Cristina Onete 2017. Breaking and fixing the HB+DB protocol. In Proceedings of the 10th ACM Conference on Security and Privacy in Wireless and Mobile Networks, WiSec 2017, Boston, MA, USA, July 18-20, 2017 (pp. 241–246). ACM.
- Agnes Brelurut and David Gérault and Pascal Lafourcade 2015. Survey of Distance Bounding Protocols and Threats. In Foundations and Practice of Security - 8th International Symposium, FPS 2015, Clermont-Ferrand, France, October 26-28, 2015, Revised Selected Papers (pp. 29–49). Springer.