deduction with xor constraints in security api modelling
play

Deduction with XOR Constraints in Security API Modelling Graham - PowerPoint PPT Presentation

Feb 15, 2024 •242 likes •442 views

Deduction with XOR Constraints in Security API Modelling Graham Steel V I N E U R S E I H T Y T O H F G R E U D B I N 1 Automated Teller Machines ATM Maestro UK Hansabank HSBC Graham Steel XOR and Security APIs

  1. Deduction with XOR Constraints in Security API Modelling Graham Steel V I N E U R S E I H T Y T O H F G R E U D B I N

  2. 1 Automated Teller Machines ATM Maestro UK Hansabank HSBC Graham Steel XOR and Security APIs July 19, 2005

  3. Hardware Security Modules 2 Graham Steel XOR and Security APIs July 19, 2005

  4. �✁ ☎ ✂ ✄ ✁ �✁ ✁ ✂ ✁ ✂ ✄ �✁ ☎ 3 IBM 4758 - Control Vectors Mechanism to support many types of key: ‘role based access’ Keys stored outside box encrypted under master key XOR control vector E.g. data keys d1 km data Encrypt Data: Host HSM : d1 data , message km HSM Host : message d1 Graham Steel XOR and Security APIs July 19, 2005

  5. �✁ ✂ ✄ � ✄ ✂ ✁ ✂ ✁ �✁ ✄ ☎ ✄ ✄ ☎ ✁ �✁ ☎ � ☎ 4 Importing Key Parts ‘Separation of duty’ Typically used to import a ‘key encrypting key’ (kek) Key kek = k1 k2 Host HSM : k1, TYPE HSM Host : k1 km kp TYPE Host HSM : k1 TYPE , k2, TYPE km kp HSM Host : k1 k2 km TYPE Graham Steel XOR and Security APIs July 19, 2005

  6. ✄ ☎ �✁ �✁ ✂ ☎ ✁ ✄ ✄ ✁ ✂ ✂ �✁ �✁ ✂ ✁ � ✄ ✁ 5 Importing Encrypted Keys Exported from another 4758 under KEK TYPE First import KEK, obtaining KEK km imp Host HSM : KEY1 TYPE , TYPE, KEK KEK km imp HSM Host : KEY1 km TYPE Graham Steel XOR and Security APIs July 19, 2005

  7. ☎ ✁ ✁ ☎ ✄ � ✄ � ✄ ✂ ✁ ✂ � �✁ � �✁ ✄ � ✄ ✄ ✁ ✂ �✁ �✁ � ✂ 6 Attack (Bond, 2001) PIN derivation key: pdk kek pin kek k3 kp for known k3 Have key part km imp kek k3 imp , k3 pin data , imp Host HSM : km kp kek pin data HSM Host : km imp Graham Steel XOR and Security APIs July 19, 2005

  8. �✁ ✁ ✂ ✄ ☎ �✁ ✂ ✁ ✄ � ✂ �✁ ☎ ☎ ✄ ✁ ✂ ✁ ✄ � ☎ �✁ �✁ ✂ ✁ 7 Attack (Bond, 2001) (part 2) Key Import Host HSM : pdk pin , data, kek pin data kek km imp HSM Host : pdk km data Encrypt data Host HSM : pdk data , pan km HSM Host : pan pdk (= PIN!) Graham Steel XOR and Security APIs July 19, 2005

  9. ✁ ✁ �✁ � ✁ ☎ ✁ ✁ ✄ ✂ ✁ ✂ �✁ ✂ � ✄ ☎ � � � ✁ � � ✄ ☎ ✁ 8 Formal Modelling HSMs are ‘stateless’ P x if x is ‘public’ - i.e. outside HSM One clause for each command Host HSM : d1 data , message km HSM Host : message d1 P Msg P crypt km data D 1 P crypt D 1 Msg Graham Steel XOR and Security APIs July 19, 2005

  10. � � ✁ � � ✁ ✂ � � � ✁ ☎ 9 The Problem with XOR P x P y P x y Associativity and Commutativity Self-Inverse ( a b a b ) Graham Steel XOR and Security APIs July 19, 2005

