a computationally sound mechanized prover for security
play

A Computationally Sound Mechanized Prover for Security Protocols P. - PowerPoint PPT Presentation

Sep 03, 2023 •350 likes •591 views

A Computationally Sound Mechanized Prover for Security Protocols P. Cogn ee, D. Kolokosso, F. M ejean, L. Pillard, J. Tharaud National School of Applied Mathematics and Computer Science, ENSIMAG 27 November 2009 P. Cogn ee, D.

  1. A Computationally Sound Mechanized Prover for Security Protocols P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud National School of Applied Mathematics and Computer Science, ENSIMAG 27 November 2009 P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 1 / 22

  2. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 2 / 22

  3. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 3 / 22

  4. CryptoVerif and Semantic CryptoVerif A Computationally Sound Mechanized Prover for Security Protocols Bruno Blanchet (CNRS, ENS, Paris) P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 4 / 22

  5. CryptoVerif and Semantic 2 approaches for proving secrecy properties of security protocols : Symbolic : { < a , x > } k , a deduction system (e.g. Dolev-Yao model), proofs based on constraint solving, . . . Computational : 10101001010 . . . , a PPTT machine, proofs based on cryptographic assumption ( → CryptoVerif) P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 5 / 22

  6. CryptoVerif and Semantic CryptoVerif is a sequence of games transformations : first game = real protocol represented in process calculus final game = no variables, only arrays of booleans Two consecutive games cannot be distinguished. P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 6 / 22

  7. CryptoVerif and Semantic Process calculus = pi-calculus + cryptographic primitives Pi-calculus : probabilitic semantic over bistrings input process, output process arrays of booleans, replication parallel composition, channel restriction Cryptographic primitives : functions over bistrings (blackboxes) P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 7 / 22

  8. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 8 / 22

  9. Observational equivalence Definition, more important result Adversary represented by Context C[.] → a c ontext C: process with an hole, having access to V, set of Variables Processes Q,Q’, verifying invariant-rules if | Pr [ C [ Q ] → 1] − Pr [ C [ Q ′ ] → 1] | is negligible then Q ≈ V Q ′ The adversary cannot distinguish which process have been used. P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 9 / 22

  10. Observational equivalence Definition, more important result Adversary represented by Context C[.] → a c ontext C: process with an hole, having access to V, set of Variables Processes Q,Q’, verifying invariant-rules if | Pr [ C [ Q ] → 1] − Pr [ C [ Q ′ ] → 1] | is negligible then Q ≈ V Q ′ The adversary cannot distinguish which process have been used. Which purpose ? if Q ≈ V Q ′ then GAME1[Q] → ≈ GAME2[Q’] using syntactic and primitives transformations P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 9 / 22

  11. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 10 / 22

  12. Game Transformations Goal : transform the process that represents the initial protocol into a process on which security property can be proved directly. It consists in : syntactic transformations ( RemoveAssign ( x ), SArename ( x ), Simplify ()) applying the definition of security of primitives : axioms used by the prover to transform a game into another equivalent game P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 11 / 22

  13. Security Primitives What means the security primitives ? Cryptographic fonctions like enc, mac, keygen . . . Designed like black-boxes here e.g : MAC (Message Authentification Code) linked with check relation : check(m,k,mac(m,k)) = true Guaranties Authenticity and integrity of a message P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 12 / 22

  14. Security Primitives Predefined transformation for security primitives: check Because, mac is UF-CMA ( difficult to forge), then we can replace check(m,k,t) with: find j < N such that defined ( x [ j ]) ∧ ( m = x [ j ]) ∧ check’(m,k,t) then true , else false It means that he adversary can compute check only if he has already computed mac(m,k); P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 13 / 22

  15. Security Primitives enc Because enc is IND-CPA we can replace : enc ( x , keygen ( r )) with : enc ′ ( Z ( x ) , keygen ′ ( r )) where Z(x) returns a bitstring of the same length than x Intuitively, it means that adversary cannot distinguish the cyphering of 2 same-size messages P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 14 / 22

