relating strands and multiset rewriting for security
play

Relating Strands and Multiset Rewriting For Security Protocol - PowerPoint PPT Presentation

Sep 20, 2022 •234 likes •632 views

Relating Strands and Multiset Rewriting For Security Protocol Analysis Iliano Cervesato Nancy Durgin, Patrick Lincoln John Mitchell, Andre Scedrov July 3 rd , 2000 CSFW-13 Cambridge, UK Representing Security Protocols Several recent

  1. Relating Strands and Multiset Rewriting For Security Protocol Analysis Iliano Cervesato Nancy Durgin, Patrick Lincoln John Mitchell, Andre Scedrov July 3 rd , 2000 CSFW-13 Cambridge, UK

  2. Representing Security Protocols Several recent proposal based on the Dolev-Yao model:  Strand spaces  Multiset rewriting  Spi-calculus, … How are they related? Relating Strands and Multiset Rewriting for Security Protocols

  3. Roadmap MSR Strands Restricted MSR Dynamic Strands Canonical MSR Decorated Strands Relating Strands and Multiset Rewriting for Security Protocols

  4. Running Example Needham-Schroeder Protocol , A} KB A → B: {N A B → A: {N A , N B } KA A → B: {N B } KB Relating Strands and Multiset Rewriting for Security Protocols

  5. MSR Executable specification language • Adapts multiset rewriting with ∃ •  Solid logical foundation  Ties with linear logic and process algebra Flexible and fully precise • Follows the Dolev-Yao model • Relating Strands and Multiset Rewriting for Security Protocols

  6. Multiset rewriting … Multiset: set with repetitions allowed • Rewrite rule: • r: N 1 N 2 → Application • r M 1 M 2 → r M’, N 1 M’, N 2 → Multi-step transition, reachability • Relating Strands and Multiset Rewriting for Security Protocols

  7. … with existentials msets of 1 st -order atomic formulas • Rules: • r: F( x ) → ∃ n . G( x , n ) Application • r M 1 M 2 → r M’, F( t ) M’, G( t , c ) → c not in M 1 Relating Strands and Multiset Rewriting for Security Protocols

  8. MSR predicates N(m) Network messages • I(m) Intruder info. • A i (t 1 ,…,t ni ) Role states • Pr , PrvK , PubK , … Persistent info. • Relating Strands and Multiset Rewriting for Security Protocols

  9. Protocol Theories Initialization rules • For each role •  1 role generation rule  n execution rules Relating Strands and Multiset Rewriting for Security Protocols

  10. MSR Restricted MSR Assume initialization has already • happened Initial info: Π • ? No initialization in strands Relating Strands and Multiset Rewriting for Security Protocols

  11. NS: MSR rules for Alice (A) (A), (A) π A0 → A 0 π A0 (A), (B) → ∃ N A . (A,B,N A ), N ({N A ,A} KB ), π A1 (B) π A1 A 0 A 1 (A,B, N A ), N ({N A ,N B } KA ) → A 2 (A,B,N A ,N B ) A 1 (A,B,N A ,N B ) (A,B,N A ,N B ), N ({N B } KB ) → A 3 A 2 where π A0 (A) = Pr (A), PrvK (A,K A -1 ) π A1 (B) = Pr (B), PubK (B,K B ) Relating Strands and Multiset Rewriting for Security Protocols

  12. NS: MSR rules for Bob (B) (B), (B) π B0 → B 0 π B0 (A), (A), N ({N A ,A} KB ) → B 1 (A,B,N A ), (A) π B1 π B1 B 0 (A,B, N A ) → ∃ N B . (A,B,N A ,N B ), N ({N A ,N B } KA ) B 1 B 2 (A,B,N A ,N B ), N ({N B } KB ) → B 3 (A,B,N A ,N B ) B 2 where π B0 (B) = Pr (B), PrvK (B,K B -1 ) π B1 (A) = Pr (A), PubK (A,K A ) Relating Strands and Multiset Rewriting for Security Protocols

  13. MSR Intruder Implement the Dolev-Yao model •  Decryption/Encryption  Decomposition/composition  Nonce generation  … Expressed within the language • Relating Strands and Multiset Rewriting for Security Protocols

  14. Strands Graphical representation of execution • Designed for after-the-fact analysis • Very simple • Follow the Dolev-Yao model • Related to •  Lamport’s causality  Mazurkiewicz’s traces Relating Strands and Multiset Rewriting for Security Protocols

