deconstructing alice bob
play

Deconstructing Alice & Bob Carlos Caleiro CLC, Dep. - PowerPoint PPT Presentation

Dec 20, 2022 •39 likes •539 views

Deconstructing Alice & Bob Carlos Caleiro CLC, Dep. Mathematics, IST, TU Lisbon, Portugal Luca Vigan` o and David Basin Dep. Computer Science, ETH Zurich, Switzerland ARSPA05 Lisbon, Portugal July 16, 2005 Deconstructing

  1. Deconstructing Alice & Bob Carlos Caleiro CLC, Dep. Mathematics, IST, TU Lisbon, Portugal Luca Vigan` o and David Basin Dep. Computer Science, ETH Zurich, Switzerland ARSPA’05 – Lisbon, Portugal – July 16, 2005 Deconstructing Alice & Bob – p. 1

  2. The context Formal analysis of security protocols Strand spaces, multiset rewriting, theorem proving ... – p. 2

  3. The context Formal analysis of security protocols Strand spaces, multiset rewriting, theorem proving ... Distributed temporal logic Caleiro, Viganò and Basin. Relating strand spaces and distributed temporal logic for security protocol analysis . Logic Journal of the IGPL, in print. Caleiro, Viganò and Basin. Metareasoning about security protocols using distributed temporal logic . ENTCS 125(1):67–89, 2005. Caleiro, Viganò and Basin. Towards a metalogic for security protocol analysis . In Proceedings of the CombLog’04 Workshop, 2004. – p. 3

  4. The problem The Needham-Schroeder Public-Key Authentication Protocol ( nspk 1 ) a → b : ( n 1 ) . { n 1 ; a } K b ( nspk 2 ) b → a : ( n 2 ) . { n 1 ; n 2 } K a ( nspk 3 ) a → b { n 2 } K b : – p. 4

  5. The problem The Needham-Schroeder Public-Key Authentication Protocol ( nspk 1 ) a → b : ( n 1 ) . { n 1 ; a } K b ( nspk 2 ) b → a : ( n 2 ) . { n 1 ; n 2 } K a ( nspk 3 ) a → b { n 2 } K b : How to formalize a protocol specified in Alice&Bob-notation? What is the meaning of such protocol descriptions? How much is made explicit or left implicit? What is the expressive power of Alice&Bob-style protocol specifications? – p. 5

  6. A little philosophy and literary theory deconstruction “(noun) a method of critical analysis of language and text which emphasizes the relational quality of meaning and the assumptions implicit in forms of expression” taken from the Compact Oxford English Dictionary – p. 6

  7. The plan Preliminaries The standard semantics Good examples and bad examples Message forwarding and conditional abortion Opaque and transparent messages Incremental symbolic runs Characterization theorems Conclusion and further work – p. 7

  8. Preliminaries Messages are built from atomic messages (identifiers, numbers, and variables) by pairing, encryption and hashing Perfect cryptography Every message can be used as an encryption key and has an inverse for decryption Communication is asynchronous and takes place over a hostile network – p. 8

  9. Preliminaries Messages are built from atomic messages (identifiers, numbers, and variables) by pairing, encryption and hashing Perfect cryptography Every message can be used as an encryption key and has an inverse for decryption Communication is asynchronous and takes place over a hostile network Honest actions s ( M, A ) — sending the message M to the principal A r ( M ) — receiving the message M f ( N ) — generating the fresh number N – p. 9

  10. Preliminaries In general, a protocol description in Alice&Bob-notation involves a collection of principal variables corresponding to protocol participants ( a i ) and of number variables ( n j ), and consists of a sequence � step 1 . . . step m � of message exchange steps, each of the form ( step q ) a s → a r : ( n q 1 , . . . , n q t ) . M These steps are meant to prescribe a sequence of actions to be executed by each of the participants in a run of the protocol. But how? – p. 10

  11. Preliminaries In general, a protocol description in Alice&Bob-notation involves a collection of principal variables corresponding to protocol participants ( a i ) and of number variables ( n j ), and consists of a sequence � step 1 . . . step m � of message exchange steps, each of the form ( step q ) a s → a r : ( n q 1 , . . . , n q t ) . M These steps are meant to prescribe a sequence of actions to be executed by each of the participants in a run of the protocol. But how? – p. 11

  12. The standard semantics ( step q ) a s → a r : ( n q 1 , . . . , n q t ) . M The sequence of actions corresponding to the execution of a ’s role in the protocol is a - run = step a 1 � · · · � step a m , where step a q is defined by  � f ( n q 1 ) . . . f ( n q t ) . s ( M, a r ) � if a = a s   � r ( M ) � step a q = if a = a r   �� otherwise – p. 12

