automated composition of security protocols
play

Automated Composition of Security Protocols ela 1 , Iosif Ignat 2 and - PowerPoint PPT Presentation

Nov 02, 2022 •345 likes •683 views

Overview Introduction & Motivation Composition Experimental results Conclusion Automated Composition of Security Protocols ela 1 , Iosif Ignat 2 and Haller Piroska 1 Genge B 1 Petru Maior University of T argu Mure s, Romania

  1. Overview Introduction & Motivation Composition Experimental results Conclusion Automated Composition of Security Protocols ela 1 , Iosif Ignat 2 and Haller Piroska 1 Genge B´ 1 “Petru Maior” University of Tˆ argu Mure¸ s, Romania { bgenge, phaller } @engineering.upm.ro 2 Technical University of Cluj Napoca, Romania Iosif.Ignat@cs.utcluj.ro August 28, 2009 1 / 33

  2. Overview Introduction & Motivation Composition Experimental results Conclusion Presentation overview Introduction & Motivation Proposed composition method Security protocol specification Experimental results Conclusions and future work 2 / 33

  3. Overview Introduction & Motivation Composition Experimental results Conclusion Basic concepts Security protocols are “communication protocols dedicated to achieving security goals” (Cremers and Mauw, 2005) such as confidentiality, integrity or availability Over the last decade, researcher’s attention focused more on developing new security protocol design methods One of the most popular methods is the composition : building new protocols from several existing smaller protocols 3 / 33

  4. Overview Introduction & Motivation Composition Experimental results Conclusion Motivating scenario Service interconnection is a problem frequently encountered and addressed by many researchers today There are many proposals dealing with the composition of service capabilities (Srivastava et all 2003, Arpinar et all 2004, Feenstra et all 2007, ...) 4 / 33

  5. Overview Introduction & Motivation Composition Experimental results Conclusion Motivating scenario (cont’d) When using security protocols, the composition of services becomes a difficult task Existing solutions rely on using standard parameterized protocols implemented by every service ⇒ Services implementing new security protocols can not be composed with other services 5 / 33

  6. Overview Introduction & Motivation Composition Experimental results Conclusion Related work - security protocol composition One of the first proposals came from J.D. Guttman (Guttman, 2002), that used authentication tests as building blocks for multi-party authentication protocols Guttman’s authentication tests were later used by H.J. Choi (Choi, 2006) to develop a framework for constructing security protocols based on predefined protocols A. Datta et all (Datta et all, 2007) propose a method where the composition process starts out from initial protocol equations and tries to reach the properties modeled by the final equations, corresponding to the composed protocol S. Andova et all (Andova et all, 2008) propose a similar method to A. Datta, however, in this case the properties are verified automatically using an existing tool 6 / 33

  7. Overview Introduction & Motivation Composition Experimental results Conclusion Related work - security protocol composition (cont’d) The solutions proposed by Guttman and Choi rely on predefined protocols, thus applying them in the composition of existing protocols is not possible The solutions proposed by Datta et all and Andova et all rely on the user to construct the security protocol equations The solution proposed by Andova et all is semi-automatic because only the verification phase uses an automatic protocol verification tool 7 / 33

  8. Overview Introduction & Motivation Composition Experimental results Conclusion Protocol model Basic sets: P , N , K , C , M Encryption functions: FuncName ::= sk | pk | h | hmac Terms: T ::= . | R | N | K | C | M | (T , T) | { T } FuncName (T) Nodes and chains: � σ, t � , unde σ ∈ { + , −} , t ∈ T �± t 1 , ± t 2 , . . . , ± t n � ∈ ( ± T) ∗ Precondition-effect predicates: CON CONF , CON KEYEXCHANGE . . . ∈ PR CC Term type predicates: TYPE DN , TYPE KSYM . . . ∈ PR TYPE Participant and protocol models: ς = � prec , eff , type , gen , part , chain � ∈ MPART � { ς | ς ∈ MPART } ∈ MPROT 8 / 33