  15. NS: A Bundle {N A , A} KB {N A , A} KB {N A , N B } KA {N A , N B } KA {N B } KB Relating Strands and Multiset Rewriting for Security Protocols

  16. Penetrator Strands Implement the Dolev-Yao model •  Decryption/Encryption  Decomposition/composition  Nonce generation  … Expressed within the language • Relating Strands and Multiset Rewriting for Security Protocols

  17. Strands Dyn. Strands ? Support executable specifications Specification language •  Parametric strands Execution capabilities •  Configurations  Transitions Relating Strands and Multiset Rewriting for Security Protocols

  18. Parametric strands Strands are instances of roles • Parameters: instantiable information • Constraints: •  Nonces  Persistent info. Relating Strands and Multiset Rewriting for Security Protocols

  19. NS: Parametric Strand for Alice Alice (A,B,N A ,N B ) : {N A , A} KB N A Fresh, π A (A,B) {N A , N B } KA where {N B } KB π (A,B) = Pr (A), PrvK (A,K A -1 ), Pr (B), PubK (B,K B ) Relating Strands and Multiset Rewriting for Security Protocols

  20. NS: Parametric Strand for Bob Bob (A,B,N A ,N B ) : {N A , A} KB N B Fresh, π B (A,B) {N A , N B } KA where {N B } KB π (A,B) = Pr (B), PrvK (B,K B -1 ), Pr (A), PubK (A,K A ) Relating Strands and Multiset Rewriting for Security Protocols

  21. Configurations ? Capture possible next actions Extension : bundle + remaining actions • Configuration : bundle + extension • Fringe : crossing arrows • = + + Configuration = bundle + extension + fringe Relating Strands and Multiset Rewriting for Security Protocols

  22. NS: Configuration {N A , A} KB {N A , A} KB {N C , C} KD {N A , N B } KA {N A , N B } KA {N C , N D } KC {N B } KB {N B } KB {N D } KD Relating Strands and Multiset Rewriting for Security Protocols

  23. •  …  • Strand Transitions Fresh ξ •  …  • •  …  • Instantiate ξ ξθ • • Send • • • • + - + - • • Receive • • • • + - + - Relating Strands and Multiset Rewriting for Security Protocols

  24. Bundles vs. Transition Sequences 1 bundle  O(n!) transition sequences • 1 transition sequence  1 bundle • Bundles • represent execution more compactly Relating Strands and Multiset Rewriting for Security Protocols

  25. Restr. MSR Can. MSR Merge role gen. with 1 st exec. rule • Choose nonces upfront • Guess persistent info. upfront • Conversion to canonical form preserves reachability Relating Strands and Multiset Rewriting for Security Protocols

  26. NS: Canonical MSR rules for Alice (A,B) → ∃ N A . (A,B,N A ), N ({N A ,A} KB ), π A (A,B) π A A 1 (A,B, N A ), N ({N A ,N B } KA ) → A 2 (A,B,N A ,N B ) A 1 (A,B,N A ,N B ) (A,B,N A ,N B ), N ({N B } KB ) → A 3 A 2 where π A (A,B) = Pr (A), PrvK (A,K A -1 ) Pr (B), PubK (B,K B ) Relating Strands and Multiset Rewriting for Security Protocols

  27. Can. MSR Dyn. Strands Rules  nodes • Role state predicates  arrows • Nonces, persistent info. constraints  • Configuration ⇐ state • Reachable states  Reachable configurations Relating Strands and Multiset Rewriting for Security Protocols

  28. NS: MSR Strands (1) Alice (A,B,N A ,N B ) : (A,B) π A N A Fresh, (A,B) π A ∃ N A . → (A,B,N A ), A 1 {N A , A} KB N ({N A ,A} KB ), (A,B) π A … where π (A,B) = Pr (A), PrvK (A,K A -1 ), Pr (B), PubK (B,K B ) Relating Strands and Multiset Rewriting for Security Protocols

  29. NS: MSR Strands (2) {N A , A} KB (A,B, N A ), A 1 N ({N A ,N B } KA ) {N A , N B } KA → (A,B,N A ,N B ) A 2 … Relating Strands and Multiset Rewriting for Security Protocols