  13. A good example The Needham-Schroeder Public-Key Authentication Protocol ( nspk 1 ) a → b : ( n 1 ) . { n 1 ; a } K b ( nspk 2 ) b → a : ( n 2 ) . { n 1 ; n 2 } K a ( nspk 3 ) a → b { n 2 } K b : � f ( n 1 ) . s ( { n 1 ; a } K b , b ) . r ( { n 1 ; n 2 } K a ) . s ( { n 2 } K b , b ) � a - run : � r ( { n 1 ; a } K b ) . f ( n 2 ) . s ( { n 1 ; n 2 } K a , a ) . r ( { n 2 } K b ) � b - run : – p. 13

  14. A good example The Needham-Schroeder Public-Key Authentication Protocol ( nspk 1 ) a → b : ( n 1 ) . { n 1 ; a } K b ( nspk 2 ) b → a : ( n 2 ) . { n 1 ; n 2 } K a ( nspk 3 ) a → b { n 2 } K b : � f ( n 1 ) . s ( { n 1 ; a } K b , b ) . r ( { n 1 ; n 2 } K a ) . s ( { n 2 } K b , b ) � a - run : – p. 14

  15. A good example The Needham-Schroeder Public-Key Authentication Protocol ( nspk 1 ) a → b : ( n 1 ) . { n 1 ; a } K b ( nspk 2 ) b → a : ( n 2 ) . { n 1 ; n 2 } K a ( nspk 3 ) a → b { n 2 } K b : � f ( n 1 ) . s ( { n 1 ; a } K b , b ) . r ( { n 1 ; n 2 } K a ) . s ( { n 2 } K b , b ) � a - run : � r ( { n 1 ; a } K b ) . f ( n 2 ) . s ( { n 1 ; n 2 } K a , a ) . r ( { n 2 } K b ) � b - run : – p. 15

  16. Another example The Otway-Rees Authentication/Key-Exchange Protocol ( or 1 ) a → b : ( n 1 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ( or 2 ) b → s ( n 2 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ; { n 2 ; i ; a ; b } K bs : ( or 3 ) s → b : ( k ) . i ; { n 1 ; k } K as ; { n 2 ; k } K bs ( or 4 ) b → a : i ; { n 1 ; k } K as – p. 16

  17. Another example The Otway-Rees Authentication/Key-Exchange Protocol ( or 1 ) a → b : ( n 1 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ( or 2 ) b → s ( n 2 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ; { n 2 ; i ; a ; b } K bs : ( or 3 ) s → b : ( k ) . i ; { n 1 ; k } K as ; { n 2 ; k } K bs ( or 4 ) b → a : i ; { n 1 ; k } K as b - run : b - possrun : � r ( i ; a ; b ; { n 1 ; i ; a ; b } K as ) . � r ( i ; a ; b ; m 1 ) . f ( n 2 ) . f ( n 2 ) . s ( i ; a ; b ; { n 1 ; i ; a ; b } K as ; { n 2 ; i ; a ; b } K bs , s ) . s ( i ; a ; b ; m 1 ; { n 2 ; i ; a ; b } K bs , s ) . r ( i ; { n 1 ; k } K as ; { n 2 ; k } K bs ) . r ( i ; m 2 ; { n 2 ; k } K bs ) . s ( i ; { n 1 ; k } K as , a ) � s ( i ; m 2 , a ) � – p. 17

  18. A bad example The Otway-Rees Authentication/Key-Exchange Protocol ( or 1 ) a → b : ( n 1 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ( or 2 ) b → s ( n 2 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ; { n 2 ; i ; a ; b } K bs : ( or 3 ) s → b : ( k ) . i ; { n 1 ; k } K as ; { n 2 ; k } K bs ( or 4 ) b → a : i ; { n 1 ; k } K as b - run : b - possrun : � r ( i ; a ; b ; { n 1 ; i ; a ; b } K as ) . � r ( i ; a ; b ; m 1 ) . f ( n 2 ) . f ( n 2 ) . s ( i ; a ; b ; { n 1 ; i ; a ; b } K as ; { n 2 ; i ; a ; b } K bs , s ) . s ( i ; a ; b ; m 1 ; { n 2 ; i ; a ; b } K bs , s ) . r ( i ; { n 1 ; k } K as ; { n 2 ; k } K bs ) . r ( i ; m 2 ; { n 2 ; k } K bs ) . s ( i ; { n 1 ; k } K as , a ) � s ( i ; m 2 , a ) � – p. 18

