comparison of cryptographic verification tools dealing
play

Comparison of Cryptographic Verification Tools Dealing with - PowerPoint PPT Presentation

Jan 08, 2023 •509 likes •1.01k views

Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE , Vanessa Terrade & Sylvain Vigier Universit e Joseph

  1. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE , Vanessa Terrade & Sylvain Vigier Universit´ e Joseph Fourier, VERIMAG 6th September 2009 Eindhoven 1 / 40

  2. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Basic Example : 2 / 40

  3. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Basic Example : 2 / 40

  4. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Basic Example : 2 / 40

  5. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Basic Example : Shamir 3-Pass Protocol 1 A → B : { m } K A 2 / 40

  6. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Basic Example : Shamir 3-Pass Protocol 1 A → B : { m } K A 2 B → A : {{ m } K A } K B 2 / 40

  7. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Basic Example : Shamir 3-Pass Protocol 1 A → B : { m } K A Commutative 2 → : {{ m } K A } K B = {{ m } K B } K A Encryption B A 2 / 40

  8. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Basic Example : Shamir 3-Pass Protocol 1 A → B : { m } K A Commutative 2 → : {{ m } K A } K B = {{ m } K B } K A Encryption B A 3 A → B : { m } K B 2 / 40

  9. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Logical Attack on Shamir 3-Pass Protocol (I) Perfect encryption one-time pad (Vernam Encryption) { m } k = m ⊕ k XOR Properties (ACUN) ◮ ( x ⊕ y ) ⊕ z = x ⊕ ( y ⊕ z ) A ssociativity ◮ x ⊕ y = y ⊕ x C ommutativity ◮ x ⊕ 0 = x U nity ◮ x ⊕ x = 0 N ilpotency 3 / 40

  10. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Logical Attack on Shamir 3-Pass Protocol (I) Perfect encryption one-time pad (Vernam Encryption) { m } k = m ⊕ k XOR Properties (ACUN) ◮ ( x ⊕ y ) ⊕ z = x ⊕ ( y ⊕ z ) A ssociativity ◮ x ⊕ y = y ⊕ x C ommutativity ◮ x ⊕ 0 = x U nity ◮ x ⊕ x = 0 N ilpotency Vernam encryption is a commutative encryption : {{ m } K A } K I = ( m ⊕ K A ) ⊕ K I = ( m ⊕ K I ) ⊕ K A = {{ m } K I } K A 3 / 40

  11. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Logical Attack on Shamir 3-Pass Protocol (II) Perfect encryption one-time pad (Vernam Encryption) { m } k = m ⊕ k Shamir 3-Pass Protocol 1 A → B : m ⊕ K A 2 B → A : ( m ⊕ K A ) ⊕ K B 3 → B : m ⊕ K B A Passive attacker : m ⊕ K A m ⊕ K B ⊕ K A m ⊕ K B 4 / 40

  12. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Logical Attack on Shamir 3-Pass Protocol (II) Perfect encryption one-time pad (Vernam Encryption) { m } k = m ⊕ k Shamir 3-Pass Protocol 1 A → B : m ⊕ K A 2 B → A : ( m ⊕ K A ) ⊕ K B 3 → B : m ⊕ K B A Passive attacker : m ⊕ K A ⊕ m ⊕ K B ⊕ K A ⊕ m ⊕ K B = m 4 / 40

  13. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Necessity of Tools ◮ Protocols are small recipes. ◮ Non trivial to design and understand. ◮ The number and size of new protocols. ◮ Out-pacing human ability to rigourously analyze them. GOAL : A tool is finding flaws or establishing their correctness. ◮ completely automated, ◮ robust, ◮ expressive, ◮ and easily usable. Existing Tools: AVISPA, Scyther, Proverif, Hermes, Casper/FDR, Murphi, NRL ... Comparison of Tools Dealing with Algebraic Properties ? 5 / 40

  14. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties State of the art ◮ Compariosn of NRL qnd Casper . C. Meadows “Analyzing the needham-schroeder public-key protocol: A comparison of two approaches”. In ESORICS 96 ◮ Time performence comparison of AVISPA Tools L. Vigano “Automated Security Protocol Analysis With the AVISPA Tool” ENTCS 2006. ◮ Usability comparison between AVISPA and HERMES M. Hussain and D. Seret “A Comparative study of Security Protocols Validation Tools: HERMES vs. AVISPA”. ICACT’06. ◮ Comparison on the ability to find some attacks. M. Cheminod, I. C. Bertolotti, L. Durante, R. Sisto, and A. Valenzano. “Experimental comparison of automatic tools for the formal analysis of cryptographic protocols”. DepCoSRELCOMEX 2007. ◮ Time efficiency comparison of: AVISPA, Proverif, Scyther, Casper/FDR Comparing State Spaces in Automatic Security Protocol 6 / 40 Verification” C. Cremers and P. Lafourcade. (AVoCS’07)

