automatic security analyses of network protocols with
play

Automatic Security Analyses of Network Protocols with Tamarin-Prover - PowerPoint PPT Presentation

Jan 18, 2024 •333 likes •1.33k views

1/18 Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike Stadtlnder May 17, 2018 2/18 Outline Motivation Tamarin-Prover Overview Language and Environment State Demo Goals for the Lab . 3/18

  1. 1/18 Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike Stadtländer May 17, 2018

  2. 2/18 Outline Motivation Tamarin-Prover Overview Language and Environment State Demo Goals for the Lab

  3. . ⌢ 3/18 The Thing with Proofs Consider the following “proof”: i i i i i Thus, clearly Lesson: It is easy to make subtle mistakes in proofs which makes them diffjcult to verify.

  4. . ⌢ 3/18 The Thing with Proofs Consider the following “proof”: i i i i i Thus, clearly Lesson: It is easy to make subtle mistakes in proofs which makes them diffjcult to verify.

  5. . ⌢ 3/18 The Thing with Proofs Consider the following “proof”: i i i i i Thus, clearly Lesson: It is easy to make subtle mistakes in proofs which makes them diffjcult to verify. − 1 1 = 1 − 1

  6. . ⌢ 3/18 i It is easy to make subtle mistakes in proofs which makes them Lesson: Thus, clearly i i i i diffjcult to verify. The Thing with Proofs Consider the following “proof”: √ √ − 1 1 = 1 − 1 1 1 = − 1 ⇒ − 1

  7. . ⌢ 3/18 The Thing with Proofs It is easy to make subtle mistakes in proofs which makes them Lesson: Thus, clearly i i i i i diffjcult to verify. Consider the following “proof”: √ √− 1 √ √ − 1 1 = 1 − 1 1 1 1 = 1 = √ √− 1 − 1 ⇒ − 1 ⇒

  8. . ⌢ 3/18 The Thing with Proofs It is easy to make subtle mistakes in proofs which makes them Lesson: Thus, clearly i i i i diffjcult to verify. Consider the following “proof”: √ √− 1 √ √ − 1 1 = 1 − 1 1 1 1 = 1 1 = 1 = √− 1 ⇒ i √ − 1 ⇒ − 1 ⇒

  9. . ⌢ 3/18 The Thing with Proofs It is easy to make subtle mistakes in proofs which makes them Lesson: Thus, clearly i diffjcult to verify. Consider the following “proof”: √ √− 1 √ √ − 1 1 = 1 − 1 1 1 1 = 1 1 = 1 = √− 1 ⇒ i √ − 1 ⇒ − 1 ⇒ ⇒ − 1 = i 2 = i i = 1

  10. 3/18 The Thing with Proofs It is easy to make subtle mistakes in proofs which makes them Lesson: ⌢ i diffjcult to verify. Consider the following “proof”: √ √− 1 √ √ − 1 1 = 1 − 1 1 1 1 = 1 1 = 1 = √− 1 ⇒ i √ − 1 ⇒ − 1 ⇒ ⇒ − 1 = i 2 = i i = 1 Thus, clearly − 1 = 1 .

  11. 3/18 The Thing with Proofs It is easy to make subtle mistakes in proofs which makes them Lesson: i diffjcult to verify. Consider the following “proof”: √ √− 1 √ √ − 1 1 = 1 − 1 1 1 1 = 1 1 = 1 = √− 1 ⇒ i √ − 1 ⇒ − 1 ⇒ ⇒ − 1 = i 2 = i i = 1 Thus, clearly − 1 = 1 . ⌢

  12. 3/18 The Thing with Proofs It is easy to make subtle mistakes in proofs which makes them Lesson: i diffjcult to verify. Consider the following “proof”: √ √− 1 √ √ − 1 1 = 1 − 1 1 1 1 = 1 1 = 1 = √− 1 ⇒ i √ − 1 ⇒ − 1 ⇒ ⇒ − 1 = i 2 = i i = 1 Thus, clearly − 1 = 1 . ⌢

  13. 3/18 The Thing with Proofs It is easy to make subtle mistakes in proofs which makes them Lesson: i diffjcult to verify for humans , at least. Consider the following “proof”: √ √− 1 √ √ − 1 1 = 1 − 1 1 1 1 = 1 1 = 1 = √− 1 ⇒ i √ − 1 ⇒ − 1 ⇒ ⇒ − 1 = i 2 = i i = 1 Thus, clearly − 1 = 1 . ⌢