  19. Message variables The Otway-Rees Authentication/Key-Exchange Protocol ( or 1 ) a → b : ( n 1 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ( or 2 ) b → s ( n 2 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ; { n 2 ; i ; a ; b } K bs : ( or 3 ) s → b : ( k ) . i ; { n 1 ; k } K as ; { n 2 ; k } K bs ( or 4 ) b → a : i ; { n 1 ; k } K as b - run : symbolic b - possrun : � r ( i ; a ; b ; { n 1 ; i ; a ; b } K as ) . � r ( i ; a ; b ; m 1 ) . f ( n 2 ) . f ( n 2 ) . s ( i ; a ; b ; { n 1 ; i ; a ; b } K as ; { n 2 ; i ; a ; b } K bs , s ) . s ( i ; a ; b ; m 1 ; { n 2 ; i ; a ; b } K bs , s ) . r ( i ; { n 1 ; k } K as ; { n 2 ; k } K bs ) . r ( i ; m 2 ; { n 2 ; k } K bs ) . s ( i ; { n 1 ; k } K as , a ) � s ( i ; m 2 , a ) � – p. 19

  20. Message variables The Otway-Rees Authentication/Key-Exchange Protocol ( or 1 ) a → b : ( n 1 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ( or 2 ) b → s ( n 2 ) . i ; a ; b ; { n 1 ; i ; a ; b } K as ; { n 2 ; i ; a ; b } K bs : ( or 3 ) s → b : ( k ) . i ; { n 1 ; k } K as ; { n 2 ; k } K bs ( or 4 ) b → a : i ; { n 1 ; k } K as b - run : symbolic b - possrun : � r ( i ; a ; b ; { n 1 ; i ; a ; b } K as ) . � r ( i ; a ; b ; m 1 ) . Message f ( n 2 ) . f ( n 2 ) . s ( i ; a ; b ; { n 1 ; i ; a ; b } K as ; { n 2 ; i ; a ; b } K bs , s ) . s ( i ; a ; b ; m 1 ; { n 2 ; i ; a ; b } K bs , s ) . Forwarding r ( i ; { n 1 ; k } K as ; { n 2 ; k } K bs ) . r ( i ; m 2 ; { n 2 ; k } K bs ) . s ( i ; { n 1 ; k } K as , a ) � s ( i ; m 2 , a ) � – p. 20

  21. Another bad example The Asokan-Shoup-Waidner Optimistic Fair-Exchange Subprotocol ( asw 1 ) a → b ( n 1 ) . { K a ; K b ; t ; H ( n 1 ) } K − 1 : a ( asw 2 ) b → a : ( n 2 ) . {{ K a ; K b ; t ; H ( n 1 ) } K − 1 a ; H ( n 2 ) } K − 1 b ( asw 3 ) a → b : n 1 ( asw 4 ) b → a : n 2 – p. 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

= = = f f BOB BOB not does like not like = Alice Bob Alice Bob not Bob Coecke

= = = f f BOB BOB not does like not like = Alice Bob Alice Bob not Bob Coecke

picture logic for info-flow in language and physics (incl. the Lambek vs. Lambek battle) That flowin phyling October 2010 ALICE ALICE f f f f = = = f f BOB BOB not does like not like = Alice Bob Alice Bob not Bob

1.06k views • 94 slides
C Constructing i (and Deconstructing) (and Deconstructing) the Postmortem Interval the

C Constructing i (and Deconstructing) (and Deconstructing) the Postmortem Interval the

C Constructing i (and Deconstructing) (and Deconstructing) the Postmortem Interval the Postmortem Interval H. Gill-King, Ph.D., D-ABFA Center for Human Identification Center for Human Identification Graduate School of Biomedical Sciences

1.22k views • 62 slides
01 Meet ALICE ALICE A sset L imited I ncome C onstrained E mployed ALICE How we learned

01 Meet ALICE ALICE A sset L imited I ncome C onstrained E mployed ALICE How we learned

01 Meet ALICE ALICE A sset L imited I ncome C onstrained E mployed ALICE How we learned about ALICE How we got organized ALICE Steering Committee ALICE Research Advisory Committee ALICE Marketing Workgroup 28 United Ways

366 views • 21 slides
= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

The logic of quantum mechanics - take II Bob Coecke arXiv:1204.3458 ALICE ALICE f f f f = = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice Bob not pregroup grammar An alternative

1.29k views • 118 slides
Introduction to Alice Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides

Introduction to Alice Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides

3/18/13 CS101 Lecture 20 Introduction to Alice Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides Credit: Joel Adams, Alice in Action With thanks to John Magee for his guidance about these materials Alice A modern

447 views • 26 slides
2018 ALICE Report Overview Do You Know ALICE? ALICE is an acronym that stands for Asset

2018 ALICE Report Overview Do You Know ALICE? ALICE is an acronym that stands for Asset

2018 ALICE Report Overview Do You Know ALICE? ALICE is an acronym that stands for Asset Limited, Income Constrained, Employed. ALICE households have earnings above the Federal Poverty Level, but below a basic cost-of-living threshold. 2

292 views • 10 slides
= = = f f BOB BOB meaning vectors of words not does like = not like Alice Bob Alice

= = = f f BOB BOB meaning vectors of words not does like = not like Alice Bob Alice

The logic of quantum mechanics - take II arXiv:1204.3458 ALICE ALICE f f f f = = = f f BOB BOB meaning vectors of words not does like = not like Alice Bob Alice Bob not pregroup grammar genesis genesis

978 views • 79 slides
= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

= = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob Alice

Physics, Language, Maths & Music (partly in arXiv:1204.3458) Bob Coecke, Oxford, CS-Quantum SyFest, Vienna, July 2013 ALICE ALICE f f f f = = = f f BOB BOB meaning vectors of words not does like not like = Alice Bob

1.03k views • 83 slides
Introduction to Alice 23 October 2012 Alice is named in honor of Lewis Carroll s Alice in

Introduction to Alice 23 October 2012 Alice is named in honor of Lewis Carroll s Alice in

10/22/12 CS101 Lecture 16 Introduction to Alice 23 October 2012 Alice is named in honor of Lewis Carroll s Alice in Wonderland Slides Credit: Joel Adams, Alice in Action With thanks to John Magee for his guidance about these materials

548 views • 27 slides
Alice TPC DCS 1 ALICE underground ACR CR1 CR2 CR3 CR4 PLUG ~50m ~15m ALICE BEAM DETECTOR

Alice TPC DCS 1 ALICE underground ACR CR1 CR2 CR3 CR4 PLUG ~50m ~15m ALICE BEAM DETECTOR

Alice TPC DCS 1 ALICE underground ACR CR1 CR2 CR3 CR4 PLUG ~50m ~15m ALICE BEAM DETECTOR ~55m 2 5.6.02 L.Jirdn Access ACR CR1 CR2 Cavern only CR3 accessible during CR4 shutdowns ! PLUG ~50m ~15m ALIC BEAM E DETECTO R ~55m 3

413 views • 30 slides
DIGITAL SIGNATURES 1 / 74 Signing by hand ALICE Pay Bob $100 COSMO ALICE

DIGITAL SIGNATURES 1 / 74 Signing by hand ALICE Pay Bob $100 COSMO ALICE

DIGITAL SIGNATURES 1 / 74 Signing by hand ALICE Pay Bob $100 COSMO ALICE Cosmo Alice Alice Bank =? no yes pay Bob Dont 2 / 74 Signing electronically SIGFILE scan Alice 101 1

654 views • 43 slides
Pine Grove Area School District ALiCE Implementation What is ALiCE? ALiCE is an options-based

Pine Grove Area School District ALiCE Implementation What is ALiCE? ALiCE is an options-based

Pine Grove Area School District ALiCE Implementation What is ALiCE? ALiCE is an options-based response which can increase survivability when faced with an active intruder situation. The program relies on the premise of providing information ,

195 views • 18 slides
Alice The 3D Object-Oriented Programming Environment Presentation by: Tom Goff What is Alice?

Alice The 3D Object-Oriented Programming Environment Presentation by: Tom Goff What is Alice?

Alice The 3D Object-Oriented Programming Environment Presentation by: Tom Goff What is Alice? Alice is a freely available, innovative way of teaching OOP concepts to students through storytelling. The user acts like the director of movie

308 views • 17 slides
Events (Alice In Ac.on, Ch 6) Slides Credit: Joel Adams, Alice in

Events (Alice In Ac.on, Ch 6) Slides Credit: Joel Adams, Alice in

CS 101 Lecture 26/27 Events (Alice In Ac.on, Ch 6) Slides Credit: Joel Adams, Alice in Action Objectives Programming to respond to events Create new events in Alice Create handler methods for Alice events

392 views • 17 slides
Deconstructing MinBFT for Security and Verifiability Vincent Rahli, Francisco Rocha, Marcus V

Deconstructing MinBFT for Security and Verifiability Vincent Rahli, Francisco Rocha, Marcus V