  9. Overview Introduction & Motivation Composition Experimental results Conclusion Composition of preconditions and effects Verifies that: the knowledge required to run a given protocol, expressed through the form of precondition predicates, is available the set of precondition and effect predicates is non-destructive The first condition is verified by applying the PART PREC predicate, defined for the ctx ∈ T ∗ context as: PART PREC ( ctx , eff 1 , prec 2 ) =  True , if eff 1 ⊆ prec 2 ∪ ,  {∪{ CON TERM ( t ) | t ∈ ctx }} , otherwise . False ,  The second condition is verified by applying the PART NONDESTR predicate, defined as: PART NONDESTR ( eff 1 , prec 2 , eff 2 ) =  True , if EF 1 � = CON CONF ∨   if EF 1 = CON CONF ∧ t 1 = t 2 then    ∃ EF 2 ( t 2 ) : EF 2 = CON CONF , ∀ EF 1 ( t 1 ) ∈ eff 1 ∧ ∀ PR 2 ( t 2 ) ∈ prec 2 ,     otherwise . False ,  9 / 33

  10. Overview Introduction & Motivation Composition Experimental results Conclusion Composition of preconditions and effects (cont’d) In order to denote the PE-composition of two participant or two protocol models, we use the following operators: For participant models: ≺ PE : MPART × MPART → MPART ς For protocol models: ≺ PE : MPROT × MPROT → MPROT ξ ≺ PE By applying the operator on two protocol models ξ 1 ξ and ξ 2 , we have that: ξ 1 ≺ PE ξ 2 � = ξ 2 ≺ PE ξ 1 ξ ξ 10 / 33

  11. Overview Introduction & Motivation Composition Experimental results Conclusion Composition of protocol chains Verifies if attacks can be constructed on each protocol by using terms extracted from the other protocols Such a method was proposed in our previous work (Genge 2007, Genge 2008) The condition we proposed through the form of a proposition, would provide protocol independence , meaning that composed protocols for which this condition is satisfied would maintain their security properties In order to prove the correctness of the proposition, we constructed a canonical protocol model, based on the presented protocol model 11 / 33

  12. Overview Introduction & Motivation Composition Experimental results Conclusion Composition of protocol chains (cont’d) In order to denote the PC-composition of participant and protocol models, we use the following operators: For participant models: ≺ PC : MPART × MPART → MPART ς For protocol models: ≺ PC : MPROT × MPROT → MPROT ξ ≺ PC By applying the operator on two protocol models ξ 1 ξ and ξ 2 , we have that: ξ 1 ≺ PC ξ 2 � = ξ 2 ≺ PC ξ 1 ξ ξ If two protocol models can be composed PE and PC, then these can be composed using the following operator: ≺ C : MPROT × MPROT → MPROT 12 / 33

  13. Overview Introduction & Motivation Composition Experimental results Conclusion Security protocol specification In order to test the proposed composition method, we first constructed a specification Each specification consists of several WSDL-S and OWL files: one WSDL-S and OWL file pair for each participant Specifications were constructed according to the protocol model presented in this paper 13 / 33

  14. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN security protocol specification Key exchange protocol Requires previous knowledge on the shared key K ab 14 / 33

  15. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model protocol roles: 15 / 33

  16. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model protocol roles: Model preconditions: 16 / 33

  17. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model protocol roles: Model preconditions: Model initial terms and roles: 17 / 33

  18. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model effects: 18 / 33

  19. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model effects: Model message 1: 19 / 33

  20. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model effects: Model message 1: Model message 2: 20 / 33

  21. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model message 3: 21 / 33

  22. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model message 3: Model message 4: 22 / 33

  23. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model comm terms: 23 / 33

  24. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model generated terms: 24 / 33

  25. Overview Introduction & Motivation Composition Experimental results Conclusion Part of Lowe’s BAN specification (cont’d) Model discovered terms: Model generated terms: 25 / 33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automated Web Service Composition in Practice: from Composition Requirements Specification to

Automated Web Service Composition in Practice: from Composition Requirements Specification to