  16. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 15 / 22

  17. Proof for Security : Criteria for proving Secrecy Properties Secrecy Criterias: one-session secrecy secrecy Lemma If Q ≈ x Q ′ and Q preserves the one-session secrecy of x then Q ′ preserves the one-session secrecy of x. The same result holds for secrecy. We can then apply the following mechanism, to prove that oneprotocol preserves the one-session secrecy of x: P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 16 / 22

  18. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 17 / 22

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno

CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno

Introduction Using CryptoVerif Proof technique Enc-then-MAC example FDH example Conclusion CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno Blanchet CNRS, Ecole Normale Sup erieure, INRIA,

972 views • 78 slides
Towards computationally sound symbolic security analysis Daniele Micciancio, UCSD DIMACS

Towards computationally sound symbolic security analysis Daniele Micciancio, UCSD DIMACS

Towards computationally sound symbolic security analysis Daniele Micciancio, UCSD DIMACS Tutorial June 2004 Security protocols Protocols: distributed programs Goal: maintain prescribed behavior in adversarial execution environment

1.34k views • 51 slides
The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

1/25 The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with Tamarin-Prover Eike Stadtlnder July 12, 2018 2/25 Outline Motivation Tamarin-Prover Overview Multiset Rewriting Tamarin-Prover in Practice

1.32k views • 117 slides
Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike

Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike

1/18 Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike Stadtlnder May 17, 2018 2/18 Outline Motivation Tamarin-Prover Overview Language and Environment State Demo Goals for the Lab . 3/18

1.33k views • 99 slides
Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech)

Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech)

Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech) arXiv:1710.03062 Interactive proofs MIP IP Completeness: If YES, prover can convince verifier with Pr c (e.g. 2/3) Soundness : If NO, prover cannot

472 views • 19 slides
Towards Automated Computationally Faithful Specify protocol participants as processes following

Towards Automated Computationally Faithful Specify protocol participants as processes following

2 Security Analysis a la Dolev-Yao Towards Automated Computationally Faithful Specify protocol participants as processes following Dolev, Yao 1982: In addition to Verification of Cryptoprotocols expected participants, model attacker who: Jan

146 views • 4 slides
Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let its Mind Wander Ulrich Furbach Claudia Schon Univ. Koblenz - DFG Project Cognitive Reasoning Reasoning and Consciousness Teaching a

715 views • 55 slides
Using Python to Solve Computationally Hard Problems Using Python to Solve Computationally Hard

Using Python to Solve Computationally Hard Problems Using Python to Solve Computationally Hard

Using Python to Solve Computationally Hard Problems Using Python to Solve Computationally Hard Problems Rachael Madsen Optimal Design Software LLC BS in Mathematics Software Engineer &amp; Architect Python programmer

872 views • 46 slides
Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used to create: Mood Ambience Drama Environmental clues Continuity Feedback Practical Issues Real-time requirement

311 views • 17 slides
Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Masters Thesis Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of Freiburg Department of Computer Science Programming Languages Chair September 1, 2019 Hannes Saffrich Mechanized Type

1.03k views • 39 slides
? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf)

? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf)

9/4/19 Speech Hynek Hermansky Elecrical and Computer Engineering Hackerman 324Fp ? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf) no wolf wolf loudness timbre (sound color) More

334 views • 14 slides
Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for

Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for

Taking the machine seriously. A study of mechanized mathematics L. De Mol Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for Logic and Philosophy of Science, Belgium elizabeth.demol@ugent.be

969 views • 57 slides
Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI Mechanized Analysis: 1

433 views • 20 slides
Tamarin prover Farzane Karami November 2019 Tamarin A tool for modeling and analysis of

Tamarin prover Farzane Karami November 2019 Tamarin A tool for modeling and analysis of

Tamarin prover Farzane Karami November 2019 Tamarin A tool for modeling and analysis of security protocols Core team: David Basin, Cas Cremers, Jannik Dreier, Simon Meier, Ralf Sasse, Benedikt Schmidt

578 views • 26 slides
A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore) Department of Computer Sciences University of Texas at Austin September 18, 2009 1 Theorem Prover ? Yes Proof Checker Yes No 2 Rules of