  11. � � ✁ � � ☎ ✁ ✁ ✁ ✂ ✄ � ✁ ✄ � � ✄ � � � ☎ � ✁ ✄ � � ✁ ✂ ✁ � � ✄ ✂ ✁ ✁ ✁ ✄ � ✄ ☎ � � � � ✂ ✁ ✁ � ✄ ✄ ✁ ✂ � ✄ ✁ ✁ � ✁ �✁ ✂ ✄ ✄ ✄ ✁ � ✂ ✁ ✁ �✁ ✂ ✂ �✁ � ☎ ☎ � 10 XOR constraints Host HSM : KEY1 TYPE , TYPE, KEK KEK km imp HSM Host : KEY1 km TYPE P crypt X Key P Type P crypt km imp Kek ✁ ✁� P crypt km Type decrypt Kek Type crypt X Key decrypt K crypt K X X P crypt X Key P Type P crypt km imp Kek P crypt km Type Key IF Kek Type xor X Graham Steel XOR and Security APIs July 19, 2005

  12. � � � � � � � ✂ � � � 11 Checking Solubility Permit only inferences which leave soluble constraints Check: If there are any variables at XOR positions, it is soluble Otherwise count up all terms. If there are an even number of each term, it is soluble. If not, insoluble. Store in normal form x 1 x n t 1 t n Graham Steel XOR and Security APIs July 19, 2005

  13. 12 Subsumption Checking If C 1 subsumes C 2 without consideration of XOR constraints, then it is a valid subsumer iff: 1. C 1 has no XOR constraint or 2. C 1 and C 2 have the same XOR constraints after substitutions applied Graham Steel XOR and Security APIs July 19, 2005

  14. 13 Results T Implemented in da ac, [Vigneron, 1994] Bond’s attack shown above Import/Export Attack (also due to Bond) IBM’s own attack Attack on NSPKL variant - Jacquemard et al. model Graham Steel XOR and Security APIs July 19, 2005

  15. 14 4758 Attack 1 Graham Steel XOR and Security APIs July 19, 2005

  16. 15 Related Work Security APIs: Longley & Rigby, 1992 - Key management scheme without XOR Ganapathy et al, 2005 - Model checking for fragment of first attack Bond & Clulow - Work in progress on first-order model Protocols with XOR: Chevalier et al. , Comon-Shmatikov, 2003 - Insecurity shown decidable (bounded runs, NP). Basin, M¨ odersheim, Vigan` o, 2005 - General framework for OFMC (unimplemented) Graham Steel XOR and Security APIs July 19, 2005

  17. 16 Further Work Improve solving of final XOR constraint Look at new APIs for novel attacks Comparison to (special purpose) model checking PIN Block format analysis Graham Steel XOR and Security APIs July 19, 2005

  18. 17 Conclusions XOR constraints considerably improve reasoning capabilities of a FOTP when dealing with bitwise XOR Allow implicit encryption model to be used Allow forward, backward and mixed strategies Reduce explicit construction of terms by XOR http://dream.inf.ed.ac.uk/projects/aascs/ Graham Steel XOR and Security APIs July 19, 2005

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cumulative Scheduling and Pseudo-Boolean Constraints Deduction at Scale Albert Oliveras (+

Cumulative Scheduling and Pseudo-Boolean Constraints Deduction at Scale Albert Oliveras (+

Cumulative Scheduling and Pseudo-Boolean Constraints Deduction at Scale Albert Oliveras (+ Ignasi Ab o, Roberto As n, Robert Nieuwenhuis, Enric Rodr guez, Javier Larrosa, ...) Barcelogic Research Group, Tech. Univ. Catalonia,

643 views • 38 slides
Modelling for Constraint Modelling for Constraint Programming Programming Barbara Smith 2.

Modelling for Constraint Modelling for Constraint Programming Programming Barbara Smith 2.

Modelling for Constraint Modelling for Constraint Programming Programming Barbara Smith 2. Implied Constraints, Optimization, Dominance Rules 1 CP Summer School 2008 Implied Constraints Implied Constraints Implied constraints are

248 views • 20 slides
Chapter 1: Constraints What are they, what do they do and what can I use them for. 1

Chapter 1: Constraints What are they, what do they do and what can I use them for. 1

Constraint Logic Programming Chapter 1: Constraints What are they, what do they do and what can I use them for. 1 Constraints What are constraints? Modelling problems Constraint solving Tree constraints Other constraint

205 views • 19 slides
Computation and Deduction Lecture 15: Natural Deduction March 4, 1997 1. Natural Deduction 2.

Computation and Deduction Lecture 15: Natural Deduction March 4, 1997 1. Natural Deduction 2.

