comparing state spaces in automatic security protocol
play

Comparing State Spaces in Automatic Security Protocol Verification - PowerPoint PPT Presentation

Jul 22, 2023 •376 likes •831 views

Comparing State Spaces in Automatic Security Protocol Verification Comparing State Spaces in Automatic Security Protocol Verification Pascal Lafourcade & Cas Cremers Comparing State Spaces in Automatic Security Protocol Verification

  1. Comparing State Spaces in Automatic Security Protocol Verification Comparing State Spaces in Automatic Security Protocol Verification Pascal Lafourcade & Cas Cremers

  2. Comparing State Spaces in Automatic Security Protocol Verification Motivations Cryptographic Protocols

  3. Comparing State Spaces in Automatic Security Protocol Verification Motivations Cryptographic Protocols

  4. Comparing State Spaces in Automatic Security Protocol Verification Motivations Cryptographic Protocols

  5. Comparing State Spaces in Automatic Security Protocol Verification Motivations Information Security Everywhere • The world is distributed and based on networked information systems. • Protocols essential to developing networked services and new applications. Security errors in protocol design are costly

  6. Comparing State Spaces in Automatic Security Protocol Verification Motivations Example: Needham-Schroeder Protocol 1978

  7. Comparing State Spaces in Automatic Security Protocol Verification Motivations Example: Needham-Schroeder Protocol 1978

  8. Comparing State Spaces in Automatic Security Protocol Verification Motivations Example: Needham-Schroeder Protocol 1978

  9. Comparing State Spaces in Automatic Security Protocol Verification Motivations Example: Needham-Schroeder Protocol 1978 { N A , N B } K A { N A , A } K B { N B } K B

  10. Comparing State Spaces in Automatic Security Protocol Verification Motivations Example: Needham-Schroeder Protocol 1978 { N A , N B } K A { N A , A } K B { N B } K B

  11. Comparing State Spaces in Automatic Security Protocol Verification Motivations Lowe Attack on the Needham-Schroeder so-called “Man in the middle attack”

  12. Comparing State Spaces in Automatic Security Protocol Verification Motivations Lowe Attack on the Needham-Schroeder so-called “Man in the middle attack”

  13. Comparing State Spaces in Automatic Security Protocol Verification Motivations Lowe Attack on the Needham-Schroeder so-called “Man in the middle attack”

  14. Comparing State Spaces in Automatic Security Protocol Verification Motivations Lowe Attack on the Needham-Schroeder so-called “Man in the middle attack”

  15. Comparing State Spaces in Automatic Security Protocol Verification Motivations Lowe Attack on the Needham-Schroeder so-called “Man in the middle attack”

  16. Comparing State Spaces in Automatic Security Protocol Verification Motivations Lowe Attack on the Needham-Schroeder so-called “Man in the middle attack”

  17. Comparing State Spaces in Automatic Security Protocol Verification Motivations Lowe Attack on the Needham-Schroeder so-called “Man in the middle attack”

  18. Comparing State Spaces in Automatic Security Protocol Verification Motivations Necessity of Tools • Protocols are small recipes. • Non trivial to design and understand. • The number and size of new protocols. • Out-pacing human ability to rigourously analyze them. GOAL : A tool is finding flaws or establishing their correctness. • completely automated,

  19. Comparing State Spaces in Automatic Security Protocol Verification Motivations How can we compare all these tools “fairly”? State of the art • Time performence comparison of AVISPA Tools L. Vigano “Automated Security Protocol Analysis With the AVISPA Tool” ENTCS 2006. • Usability comparison between AVISPA

  20. Comparing State Spaces in Automatic Security Protocol Verification Motivations Outline 1 Motivations 2 State Spaces Notations Results 3 Settings Tools Protocols and PC

  21. Comparing State Spaces in Automatic Security Protocol Verification State Spaces Outline 1 Motivations 2 State Spaces Notations Results 3 Settings Tools Protocols and PC