  15. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties 7 / 40

  16. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Outline Tools Protocol using Exclusive-Or using Diffie-Hellman Conclusion & Perspective 8 / 40

  17. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Tools Outline Tools Protocol using Exclusive-Or using Diffie-Hellman Conclusion & Perspective 9 / 40

  18. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Tools Tools Dealing with Exclusive-Or and Diffie-Hellman ◮ Avispa : ◮ OFMC: On-the-fly Model-Checker employs several symbolic techniques to explore the state space in a demand-driven way. ◮ CL-Atse: Constraint-Logic-based Attack Searcher applies constraint solving with simplification heuristics and redundancy elimination techniques. ◮ Proverif : Analyses unbounded number of session using over-approximation with Horn Clauses. ◮ XOR-ProVerif and DH-ProVerif: are two tools developed by Kuesters et al for analyzing cryptographic protocols with Exclusive-Or and Diffie-Hellman properties, using ProVerif PC DELL E4500 Intel dual Core 2.2 Ghz with 2 GB of RAM. 10 / 40

  19. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Protocol Outline Tools Protocol using Exclusive-Or using Diffie-Hellman Conclusion & Perspective 11 / 40

  20. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Protocol Notations: ◮ A , B , S ... : principals ◮ messages M i : messages ◮ N A , N B : nonces ◮ PK A , PK B : public keys ◮ K AB : symmetric keys ◮ a prime number by P , ◮ a primitive root by G . ◮ Exclusive-Or is denoted by A ⊕ B ◮ the exponentiation of G by the nonce N A is denoted by G N A . We use protocols from “ Survey of Algebraic Properties Used in Cryptographic Protocols”, V. Cortier, S. Delaune and P. Lafourcade. 12 / 40

  21. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Protocol using Exclusive-Or Wired Equivalent Privacy Protocol: WEP A , B : principals X : any principal (B or the intruder) M 1 , M 2 : messages K AB : symmetric key RC 4: function modeling the RC4 algorithm (message,symmetric key → message) v : initial vector used with RC4 (a constant) C : intregrity checksum (message → message) 0. A − → X : v , ([ M 1 , C ( M 1 )] ⊕ RC 4( v , K AX )) 1. A − → B : v , ([ M 2 , C ( M 2 )] ⊕ RC 4( v , K AB )) 13 / 40

  22. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Protocol using Exclusive-Or WEP Survey attack ◮ OFMC 0.01 s ◮ CL-Atse less than 0.01 s ◮ XOR-ProVerif less than 1 s Same time for corrected version. 14 / 40

  23. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Protocol using Exclusive-Or M. Tatebayashi, N. Matsuzaki, and D.B Newman (1989) A , B , S : principals K A , K B : fresh symmetric keys PK S : public key of the server 1. A − → S : B , { K A } PK S 2. S − → B : A 3. B − → S : A , { K B } PK S 4. S − → A : B , K B ⊕ K A 15 / 40

  24. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Protocol using Exclusive-Or TMN UNSAFE, new attack 1. A − → S : B , { K A } PK S 2. S − → I : A 3. I(B) − → S : A , { K I } PK S 4. S − → I : B , K I ⊕ K A Hence I deduces K A , but not the survey attack based on { X } PK S ∗ { Y } PK S = { X ∗ Y } PK S . ◮ OFMC less one second ◮ CL-Atse less one second ◮ XOR-ProVerif: less one second 16 / 40

  25. Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Protocol using Exclusive-Or H-T Liaw, W-S Juang and C-K Lin A : the auctioneer B : the bidder T : the third party K : the bank d : the auctioneer’s public key t : the third party’s public key e : the bank’s public key c : the bidder’s public key 1 / pk : the corresponding private key to the public key pk . B info :bidder’s information. r : bidder’s random number. w , x , y , z : third party’s random number. B id : bidder’s specific number. 17 / 40