  30. NS: MSR Strands (3) {N A , A} KB (A,B,N A ,N B ) A 2 → {N A , N B } KA (A,B,N A ,N B ), A 3 N ({N B } KB ) {N B } KB Relating Strands and Multiset Rewriting for Security Protocols

  31. Dyn. Strands Dec. Strands (1) Add initial ( ) and final node ( ⊥ ) • ⊥ Add labels A i (t 1 ,…,t ni ) to arrows • t 1 ,…,t ni from  Constraints  Arguments of A i-1 Relating Strands and Multiset Rewriting for Security Protocols

  32. Dyn. Strands Dec. Strands (2) Transitions • ⊥  • … • Fresh ξ ⊥ ⊥  • … •  • … • Instantiate ξθ Decoration preserves reachability Relating Strands and Multiset Rewriting for Security Protocols

  33. NS: Decorated Strand for Alice ⊥ Alice (A,B,N A ,N B ) : (A) A 0 N A Fresh, π A (A,B) {N A , A} KB (A,B,N A ) A 1 {N A , N B } KA (A,B,N A ,N B ) A 2 {N B } KB where (A,B,N A ,N B ) π (A,B) = Pr (A), PrvK (A,K A -1 ), A 3 Pr (B), PubK (B,K B ) ⊥ Relating Strands and Multiset Rewriting for Security Protocols

  34. Dec. Strands Restr. MSR Labels  role state predicates • Events  network messages • Constraints nonces, persistent info.  • State ⇐ fringe • Reachable configurations  Reachable states Relating Strands and Multiset Rewriting for Security Protocols

  35. NS: Strands MSR (1) Alice (A,B,N A ,N B ) N A Fresh, (A,B) π A where π (A,B) = Pr (A), PrvK (A,K A -1 ), Pr (B), PubK (B,K B ) ⊥ (A) A 0 (A) (A), (A) π A0 → A 0 π A0 … where π A0 (A) = Pr (A), PrvK (A,K A -1 ) Relating Strands and Multiset Rewriting for Security Protocols

  36. NS: Strands MSR (2) Alice (A,B,N A ,N B ) N A Fresh, π A (A,B) where π (A,B) = Pr (A), PrvK (A,K A -1 ), Pr (B), PubK (B,K B ) … (A), (B) π A1 A 0 (A) A 0 → ∃ N A . (A,B,N A ), {N A , A} KB A 1 N ({N A ,A} KB ), π A1 (B) (A,B,N A ) A 1 where π A1 (B) = Pr (B), PubK (B,K B ) … Relating Strands and Multiset Rewriting for Security Protocols

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Relating Multiset Rewriting and Process Algebra for Immediate Decryption Protocols Iliano

Relating Multiset Rewriting and Process Algebra for Immediate Decryption Protocols Iliano

Relating Multiset Rewriting and Process Algebra for Immediate Decryption Protocols Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC http://www.cs.stanford.edu/~iliano Joint work with S. Bistarelli, G. Lenzini,

498 views • 21 slides
Logical Foundations of Multiset Rewriting Iliano Cervesato iliano@itd.nrl.navy.mil ITT

Logical Foundations of Multiset Rewriting Iliano Cervesato iliano@itd.nrl.navy.mil ITT

Logical Foundations of Multiset Rewriting Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC http://www.cs.stanford.edu/~iliano TACL Seminar, CS Department, Princeton University October 17, 2003 Outline

486 views • 44 slides
Optimized Compilation of Multiset Rewriting with Comprehensions Edmund S. L. Lam Iliano

Optimized Compilation of Multiset Rewriting with Comprehensions Edmund S. L. Lam Iliano

Comprehensions in CHR cp Introduction Compilation Implementation Conclusion Optimized Compilation of Multiset Rewriting with Comprehensions Edmund S. L. Lam Iliano Cervesato sllam@qatar.cmu.edu iliano@cmu.edu Carnegie Mellon University

499 views • 38 slides
MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra Iliano Cervesato

MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra Iliano Cervesato

MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC http://theory.stanford.edu/~iliano FMSE Workshop @ CCS03 October 30, 2003

662 views • 39 slides
Multiset Rewriting and P Systems Computational Models for Complex Systems Paolo Milazzo

Multiset Rewriting and P Systems Computational Models for Complex Systems Paolo Milazzo

Multiset Rewriting and P Systems Computational Models for Complex Systems Paolo Milazzo Dipartimento di Informatica, Universit` a di Pisa http://pages.di.unipi.it/milazzo milazzo di.unipi.it Laurea Magistrale in Informatica A.Y. 2018/2019