Computation and Deduction Lecture 15: Natural Deduction March 4, 1997 1. Natural Deduction 2. Local Reduction 3. Congruences 15.1 Predicate Logic i : type. % individuals o : type. % formulas %name i T S %name o A B C and : o -> o

214 views • 9 slides
Combining Deduction and Algebraic Constraints for Hybrid System Analysis Andr e Platzer

Combining Deduction and Algebraic Constraints for Hybrid System Analysis Andr e Platzer

Combining Deduction and Algebraic Constraints for Hybrid System Analysis Andr e Platzer University of Oldenburg, Department of Computing Science, Germany Verify07 at CADE07 Andr e Platzer (University of Oldenburg) Combining

975 views • 59 slides
Transport Modelling Topics and Background 1. Existing transport network constraints 2. Traffic

Transport Modelling Topics and Background 1. Existing transport network constraints 2. Traffic

MK East Local Stakeholder Group Briefing Note 29/01/19 Transport Modelling Topics and Background 1. Existing transport network constraints 2. Traffic modelling undertaken and Summary of Network Performance in the 2031 Reference Case and the

727 views • 48 slides
1 Why ELSS? Deduction U/s 80C Deduction can be claimed by investing in ELSS funds along

1 Why ELSS? Deduction U/s 80C Deduction can be claimed by investing in ELSS funds along

1 Why ELSS? Deduction U/s 80C Deduction can be claimed by investing in ELSS funds along with other prescribed investments u/s 80C upto Rs 1,50,000/- Exposure to equities with a long term horizon 3 Year lock in ensures money

577 views • 20 slides
Modelling Adaptation Policies as Domain-Specific Constraints Hui Song, Xiaodong Zhang, Nicolas

Modelling Adaptation Policies as Domain-Specific Constraints Hui Song, Xiaodong Zhang, Nicolas

Modelling Adaptation Policies as Domain-Specific Constraints Hui Song, Xiaodong Zhang, Nicolas Ferry, Franck Chauvel, Arnor Solberg, Gang Huang SINTEF ICT, Oslo, Norway Peking University, Beijing, China ICT VM Placement in Cloud vm

334 views • 17 slides
Parsing as Deduction Joseph K uhner March 24, 2007 Joseph K uhner Parsing as Deduction

Parsing as Deduction Joseph K uhner March 24, 2007 Joseph K uhner Parsing as Deduction

Outline Parsing Deduction System Parsing of CFG - Example CYK Tree Adjoining Grammars Parsing Deduction for Tree Adjoining Grammars (TAG) Agenda-Chart Deduction Procedure Parsing as Deduction Joseph K uhner March 24, 2007 Joseph K

536 views • 34 slides
Hyper Natural Deduction for Gdel Logic a natural deduction system for parallel reasoning 1

Hyper Natural Deduction for Gdel Logic a natural deduction system for parallel reasoning 1

Hyper Natural Deduction for Gdel Logic a natural deduction system for parallel reasoning 1 Norbert Preining Accelia Inc., Tokyo Joint work with Arnold Beckmann, Swansea University mla 2018 Kanazawa, March 2018 1 Partially supported by Royal

1.6k views • 123 slides
Presentation to Vermont House Ways and Means Committee Tax Analysis Medical Expense Deduction

Presentation to Vermont House Ways and Means Committee Tax Analysis Medical Expense Deduction

Presentation to Vermont House Ways and Means Committee Tax Analysis Medical Expense Deduction Income Fact Pattern Amounts Income: Interest 500 Gross Social security benefits 20,000 Less: Non-taxable social security (3,000) Retirement

252 views • 4 slides
Natural Deduction for Classical Propositional Logic Valentin Goranko DTU Informatics September

Natural Deduction for Classical Propositional Logic Valentin Goranko DTU Informatics September

Natural Deduction for Classical Propositional Logic Valentin Goranko DTU Informatics September 2010 1 Natural Deduction ND: System for structured deduction from a set of assumptions, based on rules, specific

142 views • 13 slides
Institute for Cyber Security Towards An Attribute Based Constraints Specification Language

Institute for Cyber Security Towards An Attribute Based Constraints Specification Language

Institute for Cyber Security Towards An Attribute Based Constraints Specification Language Khalid Zaman Bijon, Ram Krishnan and Ravi Sandhu Institute for Cyber Security University of Texas at San Antonio September 11, 2013 2013 ASE/IEEE

425 views • 17 slides
On Modelling Virtual Machine Consolidation to Pseudo-Boolean Constraints Bruno Cesar Ribas 1 , 3 ,

On Modelling Virtual Machine Consolidation to Pseudo-Boolean Constraints Bruno Cesar Ribas 1 , 3 ,