693 views • 40 slides
SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are

SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are

SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are made when objects vibrate and the vibrations travel to enter you ear. You hear these vibrations as sounds. Sound is all around us We cannot

357 views • 9 slides
On Semantic Relations: From probabilistic systems to coalgebras and back Ana Sokolova SOS group,

On Semantic Relations: From probabilistic systems to coalgebras and back Ana Sokolova SOS group,

On Semantic Relations: From probabilistic systems to coalgebras and back Ana Sokolova SOS group, Radboud University Nijmegen GEOCAL 06, Probabilistic Systems Workshop, AS p.1/30 Outline Introduction - probabilistic systems and

1.53k views • 95 slides
Architecture in the Age of Compositionality Jan Bosch VP, Engineering Process Professor of

Architecture in the Age of Compositionality Jan Bosch VP, Engineering Process Professor of

Architecture in the Age of Compositionality Jan Bosch VP, Engineering Process Professor of Software Engineering Jan@JanBosch.com May 18, 2011 Intuit Proprietary &amp; Confidential If you are not moving at the speed of the marketplace

872 views • 50 slides
From 5-pass MQ -based identification to MQ -based signatures Ming-Shing Chen 1 , 2 , Andreas

From 5-pass MQ -based identification to MQ -based signatures Ming-Shing Chen 1 , 2 , Andreas

From 5-pass MQ -based identification to MQ -based signatures Ming-Shing Chen 1 , 2 , Andreas Hlsing 3 , Joost Rijneveld 4 , Simona Samardjiska 5 , Peter Schwabe 4 National Taiwan University 1 / Academia Sinica 2 , Taipei, Taiwan Eindhoven

707 views • 44 slides
and then one or more rigid motions applied to its image, the result is called a composition of

and then one or more rigid motions applied to its image, the result is called a composition of

D AY 48 C OMPOSITION OF RIGID MOTIONS I NTRODUCTION In the previous lessons, we took an in-depth study on the basic rigid motions, basically, rotations, reflections, translations and glide reflections, including their key properties. It is

354 views • 34 slides
&amp; Parallel Computing New Syllabus 2019-20 Visit : python.mykvs.in for regular updates

&amp; Parallel Computing New Syllabus 2019-20 Visit : python.mykvs.in for regular updates

Chapter 4 : Computer Science Cloud Class XI ( As per CBSE Board) &amp; Parallel Computing New Syllabus 2019-20 Visit : python.mykvs.in for regular updates Cloud Computing In Cloud Computing, Cloud refers to a Internet or Network or

246 views • 9 slides
Debugging Highly-Parallel Programs Joo M. Loureno , Jos C. Cunha and Vitor Duarte CITI /

Debugging Highly-Parallel Programs Joo M. Loureno , Jos C. Cunha and Vitor Duarte CITI /

Debugging Highly-Parallel Programs Joo M. Loureno , Jos C. Cunha and Vitor Duarte CITI / Universidade Nova de Lisboa joao.lourenco@fct.unl.pt 1 Why do programs have errors? Problem Problem solved! Devise a Write a computational

224 views • 18 slides
While waiting for our session to begin: 1. Make sure you have a DARS report with your intended

While waiting for our session to begin: 1. Make sure you have a DARS report with your intended

While waiting for our session to begin: 1. Make sure you have a DARS report with your intended program (electronic or printed is fine) If you do not have a DARS, please visit the CAE lab now to print one Before we begin the presentation

435 views • 26 slides
PARALLEL SESSION B SUPPLIES TO MULTIPLE LOCATION ENTITIES 17-18 April 2014 Tokyo, Japan Rob

PARALLEL SESSION B SUPPLIES TO MULTIPLE LOCATION ENTITIES 17-18 April 2014 Tokyo, Japan Rob

PARALLEL SESSION B SUPPLIES TO MULTIPLE LOCATION ENTITIES 17-18 April 2014 Tokyo, Japan Rob Dalla Costa Australian Treasury Which approach is for you? The Guidelines contained a range of approaches Direct use, Direct delivery, and the

596 views • 8 slides

More recommend