  22. Comparing State Spaces in Automatic Security Protocol Verification State Spaces Notations Terminology • A run is a single (possibly partial) instance of a role, performed by an agent. • A run description of a protocol with | R | roles is a set of roles. An element of a run description is of the form r ( a 1 , a 2 , . . . , a | R | ), where r denotes the role that the run is performing. • A Scenario is a multiset of run

  23. Comparing State Spaces in Automatic Security Protocol Verification State Spaces Notations Definitions and Properties (I) Let n be an integer, and let s be a scenario. • Traces is the set of all traces (possible executions of the protocol) of any length, and any combination of agents. • MaxRuns(n) is the set of traces with at most n runs. ∀ n ∈ N : MaxRuns( n ) ⊂ Traces (1)

  24. Comparing State Spaces in Automatic Security Protocol Verification State Spaces Results Definitions and Properties (II) • RepScen(s) is the set of traces built only with runs that are present in s . The runs defined by the scenario s can be executed any number of times. In other words, each run in each trace corresponds to an element of s .

  25. Comparing State Spaces in Automatic Security Protocol Verification State Spaces Results Number of Agents According to [Comon & Cortier 2004] • Only a single dishonest (compromised) agent e , is enough. • For the verification of secrecy, only a single honest agent a is sufficient. • For the verification of authentication, we

  26. Comparing State Spaces in Automatic Security Protocol Verification State Spaces Results Minimal Number of Scenarios With 2 agents and 1 intruder for X ( a 1 , . . . , a | R | ), we get | R | ∗ 2 ∗ 3 ( | R |− 1) different possible run descriptions. Now we choose a multiset of n run descriptions: � | R | ∗ 2 ∗ 3 ( | R |− 1) + n − 1 � n

  27. Comparing State Spaces in Automatic Security Protocol Verification State Spaces Results Using Burnside Lemma • { a → a , b → b } (the trivial renaming) • { a → b , b → a } We get � | R |∗ 3 ( | R |− 1) + n � 2 ∗| R |∗ 3 ( | R |− 1) + n − 1 2 − 1 � � + ǫ n n n 2 k ( n , | R | ) = 2

  28. Comparing State Spaces in Automatic Security Protocol Verification Settings Outline 1 Motivations 2 State Spaces Notations Results 3 Settings Tools Protocols and PC

  29. Comparing State Spaces in Automatic Security Protocol Verification Settings Tools 6 Tools Compared • Avispa : OFMC: On-the-fly Model-Checker employs several symbolic techniques to explore the state space in a demand-driven way. CL-AtSe: Constraint-Logic-based Attack Searcher applies constraint solving with simplification heuristics and redundancy elimination techniques. SATMC: SAT-based Model-Checker builds a propositional formula encoding all the

  30. Comparing State Spaces in Automatic Security Protocol Verification Settings Protocols and PC 4 Protocols analyzed • Needham-Schroeder • Needham-Schroeder Lowe • EKE: Encrypted Key Exchange (using symetric and asymetric encryption) • TLS: Transport Layer Security (larger protocol)

  31. Comparing State Spaces in Automatic Security Protocol Verification Settings Protocols and PC EKE 0. A->B: {Ea}_Kab | Key exchange part 1. B->A: {{K}_Ea}_Kab | 2. A->B: {Ca}_K | 3. B->A: {Ca,Cb}_K | Challenge/Response 4. A->B: {Cb}_K | Authentication part TLS 0. A->B: A, Na, Sid, Pa | Pa is a cryptosuite offer 1. B->A: Nb, Sid, Pb | Pb is B’s counteroffer

  32. Comparing State Spaces in Automatic Security Protocol Verification Results Outline 1 Motivations 2 State Spaces Notations Results 3 Settings Tools Protocols and PC