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique

Verification of cryptographic protocols: techniques, tools and link to cryptanalysis Vronique Cortier INRIA project Cassis, Loria CNRS, Nancy, France French/Japanese Symposium on Computer Security - Sept. 6th, 2005 Verification of

605 views • 46 slides
CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools

CS 356 Lecture 2 Cryptographic Tools Spring 2013 Chapter 2 Cryptographic Tools Cryptographic Tools Cryptographic algorithms important element in security services Review various types of elements symmetric encryption secure

1.27k views • 23 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (April 13, 2000 6:35 pm) I E S R

UMBC A B M A L T F O U M B C I M Y O R T 1 (April 13, 2000 6:35 pm) I E S R

Advanced VLSI Design VLSI Simulation CMPE 414/CMSC 691x Overview Design Automation is essential in dealing with the complexity of IC design and verification. There are a wide range of tools available: Analysis and verification tools to

388 views • 16 slides
Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification

Symbolic verification of cryptographic protocols using Tamarin Part 2 : Symbolic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018 Outline 1 Formal Models 2

1.01k views • 81 slides
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic protocols: Concurrent programs

946 views • 69 slides
Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and Algorithmic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018

1.23k views • 78 slides
Verifpal Cryptographic protocol analysis for students and engineers Nadim Kobeissi FOSDEM

Verifpal Cryptographic protocol analysis for students and engineers Nadim Kobeissi FOSDEM

Verifpal Cryptographic protocol analysis for students and engineers Nadim Kobeissi FOSDEM Brussels, February 2020 What is Formal Verification? Using software tools in order to obtain guarantees on the security of cryptographic components.

319 views • 21 slides
Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim

Towards Formal Verification in Cryptographic Web Applications A Three Year Evolution Nadim Kobeissi PROSECCO: Pro gramming Sec urely with C rypt o graphy. Team at INRIA Paris specializing in applied cryptography and formal verification.

357 views • 14 slides
Symbolic verification of cryptographic protocols using Tamarin Part 1 : Introduction David Basin

Symbolic verification of cryptographic protocols using Tamarin Part 1 : Introduction David Basin

Symbolic verification of cryptographic protocols using Tamarin Part 1 : Introduction David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018 Organization of the course Two

774 views • 74 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why

Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why

Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why it was created? Cryptographic protocol Paper in 2004 by Ian Goldberg , Nikita Borisov and Eric Brewer Conversations in the

299 views • 18 slides
Everything you need to know about Cryptography (unless youre a mathematician) Dont try

Everything you need to know about Cryptography (unless youre a mathematician) Dont try

Everything you need to know about Cryptography (unless youre a mathematician) Dont try this at home. Get an expert. Basic Cryptographic Tools Seriously though. Bad crypto ruins lives. Basic Cryptographic Tools Cryptographic Hash

177 views • 17 slides
Signed Cryptographic Program Verification with Typed C RYPTO L INE Yu-Fu Fu 1 , Jiaxiang Liu 2 ,

Signed Cryptographic Program Verification with Typed C RYPTO L INE Yu-Fu Fu 1 , Jiaxiang Liu 2 ,

Signed Cryptographic Program Verification with Typed C RYPTO L INE Yu-Fu Fu 1 , Jiaxiang Liu 2 , Xiaomu Shi 2 , Ming-Hsien Tsai 1 , Bow-Yaw Wang 1 , Bo-Yin Yang 1 1 Academia Sinica 2 Shenzhen University ACM CCS 2019 1/42 Outline Introduction 1

936 views • 79 slides
TOOLS TO REDUCE PRICE VOLATILITY IN AGRICULTURE MARKETS HOW WE ARE CURRENTLY DEALING WITH

TOOLS TO REDUCE PRICE VOLATILITY IN AGRICULTURE MARKETS HOW WE ARE CURRENTLY DEALING WITH

TOOLS TO REDUCE PRICE VOLATILITY IN AGRICULTURE MARKETS HOW WE ARE CURRENTLY DEALING WITH VOLATILITY? Felice ADINOLFI OUTLINE Volatility drivers Factors affecting farmers income risk How we are currently dealing with volatility?