Outline Automated Web Service Composition The Amazon-MPS Case study Conclusions and Future Works Automated Web Service Composition in Practice: from Composition Requirements Specification to Process Run. Annapaola Marconi , Marco Pistore and

730 views • 59 slides
Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea

Automated Detection of Guessing and Denial of Service Attacks in Security Protocols Marius Minea Politehnica University of Timi soara CMACS seminar, CMU, 18 March 2010 In this talk Formalizing attacks on protocols denial of service by

732 views • 45 slides
On the Composition of Public- - On the Composition of Public Coin Zero- -Knowledge Protocols

On the Composition of Public- - On the Composition of Public Coin Zero- -Knowledge Protocols

On the Composition of Public- - On the Composition of Public Coin Zero- -Knowledge Protocols Knowledge Protocols Coin Zero Rafael Pass (Cornell) Wei-Lung Dustin Tseng (Cornell) Douglas Wiktrm (KTH) 1 Zero Knowledge [GMR85] Zero

613 views • 22 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
Automated and machine-verified security proofs of stateful protocols Andreas Hess 1 Sebastian

Automated and machine-verified security proofs of stateful protocols Andreas Hess 1 Sebastian

Automated and machine-verified security proofs of stateful protocols Andreas Hess 1 Sebastian Mdersheim 1 Achim Brucker 2,3 Anders Schlichtkrull 1 1 Technical University of Denmark 2 The University of Sheffield 3 University of Exeter Overview 1

650 views • 26 slides
Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where it s needed But they are

941 views • 67 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides
Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography Reading Group Presenter: C t lin Hri cu References Verified Interoperable Implementations of Security Protocols. Karthikeyan Bhargavan,

922 views • 70 slides
Security protocols, crypto etc Computer Science Tripos part 2 Steven J. Murdoch Slides

Security protocols, crypto etc Computer Science Tripos part 2 Steven J. Murdoch Slides

Security protocols, crypto etc Computer Science Tripos part 2 Steven J. Murdoch Slides originally by Ross Anderson Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography

1.47k views • 118 slides
Composition of Cryptographic Protocols - Feasibility Muthu Venkitasubramaniam University of

Composition of Cryptographic Protocols - Feasibility Muthu Venkitasubramaniam University of

Composition of Cryptographic Protocols - Feasibility Muthu Venkitasubramaniam University of Rochester Some slides borrowed from Manoj, Huijia, Abhishek and Rafael Secure Multi-party Computation [Yao,Goldreich-Micali-Wigderson] Goal: Allow a

652 views • 63 slides
A Formal Model and Composition Language for Context-Aware Service Protocols Javier Cubo, Carlos

A Formal Model and Composition Language for Context-Aware Service Protocols Javier Cubo, Carlos

A Formal Model and Composition Language for Context-Aware Service Protocols A Formal Model and Composition Language for Context-Aware Service Protocols Javier Cubo, Carlos Canal, Ernesto Pimentel, Gwen Sala un University of M alaga, Spain

603 views • 10 slides
Outline Security Protocols Societal issues and cryptography CS 239 Key recovery

Outline Security Protocols Societal issues and cryptography CS 239 Key recovery

Outline Security Protocols Societal issues and cryptography CS 239 Key recovery cryptosystems Computer Security Designing secure protocols February 10, 2003 Basic protocols Key exchange Lecture 8 Lecture 8 Page 1 Page

148 views • 10 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
Protocol Composition Logic Arnab Roy joint work with A. Datta, A. Derek, N. Durgin, J.C.

Protocol Composition Logic Arnab Roy joint work with A. Datta, A. Derek, N. Durgin, J.C.