  33. Comparing State Spaces in Automatic Security Protocol Verification Results Secrecy

  34. Comparing State Spaces in Automatic Security Protocol Verification Results Secrecy Needham-Schroeder-Lowe : secrecy of na and nb for A,B 1000 Casper/FDR CL-Atse OFMC ProVerif Sat-MC Scyther TA4SP 100 time (s) 10

  35. Comparing State Spaces in Automatic Security Protocol Verification Results Secrecy EKE : secrecy of k for A,B timeout Casper/FDR CL-Atse OFMC 1000 ProVerif Sat-MC Scyther TA4SP 100 time (s) 10

  36. Comparing State Spaces in Automatic Security Protocol Verification Results Secrecy TLS : secrecy of ck and sk for A,B timeout CL-Atse OFMC ProVerif Sat-MC 1000 Scyther TA4SP 100 time (s) 10

  37. Comparing State Spaces in Automatic Security Protocol Verification Results Authentication Needham-Schroeder : authentication of A,B timeout Casper/FDR CL-Atse OFMC 1000 ProVerif Sat-MC Scyther 100 time (s) 10

  38. Comparing State Spaces in Automatic Security Protocol Verification Results Authentication Needham-Schroeder-Lowe : authentication of A,B timeout Casper/FDR CL-Atse OFMC 1000 ProVerif Sat-MC Scyther 100 time (s) 10

  39. Comparing State Spaces in Automatic Security Protocol Verification Results Authentication EKE : authentication of A,B timeout Casper/FDR CL-Atse OFMC 1000 ProVerif Sat-MC Scyther 100 time (s) 10

  40. Comparing State Spaces in Automatic Security Protocol Verification Results Authentication TLS : authentication of A,B timeout CL-Atse OFMC Sat-MC 1000 Scyther 100 time (s) 10

  41. Comparing State Spaces in Automatic Security Protocol Verification Conclusion & Perspective Outline 1 Motivations 2 State Spaces Notations Results 3 Settings Tools Protocols and PC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

IN3210 Network Security Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals: Authentication Integrity Confidentiality Transparent security protocol between TCP and application

1k views • 66 slides
AppsPlayground: Automatic Security Analysis of Smartphone Applications Vaibhav Rastogi , Yan Chen,

AppsPlayground: Automatic Security Analysis of Smartphone Applications Vaibhav Rastogi , Yan Chen,

AppsPlayground: Automatic Security Analysis of Smartphone Applications Vaibhav Rastogi , Yan Chen, and William Enck Lab for Internet and Security Technology, Northwestern University North Carolina State University h li S i i 1

1.22k views • 19 slides
SCNP: A protocol for automatic, decentralized and scalable IP network configuration T. Delaet

SCNP: A protocol for automatic, decentralized and scalable IP network configuration T. Delaet

Motivation Our Solution Summary SCNP: A protocol for automatic, decentralized and scalable IP network configuration T. Delaet Department of Computer Science K.U.Leuven IFIP/IEEE International Workshop on Self-Managed Systems & Services,

547 views • 18 slides
Search in State Spaces 26th September 2019 Petter Kristiansen Search in State Spaces Many

Search in State Spaces 26th September 2019 Petter Kristiansen Search in State Spaces Many

Search in State Spaces 26th September 2019 Petter Kristiansen Search in State Spaces Many problems can be solved by using some form of search in a state space. We look at the following methods: Backtracking (Ch. 10)

476 views • 44 slides
How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web,

How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web,

How Well Do My Results Generalize? Comparing Security and Privacy Survey Results from MTurk, Web, and Telephone Samples Elissa M. Redmiles, Sean Kross, and Michelle L. Mazurek @eredmil1 eredmiles@cs.umd.edu 30+ papers in the Top 4 security

560 views • 35 slides
Protocol Security Engineering "

Protocol Security Engineering "

Can we avoid Protocol Security meltdown? Brian Monahan Trusted Systems Lab HP Labs, Bristol, UK Tel: +44 (0)117 312-8935 Email: brian_monahan@hp.com Presented at STORK : Towards a Roadmap for Future Research 26-27 November 2002 What is