Deconstructing MinBFT for Security and Verifiability Vincent Rahli, Francisco Rocha, Marcus V olp, and Paulo Esteves-Verissimo http://wwwen.uni.lu/snt/research/critix March 15, 2016 Vincent Rahli Deconstructing MinBFT March 15, 2016

335 views • 15 slides
with ALICE at the LHC M. Gagliardi (INFN Torino) for the ALICE collaboration Workshop on

with ALICE at the LHC M. Gagliardi (INFN Torino) for the ALICE collaboration Workshop on

Quarkonium and heavy flavour physics with ALICE at the LHC M. Gagliardi (INFN Torino) for the ALICE collaboration Workshop on discovery physics at the LHC Kruger National Park (SA) 06/12/2010 1 Outline Physics motivation(s) The ALICE

956 views • 34 slides
Event Deconstruction: example with top quarks Davison E. Soper University of Oregon W ork

Event Deconstruction: example with top quarks Davison E. Soper University of Oregon W ork

Event Deconstruction: example with top quarks Davison E. Soper University of Oregon W ork with Michael Spannowsky MIAPP , Munich, August 2014 1 Introduction One can examine the fine grained structure of events in order to dig out new

373 views • 15 slides
GISTIC Somatic Copy Number Alterations SCNAs Step 1 Copy Number Segregation Circular Binary

GISTIC Somatic Copy Number Alterations SCNAs Step 1 Copy Number Segregation Circular Binary

GISTIC Somatic Copy Number Alterations SCNAs Step 1 Copy Number Segregation Circular Binary Segregation (Olshen 04) Step 2 Identification/Separation of Underlying SCAs Ziggurat Deconstruction ZD performs this likelihood maximization by

523 views • 19 slides
Deconstruction Kevlin Henney kevlin@curbralan.com @KevlinHenney S O L I D Single e

Deconstruction Kevlin Henney kevlin@curbralan.com @KevlinHenney S O L I D Single e

SOLID Deconstruction Kevlin Henney kevlin@curbralan.com @KevlinHenney S O L I D Single e Responsib onsibil ility ity Open-Close osed Liskov ov Substituti itution on Inter erfac face e Segregati egation Depen enden dency

862 views • 65 slides
Drawing Planar Cubic 3-Connected Graphs with Few Segments: Algorithms & Experiments Alex

Drawing Planar Cubic 3-Connected Graphs with Few Segments: Algorithms & Experiments Alex

Drawing Planar Cubic 3-Connected Graphs with Few Segments: Algorithms & Experiments Alex Igamberdiev Wouter Meulemans Andr e Schulz Graph complexity Complexity of a graph G = ( V, E ) Usually | V | , | E | , etc. Graph complexity

739 views • 57 slides
Examining Gambling Deconstructing Media Messages Do you think the message in this image is

Examining Gambling Deconstructing Media Messages Do you think the message in this image is

Examining Gambling Deconstructing Media Messages Do you think the message in this image is misleading/manipulative? Discuss. Why does this image link poker to sport? In what way is poker like/unlike a sport? Are the messages misleading? How

475 views • 6 slides
Playing with Haskell Data Neil Mitchell Overview The boilerplate problem

Playing with Haskell Data Neil Mitchell Overview The boilerplate problem

Playing with Haskell Data Neil Mitchell Overview The boilerplate problem Haskells weakness (really!) Traversals and queries Generic traversals and queries Competitors (SYB and Compos) Benchmarks Data structures

824 views • 44 slides
Alex Martsinkovsky Functor Categories, Model Theory, and Constructive Category Theory Prnu

Alex Martsinkovsky Functor Categories, Model Theory, and Constructive Category Theory Prnu

D ECONSTRUCTING A USLANDER S F ORMULAS Alex Martsinkovsky Functor Categories, Model Theory, and Constructive Category Theory Prnu July 17, 2019 A LEX M ARTSINKOVSKY D ECONSTRUCTING A USLANDER S F ORMULAS J ULY 17, 2019 1 / 46 P LAN

1.15k views • 46 slides
Deconstructing a Monolith 1 / 105 Introduction I am Peter (@pjausovec) Software Engineer at

Deconstructing a Monolith 1 / 105 Introduction I am Peter (@pjausovec) Software Engineer at

Deconstructing a Monolith 1 / 105 Introduction I am Peter (@pjausovec) Software Engineer at Oracle Working on "cloud-native" stu Books: Cloud Native: Using Containers, Functions, and Data to Build Next-Gen Apps SharePoint

1.33k views • 105 slides

More recommend