2024-07-192024-07-192024García, V., Escobar, S., Ogata, K., Akleylek, S. y Otmani, A. (2024). Modelling and verification of post-quantum key encapsulation mechanisms using Maude [Póster]. En Jornadas Nacionales de Investigación en Ciberseguridad (JNIC) (9ª.2024. Sevilla) (470-471), Sevilla: Universidad de Sevilla. Escuela Técnica Superior de Ingeniería Informática.978-84-09-62140-8https://hdl.handle.net/11441/161554The security of information systems relies on math ematical problems that are hard to solve. Quantum computing threatens the security of our systems and communications. Kyber, BIKE and Classic McEliece are three candidates in the Post-Quantum Cryptography project launched by the National Institute of Standards and Technologies. We propose a formal framework in Maude for the security analysis of post quantum key encapsulation mechanisms. With our framework, we construct a symbolic model for each candidate. Through reachability analysis, we find both a man-in-the-middle attack in each of them and a design vulnerability in BIKE. For both cases, we provide some possible solutions. Then, we use Maude’s Linear Temporal Logic model checker to extend the analysis of the symbolic system regarding security, liveness and fairness properties. Liveness and fairness properties hold but the security property does not due to the man-in-the-middle attack and the design vulnerability in BIKE.application/pdf2engAttribution-NonCommercial-NoDerivatives 4.0 Internacionalhttp://creativecommons.org/licenses/by-nc-nd/4.0/MaudeRewriting logicFormal verificationPost-quantum protocolsKey encapsulation mechanismsinfo:eu-repo/semantics/conferenceObjectinfo:eu-repo/semantics/openAccess