  14. • “In our opinion, many proofs in cryptography have become • “We generate more proofs than we carefully verify (and as a 4/18 Experts on Security Proofs 1 essentially unverifjable. Our fjeld may be approaching a crisis of rigor. [...] game-playing may play a role in the answer.” Bellare and Rogaway 2004 consequence some of our published proofs are incorrect).” Halevi 2005 1 Slide inspired by Barthe (2014)

  15. • “We generate more proofs than we carefully verify (and as a 4/18 Experts on Security Proofs 1 essentially unverifjable. Our fjeld may be approaching a crisis of rigor. [...] game-playing may play a role in the answer.” Bellare and Rogaway 2004 consequence some of our published proofs are incorrect).” Halevi 2005 1 Slide inspired by Barthe (2014) • “In our opinion, many proofs in cryptography have become

  16. 4/18 Experts on Security Proofs 1 essentially unverifjable. Our fjeld may be approaching a crisis of rigor. [...] game-playing may play a role in the answer.” Bellare and Rogaway 2004 consequence some of our published proofs are incorrect).” Halevi 2005 1 Slide inspired by Barthe (2014) • “In our opinion, many proofs in cryptography have become • “We generate more proofs than we carefully verify (and as a

  17. • can verify a proof • can complete a partial proof • can fjnd a proof • can fjnd counter examples for disproof 5/18 The Cryptographer’s Wish List Wouldn’t it be great if we had a machine that of statements or security properties for a given protocol. Goal : Extensible framework for plug-and-play security.

  18. • can complete a partial proof • can fjnd a proof • can fjnd counter examples for disproof 5/18 The Cryptographer’s Wish List Wouldn’t it be great if we had a machine that of statements or security properties for a given protocol. Goal : Extensible framework for plug-and-play security. • can verify a proof

  19. • can fjnd a proof • can fjnd counter examples for disproof 5/18 The Cryptographer’s Wish List Wouldn’t it be great if we had a machine that of statements or security properties for a given protocol. Goal : Extensible framework for plug-and-play security. • can verify a proof • can complete a partial proof

  20. • can fjnd counter examples for disproof 5/18 The Cryptographer’s Wish List Wouldn’t it be great if we had a machine that of statements or security properties for a given protocol. Goal : Extensible framework for plug-and-play security. • can verify a proof • can complete a partial proof • can fjnd a proof

  21. 5/18 The Cryptographer’s Wish List Wouldn’t it be great if we had a machine that of statements or security properties for a given protocol. Goal : Extensible framework for plug-and-play security. • can verify a proof • can complete a partial proof • can fjnd a proof • can fjnd counter examples for disproof

  22. 5/18 The Cryptographer’s Wish List Wouldn’t it be great if we had a machine that of statements or security properties for a given protocol. Goal : Extensible framework for plug-and-play security. • can verify a proof • can complete a partial proof • can fjnd a proof • can fjnd counter examples for disproof

  23. • based on homotopy type theory • Univalent Foundations of Mathematics, Vladimir Voevodsky • e.g. “Proving the TLS Handshake Secure (as it is)” • based on constraint logic • symbolic analysis • e.g. “A Comprehensive Symbolic Analysis of TLS 1.3” • Mathematics: Coq • ProVerif, CryptoVerif, ... • EasyCrypt • Tamarin-Prover 6/18 Automatic Provers - A Status Quo (Bhargavan et al. 2014) (Cremers et al. 2017) Our Goal : Analyse IPSec protocol using automatic provers

  24. • e.g. “Proving the TLS Handshake Secure (as it is)” • based on constraint logic • symbolic analysis • e.g. “A Comprehensive Symbolic Analysis of TLS 1.3” • based on homotopy type theory • Univalent Foundations of Mathematics, Vladimir Voevodsky • ProVerif, CryptoVerif, ... • EasyCrypt • Tamarin-Prover 6/18 Automatic Provers - A Status Quo (Bhargavan et al. 2014) (Cremers et al. 2017) Our Goal : Analyse IPSec protocol using automatic provers • Mathematics: Coq

  25. • e.g. “Proving the TLS Handshake Secure (as it is)” • based on constraint logic • symbolic analysis • e.g. “A Comprehensive Symbolic Analysis of TLS 1.3” • Univalent Foundations of Mathematics, Vladimir Voevodsky • ProVerif, CryptoVerif, ... • EasyCrypt • Tamarin-Prover 6/18 Automatic Provers - A Status Quo (Bhargavan et al. 2014) (Cremers et al. 2017) Our Goal : Analyse IPSec protocol using automatic provers • Mathematics: Coq • based on homotopy type theory