203 views • 3 slides
Automated Reasoning for Security Protocol Analysis The ASW Protocol Revisited: A Unified View

Automated Reasoning for Security Protocol Analysis The ASW Protocol Revisited: A Unified View

Automated Reasoning for Security Protocol Analysis The ASW Protocol Revisited: A Unified View Paul Hankes Drielsma and Sebastian M odersheim Information Security, ETH Zurich ARSPA Paul Hankes Drielsma 1 Introduction ASW: an

508 views • 14 slides
IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer fmajstor@cisco.com Cisco Systems, Inc. 1 fmajstor@cisco.com, IPv6 Security Agenda IPv6 Primer IPv6 Protocol

241 views • 21 slides
Cryptography and Network Security IPSEC Security architecture and protocol stack Secure

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure applications: Applicaz. (SHTTP) PGP, SHTTP, SFTP, or SSL/TLS Security down in the TCP protocol stack -SSL between TCP IPSEC and applic. layer

723 views • 59 slides
6.1 Representation of State Spaces 5.7. Foundations 5. State Spaces 6.

6.1 Representation of State Spaces 5.7. Foundations 5. State Spaces 6.

Foundations of Artificial Intelligence March 4, 2016 6. State-Space Search: Representation of State Spaces Foundations of Artificial Intelligence 6.1 Representation of State Spaces 6. State-Space Search: Representation of State Spaces 6.2

188 views • 4 slides
Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement

Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement

Automatic Enrollment and Automatic IRAs David C. John The Heritage Foundation The Retirement Security Project Automatic Enrollment Works Legal since 1999. All legal questions resolved 2006. Most larger 401(k)s incorporate automatic

137 views • 13 slides
The HTTP Protocol The HTTP Protocol How to write servers and clients in Java Anders Mller

The HTTP Protocol The HTTP Protocol How to write servers and clients in Java Anders Mller

Objectives Objectives How the HTTP protocol works An Introduction An Introduction to XML and Web Technologies to XML and Web Technologies The SSL security extension from a programmer's point of view The HTTP Protocol The HTTP Protocol

433 views • 10 slides
1 Roscoe 95, Schneider 96, Compositionality Language Approach Abadi-Gordon97

1 Roscoe 95, Schneider 96, Compositionality Language Approach Abadi-Gordon97

Probabilistic Polynomial-Time Standard analysis methods Process Calculus for Security Finite-state analysis Protocol Analysis Easier Dolev-Yao model Symbolic search of protocol runs Proofs of correctness in formal logic

258 views • 7 slides
Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing

Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing

Automatic Discovery of Evasion Vulnerabilities Using Targeted Protocol Fuzzing antti.levomaki@forcepoint.com opi@forcepoint.com WHO? ANTTI LEVOMKI OLLI-PEKKA NIEMI Research Scientist Director of Research WHAT? NETWORK EVASIONS +

463 views • 18 slides
Vincent van der Eijk && Erik Lamers Comparing IPv4 port security to IPv6 port security

Vincent van der Eijk && Erik Lamers Comparing IPv4 port security to IPv6 port security

A Comparative Security Evaluation for IPv4 and IPv6 Addresses Vincent van der Eijk && Erik Lamers Comparing IPv4 port security to IPv6 port security Scanning the Internet for profit, ethically. 2 Why do we need to know this? IPv6

279 views • 16 slides
Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike

Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike

1/18 Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike Stadtlnder May 17, 2018 2/18 Outline Motivation Tamarin-Prover Overview Language and Environment State Demo Goals for the Lab . 3/18

1.33k views • 99 slides
Key to Understanding/Complying with ADA Individualized Decision-making Get and use facts

Key to Understanding/Complying with ADA Individualized Decision-making Get and use facts

