logic of authentication
play

Logic of Authentication Dennis Kafura Derived from materials - PowerPoint PPT Presentation

Dec 23, 2022 •220 likes •387 views

Logic of Authentication Dennis Kafura Derived from materials authored by: Burrows, Abadi, Needham CS 6204, Spring 2005 1 Goals and Scope Goals develop a formalism to reason about authentication protocols uses determine

  1. Logic of Authentication Dennis Kafura Derived from materials authored by: Burrows, Abadi, Needham CS 6204, Spring 2005 1

  2. Goals and Scope ♦ Goals – develop a formalism to reason about authentication protocols – uses • determine guarantees provided by a protocol • compare assumptions needed by different protocols • identify extraneous protocol steps ♦ Out of scope concerns – defects in practical implementations (e.g., deadlocks) – hostile or malicious parties CS 6204, Spring 2005 2

  3. Outline ♦ Notation – Symbols for keys, principals, etc. – Constructs related to beliefs, signatures, etc. ♦ Formalism – Logic postulates : formal rules for reasoning about beliefs – Annotations of protocol steps – Usual logical primitives (conjunction denoted by “,”) ♦ Method – Form idealized protocol – Define assumptions – Prove properties based on logic postulates ♦ Examples – Kerberos – Andrews Secure RPC handshake – Needham-Schroeder Public Key Protocol – CCITT/X.509 Protocol CS 6204, Spring 2005 3

  4. Notation ♦ Principals – A, B, S, … ♦ Keys – Shared keys: K ab , K bs – Public keys: K a , K b ,… – Secret keys: K a-1 , K b-1 , … ♦ Statements – N a , N b ,… CS 6204, Spring 2005 4

  5. Constructs P believes X P is entitled to believe that (or may act as if) X is true P sees X P received a message containing X P said X P sent a message containing X at some time in the past P controls X P is authoritative for X fresh (X) X is within the current run of the protocol P � K � Q K is a shared secret key between P and Q � K � P P has public key K P =X= Q X is a shared secret between P and Q {X} K X encrypted with K <X> Y X combined with Y CS 6204, Spring 2005 5

  6. Logic Postulates (1) (1) Message meaning rules: Secret key Public key Shared secret CS 6204, Spring 2005 6

  7. Logic Postulates (2) (2) Nonce Verification rule: (3) Jurisdiction rule: CS 6204, Spring 2005 7

  8. Logic Postulates (3) (4) Visibility rules: (5) Freshness rule: CS 6204, Spring 2005 8

  9. Annotations and Goals The steps in a protocol are annotated with logical formulas before the first step and after each step: • if X holds before the message P � Q : Y then both X and Q sees Y holds afterwards, • if Y can be derived from X by the logical postulates then Y holds whenever X holds. Conjunctions can be “broken” (i.e., if P said (X,Y) then P said X ) The logic can be used to prove various authentication goals, such as: CS 6204, Spring 2005 9

  10. Kerberos: messages “Real” protocol: “Idealized” protocol: CS 6204, Spring 2005 10

  11. 11 Kerberos: assumptions CS 6204, Spring 2005

  12. Kerberos: message 2 (1) A sees { T S , A � K ab � B, {T S , A � K ab � B} Kbs } Kas by annotation rule. (2) A believes S said (T S , A � K ab � B, {T S , A � K ab � B} Kbs ) by assumption A believes A � K as � S and message meaning rule. (3) A believes S said (T S , A � K ab � B) by breaking conjunctions. (4) A believes S believes (T S , A � K ab � B) by assumption A believes fresh(T S ) and nonce verification rule. (5) A believes S believes (A � K ab � B) by breaking conjunctions . (6) A believes S controls (A � K ab � B) by instantiating K ab in assumption A believes S controls (A � K � B). (7) A believes (A � K ab � B) by jurisdiction rule. CS 6204, Spring 2005 12

  13. Kerberos: message 3 (part 1) (1) B sees {T S , A � K ab � B} Kbs , {T a , A � K ab � B} Kab by annotation rule. (2) B believes S said (T S , A � K ab � B), by breaking conjunctions, assumption A believes A � K bs � S and message meaning rule. (3) B believes S believes (T S , A � K ab � B) by assumption A believes fresh(T S ) and nonce verification rule. (4) B believes S believes (A � K ab � B) by breaking conjunctions . (5) B believes S controls (A � K ab � B) by instantiating K ab in assumption B believes S controls (A � K � B). (6) B believes (A � K ab � B) by jurisdiction rule. CS 6204, Spring 2005 13

  14. Kerberos: message 3 (part 2) (1) B sees {T a , A � K ab � B} Kab by breaking conjunctions and annotation rule. (2) B believes A said (T a , A � K ab � B), by proof that B believes A � K ab � B and message meaning rule. (3) B believes A believes (T a , A � K ab � B) by assumption B believes fresh(T a ) and nonce verification rule. (4) B believes A believes (A � K ab � B) by breaking conjunctions . CS 6204, Spring 2005 14