  26. • e.g. “Proving the TLS Handshake Secure (as it is)” • based on constraint logic • symbolic analysis • e.g. “A Comprehensive Symbolic Analysis of TLS 1.3” • ProVerif, CryptoVerif, ... • EasyCrypt • Tamarin-Prover 6/18 Automatic Provers - A Status Quo (Bhargavan et al. 2014) (Cremers et al. 2017) Our Goal : Analyse IPSec protocol using automatic provers • Mathematics: Coq • based on homotopy type theory • Univalent Foundations of Mathematics, Vladimir Voevodsky

  27. • e.g. “Proving the TLS Handshake Secure (as it is)” • based on constraint logic • symbolic analysis • e.g. “A Comprehensive Symbolic Analysis of TLS 1.3” • EasyCrypt • Tamarin-Prover 6/18 Automatic Provers - A Status Quo (Bhargavan et al. 2014) (Cremers et al. 2017) Our Goal : Analyse IPSec protocol using automatic provers • Mathematics: Coq • based on homotopy type theory • Univalent Foundations of Mathematics, Vladimir Voevodsky • ProVerif, CryptoVerif, ...

  28. • based on constraint logic • symbolic analysis • e.g. “A Comprehensive Symbolic Analysis of TLS 1.3” • e.g. “Proving the TLS Handshake Secure (as it is)” • Tamarin-Prover 6/18 Automatic Provers - A Status Quo (Bhargavan et al. 2014) (Cremers et al. 2017) Our Goal : Analyse IPSec protocol using automatic provers • Mathematics: Coq • based on homotopy type theory • Univalent Foundations of Mathematics, Vladimir Voevodsky • ProVerif, CryptoVerif, ... • EasyCrypt

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Automatic Formal Analyses of Cryptographic Protocols 19th National Information Systems Security

Automatic Formal Analyses of Cryptographic Protocols 19th National Information Systems Security

Automatic Formal Analyses of Cryptographic Protocols 19th National Information Systems Security Conference October 22-25, 1996 Baltimore Convention Center Dr. Stephen H. Brackin Arca Systems, Inc. 303 E. Yates St., Ithaca, NY 14850

141 views • 12 slides
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic protocols: Concurrent programs

946 views • 69 slides
A First Step towards the Automatic Generation of Security Protocols Adrian Perrig and Dawn Song

A First Step towards the Automatic Generation of Security Protocols Adrian Perrig and Dawn Song

A First Step towards the Automatic Generation of Security Protocols Adrian Perrig and Dawn Song CMU, UCB Adrian Perrig and Dawn Song NDSS - APG 1 Difficulties in the Design of Security Protocols Usually ad-hoc, lacking formalism. Hidden

324 views • 19 slides
Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security

Security Analysis of Network Protocols John Mitchell Stanford University Usenix Security Symposium, 2008 Many Protocols Authentication and key exchange SSL/TLS, Kerberos, IKE, JFK, IKEv2, Wireless and mobile computing Mobile IP, WEP,

959 views • 71 slides
Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug

Introduction to Network Security Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data.

632 views • 32 slides
Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able

Intro, history, hacking Network Security Lecture 1 Welcome to Network Security Should be able to Skills identify design and Ability to analyze the implementation security of networked vulnerabilities in network systems protocols

564 views • 33 slides
Introduction to Network Security Chapter 6 Network Layer Protocols Dr. Doug Jacobson -

Introduction to Network Security Chapter 6 Network Layer Protocols Dr. Doug Jacobson -

Introduction to Network Security Chapter 6 Network Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics The network layer IP V4 BOOTP & DHCP IP V6 Common IP countermeasures Dr.