Introduction Related works Pseudo-Boolean Optimization PB formulation to Optimal VM consolidation Experiments Conclusion and Future Works On Modelling Virtual Machine Consolidation to Pseudo-Boolean Constraints Bruno Cesar Ribas 1 , 3 ,

486 views • 26 slides
Modelling Compression with Discourse Constraints James Clarke and Mirella Lapata School of

Modelling Compression with Discourse Constraints James Clarke and Mirella Lapata School of

Introduction Modelling Compression with Discourse Constraints James Clarke and Mirella Lapata School of Informatics University of Edinburgh EMNLP 2007, Prague James Clarke and Mirella Lapata 1 Introduction Outline Sentence Compression 1

538 views • 50 slides
Entity/Relationship Modelling Lecture 4 1 Outline E/R model (Chapter 5) From E/R

Entity/Relationship Modelling Lecture 4 1 Outline E/R model (Chapter 5) From E/R

Entity/Relationship Modelling Lecture 4 1 Outline E/R model (Chapter 5) From E/R diagrams to relational schemas (Chapter 5) Constraints in SQL (Chapter 4) 2 1. Database Design Modelling Decide which part of reality

483 views • 30 slides
Cloud storage at ARNES Andrej Bagon Arnes, p.p. 7, SI - 1001 Ljubljana andrej.bagon@arnes.si

Cloud storage at ARNES Andrej Bagon Arnes, p.p. 7, SI - 1001 Ljubljana andrej.bagon@arnes.si

Cloud storage at ARNES Andrej Bagon Arnes, p.p. 7, SI - 1001 Ljubljana andrej.bagon@arnes.si #10 TF-Storage, Ljubljana 21. 2. 2012 AGENDA FileSender @ ARNES Cloud storage @ ARNES FileSender @ ARNES Still in pilot period

169 views • 13 slides
Abusing luks to hack the system DeepSec 10-11 Nov 2016 Vienna, Austria Ismael Ripoll-Ripoll

Abusing luks to hack the system DeepSec 10-11 Nov 2016 Vienna, Austria Ismael Ripoll-Ripoll

Abusing luks to hack the system DeepSec 10-11 Nov 2016 Vienna, Austria Ismael Ripoll-Ripoll Hector Marco-Gisbert iripoll@upv.es hmarco@hmarco.org Universitat Politcnica de Valncia hector.marco@uws.ac.uk University of the West of

380 views • 34 slides
The IRT-Object in the RIPE Database: short status update (and some background) . vienna

The IRT-Object in the RIPE Database: short status update (and some background) . vienna

The IRT-Object in the RIPE Database: short status update (and some background) . vienna university computer center Wilfried Wber: ACOnet-CERT for TF-CSIRT, 17th Meeting Amsterdam, NL January 23, 2006 1 What happened since last

187 views • 8 slides
Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest

Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest

Encrypted File Systems Don Porter CSE 506 Goals Protect confidentiality of data at rest (i.e., on disk) Even if the media is lost or stolen Protecting confidentiality of in-memory data much harder Continue using file system features

227 views • 19 slides
C++ : An Introduction Lecture 11: Namespaces; Strings again Introducing Namespaces

C++ : An Introduction Lecture 11: Namespaces; Strings again Introducing Namespaces

C++ : An Introduction Lecture 11: Namespaces; Strings again Introducing Namespaces Namespaces are a relatively new C++ feature What problem do namespaces solve? What if you buy two different general-purpose class libraries from two

255 views • 23 slides
Composable Specifications for Structured Shared-Memory Communication Benjamin P . Wood , Adrian

Composable Specifications for Structured Shared-Memory Communication Benjamin P . Wood , Adrian

Composable Specifications for Structured Shared-Memory Communication Benjamin P . Wood , Adrian Sampson, Luis Ceze, Dan Grossman University of Washington 1 Code-Communication Specifications Writer Thread Reader Thread enqueue(...);

1.36k views • 107 slides
Security Protocols 2 A pattern for message exchange, specifying agent Analysing Security

Security Protocols 2 A pattern for message exchange, specifying agent Analysing Security

216 views • 6 slides
Constraint Satisfaction Problems R&N Chapter 5 Animations from

Constraint Satisfaction Problems R&N Chapter 5 Animations from

Constraint Satisfaction Problems R&N Chapter 5 Animations from http://www.cs.cmu.edu/~awm/animations/constraint 1 Outline Definitions Standard search Improvements Backtracking Forward checking Constraint

878 views • 46 slides

More recommend