CS259: Security Analysis of Network Protocols, Winter 2008 Protocol Composition Logic Arnab Roy joint work with A. Datta, A. Derek, N. Durgin, J.C. Mitchell, D. Pavlovic Todays Plan First half The meaning, importance and technique of

729 views • 24 slides
Human Errors in Security Protocols David Basin joint work with Sa a Radomirovi and Lara

Human Errors in Security Protocols David Basin joint work with Sa a Radomirovi and Lara

Human Errors in Security Protocols David Basin joint work with Sa a Radomirovi and Lara Schmid Institute of Information Security Recap Security Protocols We have defined the Dolev-Yao adversary communicating agents that follow a

618 views • 51 slides
Addressing Homelessness Status report of the Mayors interim action plan to address

Addressing Homelessness Status report of the Mayors interim action plan to address

Addressing Homelessness Status report of the Mayors interim action plan to address homelessness and create new and safe alternatives. 4/12/17 CITY OF SEATTLE OFFICE OF MAYOR EDWARD B. MURRAY 1 Summary Navigation Team has had 291

312 views • 19 slides
CONGESTION MANAGEMENT PROCESS (CMP) TPB - August 27, 2015 2 Purpose To identify strategies

CONGESTION MANAGEMENT PROCESS (CMP) TPB - August 27, 2015 2 Purpose To identify strategies

1 MEMPHIS MPO 2015 CONGESTION MANAGEMENT PROCESS (CMP) TPB - August 27, 2015 2 Purpose To identify strategies aimed to address current and future congestion within the Memphis MPO planning area. 3 What is Congestion and its Causes

320 views • 17 slides
Oracle . CX Journey Mapping Workshop . designingcx.com CX Strategy Design Approach ISSUES /

Oracle . CX Journey Mapping Workshop . designingcx.com CX Strategy Design Approach ISSUES /

Oracle . CX Journey Mapping Workshop . designingcx.com CX Strategy Design Approach ISSUES / IMPACT OPPORTUNITIES STRATEGIC CUSTOMER NEEDS BUSINESS OBJECTIVES Emotional Acquisition Journey Retention Moment Efficiency INNOVATION

650 views • 54 slides
The Disability Conundrum How To Deal With Difficult Accommodation Issues MT SHRM Sumner

The Disability Conundrum How To Deal With Difficult Accommodation Issues MT SHRM Sumner

The Disability Conundrum How To Deal With Difficult Accommodation Issues MT SHRM Sumner County October 4, 2018 Presented by Fred J. Bissinger Background Information 2 Total Number of Charges Filed 100,000 Total Number of Charges Filed

465 views • 17 slides
Entanglement entropy in two-dimensional conformal field theory Pawe Grabiski University of

Entanglement entropy in two-dimensional conformal field theory Pawe Grabiski University of

Entanglement entropy in two-dimensional conformal field theory Pawe Grabiski University of Wrocaw 22 July 2016 Entanglement in 2dCFT Pawe Grabiski 1/12 Entanglement Density operator: = | | Reduced

508 views • 12 slides
Mesoscale Processes in the Climate System: Modeling and Parameterization V.N. Lykosov Lykosov

Mesoscale Processes in the Climate System: Modeling and Parameterization V.N. Lykosov Lykosov

International Conference on Environmental Observations, Modeling International Conference on Environmental Observations, Modeling and Information Systems (ENVIROMIS ENVIROMIS- -200 2008) 8) and Information Systems ( June, 28 28

941 views • 66 slides
Neural Networks and their applications The Hebbian rule in the brain Donald Hebb hypothesised

Neural Networks and their applications The Hebbian rule in the brain Donald Hebb hypothesised

Neural Networks and their applications The Hebbian rule in the brain Donald Hebb hypothesised in 1949 how neurons are connected with each other in the brain: When an axon of cell A is near enough to excite a cell B and repeatedly or

513 views • 17 slides
RADIO NEWS PREPARATION AND PRESENTATION PREPARED BY MATUTE MENYOLI CRTV SOUTH WEST The topic the

RADIO NEWS PREPARATION AND PRESENTATION PREPARED BY MATUTE MENYOLI CRTV SOUTH WEST The topic the

RADIO NEWS PREPARATION AND PRESENTATION PREPARED BY MATUTE MENYOLI CRTV SOUTH WEST The topic the organizers of this seminar have asked me to discuss with you is a very challenging and vast one. We have been asked to talk about news preparation

317 views • 6 slides

More recommend