119 views • 9 slides
MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan

MPRI 2-30: Automated Verification of Cryptographic Protocol Implementations K Bhargavan (Slides from A.D. Gordon and C. Fournet) Spring, 2014 Outline of Lectures Lecture 1 (Jan 22, Today) Intro to Verified Protocol Implementations

1.32k views • 112 slides
WP verification methodology and tools Paul Jackson School of Informatics University of Edinburgh

WP verification methodology and tools Paul Jackson School of Informatics University of Edinburgh

WP verification methodology and tools Paul Jackson School of Informatics University of Edinburgh Formal Verification Spring 2017 Levels of formal verification Checking freedom from run-time exceptions Dominant level for Spark tools

263 views • 8 slides
An Exploration of Group and Ring Signatures Sarah Meiklejohn ! ! ! ! UC San Diego Research

An Exploration of Group and Ring Signatures Sarah Meiklejohn ! ! ! ! UC San Diego Research

An Exploration of Group and Ring Signatures Sarah Meiklejohn ! ! ! ! UC San Diego Research Exam 4 February 2011 1 A real-world problem 2 A real-world problem 2 A real-world problem I need to tell the others! 2 A real-world problem

1.62k views • 158 slides
Introduction to Blockchain Technologies Sarah Azouvi (University College London) Privacy

Introduction to Blockchain Technologies Sarah Azouvi (University College London) Privacy

Introduction to Blockchain Technologies Sarah Azouvi (University College London) Privacy International Forum - 19/10/2017 1 Outline Outline How it works Outline How it works Privacy? Outline How it works Privacy? New applications

641 views • 62 slides
Legislative Visibility and ` Advocacy Skills Carolyn Caywood, Mary Crutchfield, Carol Noggle,

Legislative Visibility and ` Advocacy Skills Carolyn Caywood, Mary Crutchfield, Carol Noggle,

September 14, 2019 Grow Yo Your Sk Skills: A A To Toolkit for Local Leagues Legislative Visibility and ` Advocacy Skills Carolyn Caywood, Mary Crutchfield, Carol Noggle, Julia Tanner Legislative Visibility and Advocacy Lobbying vs

690 views • 29 slides
(WFH) Learning Objectives: Pros and cons, tips, opportunities, FAQs What is your biggest

(WFH) Learning Objectives: Pros and cons, tips, opportunities, FAQs What is your biggest

PHOTOGRAPH: NIVEK NESLO/GETTY IMAGES (WFH) Learning Objectives: Pros and cons, tips, opportunities, FAQs What is your biggest challenge working from home? Please type in your response in the chat window 1. Less time commuting to work (saves

249 views • 23 slides
UPDATE ON Screening for unruptured aneurysms INTRACRANIAL Who to screen? ANEURYSM

UPDATE ON Screening for unruptured aneurysms INTRACRANIAL Who to screen? ANEURYSM

2/16/2018 Current controversies UPDATE ON Screening for unruptured aneurysms INTRACRANIAL Who to screen? ANEURYSM What to do with small aneurysms? When to screen? How often? Nerissa U. Ko, MD, MAS Predicting aneurysms at

195 views • 4 slides
t.IPCyilxi.BE o o.E iTNCyilBotp Xi NCpl0 o2I P43 Here dumb 13 is to estimate a algorithm

t.IPCyilxi.BE o o.E iTNCyilBotp Xi NCpl0 o2I P43 Here dumb 13 is to estimate a algorithm

for Lampley estimation Simulation Idea Parameter via estimation 02 ENNIO Pot P X t E y yn N pot P X OI Assume known over 13 distribution Prior N 21 P we observe data D Suppose x y 7 Bayed 10431137 PCDlB P that Note D

298 views • 6 slides
CSCE 970 Lecture 8: Prediction Stephen Scott Structured Prediction and Vinod Variyam

CSCE 970 Lecture 8: Prediction Stephen Scott Structured Prediction and Vinod Variyam

CSCE 970 Lecture 8: Structured CSCE 970 Lecture 8: Prediction Stephen Scott Structured Prediction and Vinod Variyam Introduction Definitions Stephen Scott and Vinod Variyam Applications Graphical Models (Adapted from Sebastian Nowozin

953 views • 74 slides
Dynamical generation of decoherence: Universal scaling of decoherence factors Amit Dutta

Dynamical generation of decoherence: Universal scaling of decoherence factors Amit Dutta

Dynamical generation of decoherence: Universal scaling of decoherence factors Amit Dutta Department of Physics, Indian Institute of Technology Kanpur, India Acknowledgement : Tanay Nag, IIT Kanpur, Kanpur Dr. Shraddha Sharma, IIT Kanpur, Kanpur

804 views • 36 slides

More recommend