4/27/2016 The ADA: Understanding the Reasonable Accommodation Obligation Sharon Rennert Senior Attorney Advisor ADA/GINA Division Key to Understanding/Complying with ADA Individualized Decision-making Get and use facts about

91 views • 6 slides
Games with more than 1 round Repeated prisoners dilemma Suppose this game is to be played 10

Games with more than 1 round Repeated prisoners dilemma Suppose this game is to be played 10

Games with more than 1 round Repeated prisoners dilemma Suppose this game is to be played 10 times. What should you do? Player 2 High Price Low Price Player 1 High Price 100 , 100 -10 , 200 200 , - 10 20 , 20 Low Price What if there

507 views • 13 slides
THE MOST IMPORTANT CAREER CONVERSATION WE DON'T WANT TO HAVE Preparing for Salary Negotiations

THE MOST IMPORTANT CAREER CONVERSATION WE DON'T WANT TO HAVE Preparing for Salary Negotiations

THE MOST IMPORTANT CAREER CONVERSATION WE DON'T WANT TO HAVE Preparing for Salary Negotiations RONDA ANSTED , DMGT, MSW (DOCTORATE OF MANAGEMENT, MASTERS IN SOCIAL WORK) FOUNDER OF BE THE CHANGE CAREER CONSULTING CREATOR OF MY CAREER DESIGN

418 views • 12 slides
CS356 Unit 12 Processor Hardware Organization Pipelining 12.2 From combinational to sequential

CS356 Unit 12 Processor Hardware Organization Pipelining 12.2 From combinational to sequential

12.1 CS356 Unit 12 Processor Hardware Organization Pipelining 12.2 From combinational to sequential logic BASIC HW 12.3 Logic Circuits Combinational Combinational Logic Logic Outputs Inputs Performs a specific function (Usually

709 views • 57 slides
Retrieving the Structure of Utility Graphs Used In Multi-Item Negotiation Through Collaborative

Retrieving the Structure of Utility Graphs Used In Multi-Item Negotiation Through Collaborative

Retrieving the Structure of Utility Graphs Used In Multi-Item Negotiation Through Collaborative Filtering Valentin Robu, Han La Poutr CWI, Center for Mathematics & Computer Science Amsterdam, The Netherlands COMSOC Workshop, Dec. 2006 1

420 views • 15 slides
JPOs initiatives Commissioner Akira Matsunaga November 7th 2019 Table of Contents 1.

JPOs initiatives Commissioner Akira Matsunaga November 7th 2019 Table of Contents 1.

JPOs initiatives Commissioner Akira Matsunaga November 7th 2019 Table of Contents 1. Background 2. JPOs Initiatives (1) Guide to Licensing Negotiations Involving Standard Essential Patents (SEPs) (2) Hantei Advisory -Opinion

548 views • 24 slides
NEGOTIATION IN THE MARKET PLACE UYOUKO NYONG Leadership Expert and Business Coach Uyouko Nyong

NEGOTIATION IN THE MARKET PLACE UYOUKO NYONG Leadership Expert and Business Coach Uyouko Nyong

ASPIRE FOR EXCELLENCE CONFERENCE NEGOTIATION IN THE MARKET PLACE UYOUKO NYONG Leadership Expert and Business Coach Uyouko Nyong Business Series SCRIPTURES Can two walk together, except they be agreed? Amos 3:3 (KJV) Come now, and let us

490 views • 28 slides
Faculty Recruiting and Retention Panel Jack Stankovic, Virginia Eric Roberts, Stanford Stu Zw

Faculty Recruiting and Retention Panel Jack Stankovic, Virginia Eric Roberts, Stanford Stu Zw

Faculty Recruiting and Retention Panel Jack Stankovic, Virginia Eric Roberts, Stanford Stu Zw eben, Ohio State Outline Purpose/mechanics of study NSF funded; CRA supported Recruitment - data analysis (Eric) Retention - data

520 views • 20 slides

More recommend