  15. Kerberos: message 4 (1) A sees {T a , A � K ab � B} Kab by breaking conjunctions and annotation rule. (2) A believes B said (T a , A � K ab � B), by proof that B believes A � K ab � B and message meaning rule. (3) A believes B believes (T a , A � K ab � B) by assumption A believes fresh(T a ) and nonce verification rule. (4) A believes B believes (A � K ab � B) by breaking conjunctions . CS 6204, Spring 2005 15

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine

An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine

An Encapsulated Authentication Logic for Reasoning about Key Distribution Protocols Catherine Meadows Dusko Pavlovic NRL Kestrel Institute Iliano Cervesato Tulane University CSFW 2005 June 20, 2005 Contributions Separate

516 views • 29 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT

453 views • 34 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
S tring Regularities and Degenerate S trings M. Sc. Thesis Defense Md. Faizul Bari

S tring Regularities and Degenerate S trings M. Sc. Thesis Defense Md. Faizul Bari

S tring Regularities and Degenerate S trings M. Sc. Thesis Defense Md. Faizul Bari (100705050P) Supervisor: Dr. M. Sohel Rahman Department of Computer Science and Engineering Bangladesh University of Engineering and Technology Overview

779 views • 73 slides
Composable lock-free programming for Multicore OCaml KC Sivaramakrishnan University of OCaml

Composable lock-free programming for Multicore OCaml KC Sivaramakrishnan University of OCaml

Composable lock-free programming for Multicore OCaml KC Sivaramakrishnan University of OCaml Cambridge Labs JVM: java.util.concurrent .Net: System.Concurrent.Collections Synchronization Data structures Reentrant locks Queues Not

263 views • 23 slides
Ab-initio calculations of neutrino-nucleus interactions Nuclear and Particle Theory for

Ab-initio calculations of neutrino-nucleus interactions Nuclear and Particle Theory for

Ab-initio calculations of neutrino-nucleus interactions Nuclear and Particle Theory for Accelerator Neutrino Experiments, May 911, 2019, Fermilab Alessandro Lovato In collaboration with: O. Benhar, J. Carlson, S. Gandolfi, W. Leidemann, G.

585 views • 43 slides
Novel Is Not Always Better: On the Relation between Novelty and Dominance Pruning Joschka Gro,

Novel Is Not Always Better: On the Relation between Novelty and Dominance Pruning Joschka Gro,

Classical Planning Novelty Dominance Relation Novelty Heuristics Conclusions Novel Is Not Always Better: On the Relation between Novelty and Dominance Pruning Joschka Gro, Alvaro Torralba, Maximilian Fickert Classical Planning

1.13k views • 68 slides
A/B Testing INTERMEDIATE . WORKSHOP We will be starting at 1:02 pm ET. Use the Chat Pane in

A/B Testing INTERMEDIATE . WORKSHOP We will be starting at 1:02 pm ET. Use the Chat Pane in

A/B Testing INTERMEDIATE . WORKSHOP We will be starting at 1:02 pm ET. Use the Chat Pane in GoToTraining to Ask Questions! 1 Have attended the Landing Page, CTA and Email Class 2 Have one of the items mentioned above to test. Sarah Bedrick

1.15k views • 94 slides
Class-AB Single-Stage OpAmp for Low-Power Switched-Capacitor Circuits S. Sutula 1 , M. Dei 1 , L.

Class-AB Single-Stage OpAmp for Low-Power Switched-Capacitor Circuits S. Sutula 1 , M. Dei 1 , L.

IEEE ISCAS 2015 Intro Architecture Circuits Design Results Conclusions 1/27 Class-AB Single-Stage OpAmp for Low-Power Switched-Capacitor Circuits S. Sutula 1 , M. Dei 1 , L. Ters 1,2 and F. Serra-Graells 1,2

393 views • 27 slides
Outline Abbreviated MRI and the Dense Breast History of mammographic screening Current

Outline Abbreviated MRI and the Dense Breast History of mammographic screening Current

6/7/2017 Outline Abbreviated MRI and the Dense Breast History of mammographic screening Current landscape of screening Christopher Comstock, MD FACR Re-evaluating our approach to screening Breast Imaging Section Concept of

415 views • 13 slides
Formal verification of complex systems: model-based and data-driven methods Alessandro Abate

Formal verification of complex systems: model-based and data-driven methods Alessandro Abate

Formal verification of complex systems: model-based and data-driven methods Alessandro Abate Department of Computer Science, University of Oxford Alan Turing Institute - Jan 12, 2018 Alessandro Abate, CS, Oxford Model-based and data-driven

772 views • 61 slides

More recommend