1.88k views • 152 slides
23-04-18 Advanced Network Security 3. Agreement and consensus I: concepts and protocols for

23-04-18 Advanced Network Security 3. Agreement and consensus I: concepts and protocols for

23-04-18 Advanced Network Security 3. Agreement and consensus I: concepts and protocols for crash failures Jaap-Henk Hoepman Digital Security (DS) Radboud University Nijmegen, the Netherlands @xotoxot // * jhh@cs.ru.nl // 8 www.cs.ru.nl/~jhh

115 views • 8 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where it s needed But they are

941 views • 67 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Introduction to Network Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson -

Introduction to Network Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson -

Introduction to Network Security Chapter 7 Transport Layer Protocols Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics TCP Layer Responsible for reliable end-to-end transfer of application data. TCP

912 views • 64 slides
Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
Security Analysis of Network Protocols John Mitchell Reference:

Security Analysis of Network Protocols John Mitchell Reference:

CS259 Winter 2008 Security Analysis of Network Protocols John Mitchell Reference: http://www.stanford.edu/class/cs259/ Course organization Lectures Tues, Thurs for approx first six weeks of quarter Project presentations in 3

805 views • 42 slides
Youth Empowerment Services, Inc. Request for Proposals (RFP No. 422) For Request for Services

Youth Empowerment Services, Inc. Request for Proposals (RFP No. 422) For Request for Services

Youth Empowerment Services, Inc. Request for Proposals (RFP No. 422) For Request for Services May 26, 2020 6:30 PM CST uberconference.com/ effectivesolutions YES, INC. STAFF BRENDA WATERS, KELLEN BEGIN, NELSON WATSON III, CLAUDETTE

636 views • 42 slides
Hardware Garbage Collection Martha Barker (mmb2295) CSEE 4840: Embedded System Design Spring

Hardware Garbage Collection Martha Barker (mmb2295) CSEE 4840: Embedded System Design Spring

Hardware Garbage Collection Martha Barker (mmb2295) CSEE 4840: Embedded System Design Spring 2019 Architecture Userspace Op Memory Generator Garbage Collector Userspace Reference Program Communication Read/Write interface over Avalon

476 views • 10 slides
Optional Practical Training (OPT) for International Students Career Services for GW International

Optional Practical Training (OPT) for International Students Career Services for GW International

Optional Practical Training (OPT) for International Students Career Services for GW International Students Graduate School Career Centers & Staff GWSB, ESIA, GSEHD, SEAS, LAW, MISPH, CPS, GSPM, Trachtenberg School Many

313 views • 9 slides
TSP SM /PSP SM at Intuit SEI SEPG 2005 March 7 - 10, 2005 Eileen Fagan Software Engineering

TSP SM /PSP SM at Intuit SEI SEPG 2005 March 7 - 10, 2005 Eileen Fagan Software Engineering

TSP SM /PSP SM at Intuit SEI SEPG 2005 March 7 - 10, 2005 Eileen Fagan Software Engineering Process Manager Intuit, Inc. Noopur Davis Software Engineering Institute 1 1 1 Agenda Who is Intuit? What is TSP/PSPand Not?

672 views • 36 slides
Emergency Vehicle Awareness Matthew Ige, Rachel Kinney, Bailey Parker, PJ Piantone, Andrew Zhu

Emergency Vehicle Awareness Matthew Ige, Rachel Kinney, Bailey Parker, PJ Piantone, Andrew Zhu

Emergency Vehicle Awareness Matthew Ige, Rachel Kinney, Bailey Parker, PJ Piantone, Andrew Zhu Emergency Vehicle Early Warning System Background Our Approach Our Models Client/Server - Cellular Peer to Peer - RF Benchmarks

516 views • 39 slides
Returning To Work May 7, 2020 Disclaimer These are suggestions based on our research and how

Returning To Work May 7, 2020 Disclaimer These are suggestions based on our research and how

Returning To Work May 7, 2020 Disclaimer These are suggestions based on our research and how we plan to work through this at UWW. Welcome & Objectives Before returning to your offices, we will need to reassess our understanding of the

208 views • 17 slides
Impact of Chinas COVID-19 Outbreak on the Automotive Industry and Recovery Connect with

Impact of Chinas COVID-19 Outbreak on the Automotive Industry and Recovery Connect with

May 2020 Impact of Chinas COVID-19 Outbreak on the Automotive Industry and Recovery Connect with Philippe: Presentation by Philippe Thegner, Senior Advisor, Automobility Ltd. & Chairman of AASA China Aftermarket Forum Overview of

150 views • 14 slides
Service Sharing and Tribal Health Departments: Initial Considerations Shared Services Learning

Service Sharing and Tribal Health Departments: Initial Considerations Shared Services Learning

Service Sharing and Tribal Health Departments: Initial Considerations Shared Services Learning Community Meeting January 22-24, 2014 San Diego, CA Christine Hovell, R.N., B.S.N, Public Health Manager/Health Officer, Jackson County Department

675 views • 25 slides

More recommend