397 views • 36 slides
The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

1/25 The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with Tamarin-Prover Eike Stadtlnder July 12, 2018 2/25 Outline Motivation Tamarin-Prover Overview Multiset Rewriting Tamarin-Prover in Practice

1.32k views • 117 slides
Definitions for Distinct and Complete Integer Partitions Multiset A multiset is a collection

Definitions for Distinct and Complete Integer Partitions Multiset A multiset is a collection

Definitions for Distinct and Complete Integer Partitions Multiset A multiset is a collection of elements (like a set) which can occur with multiplicity (unlike a set). Integer Partition An integer partition of a positive integer n is a

319 views • 3 slides
Advances in I TER relevant NbTi and Nb Sn strands and low-loss NbTi Nb 3 Sn strands and low-loss

Advances in I TER relevant NbTi and Nb Sn strands and low-loss NbTi Nb 3 Sn strands and low-loss

Bochvar Institute of Bochvar Institute of Inorganic Materials Inorganic Materials Advances in I TER relevant NbTi and Nb Sn strands and low-loss NbTi Nb 3 Sn strands and low-loss NbTi strands in RF. A.Shikov, V.Pantsyrny, A.Vorobieva,

371 views • 34 slides
MSR 3: Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC One

MSR 3: Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC One

MSR 3.0: The Logical Meeting Point of Multiset Rewriting and Process Algebra MSR 3: Iliano Cervesato iliano@itd.nrl.navy.mil ITT Industries, inc @ NRL Washington, DC One Year Later http://www.cs.stanford.edu/~iliano CS Department, UMBC

679 views • 29 slides
Solution 1: Rule Rewriting The grammar rewriting approach attempts to Natural Language

Solution 1: Rule Rewriting The grammar rewriting approach attempts to Natural Language

Solution 1: Rule Rewriting The grammar rewriting approach attempts to Natural Language capture local tree information by rewriting the grammar so that the rules capture the Processing regularities we want. By splitting and merging the

417 views • 5 slides
On Data-Structure Rewriting Rachid Echahed LIG Lab, Grenoble France June, 2010 Rewriting

On Data-Structure Rewriting Rachid Echahed LIG Lab, Grenoble France June, 2010 Rewriting

On Data-Structure Rewriting Rachid Echahed LIG Lab, Grenoble France June, 2010 Rewriting (reminder) A rewrite relation R is a binary relation R A A ( u , v ) R is read u rewrites into v and written u v Rewriting

1.02k views • 75 slides
Rewriting Part 4. Termination of Term Rewriting Systems Temur Kutsia RISC, JKU Linz Termination

Rewriting Part 4. Termination of Term Rewriting Systems Temur Kutsia RISC, JKU Linz Termination

Rewriting Part 4. Termination of Term Rewriting Systems Temur Kutsia RISC, JKU Linz Termination Definition 4.1 A term rewriting system R is terminating iff R is terminating, i.e., there is no infinite reduction chain t 0 R t 1 R t

1.22k views • 94 slides
The Rewriting Logic Semantics Project and its Maude Implementation Jos e Meseguer University

The Rewriting Logic Semantics Project and its Maude Implementation Jos e Meseguer University

The Rewriting Logic Semantics Project and its Maude Implementation Jos e Meseguer University of Illinois at Urbana-Champaign Summer School on Language Frameworks, Sinaia, July 2012 Meseguer Rewriting Logic Semantics The Rewriting Logic

401 views • 29 slides
The Legal Framework relating to Security in the Ports of Nautical Tourism 2 nd ADRIATIC MARITIME

The Legal Framework relating to Security in the Ports of Nautical Tourism 2 nd ADRIATIC MARITIME

The Legal Framework relating to Security in the Ports of Nautical Tourism 2 nd ADRIATIC MARITIME LAW CONFERENCE, May 2017, Opatija, Croatia Assistant Professor Mio Mudri Department for Maritime and Transport Law, Faculty of Law, University

142 views • 10 slides
Fuzzy Multiset Clustering for Metagame Analysis by Alexander Dockhorn, Tony Schwensfeier, and

Fuzzy Multiset Clustering for Metagame Analysis by Alexander Dockhorn, Tony Schwensfeier, and

Fuzzy Multiset Clustering for Metagame Analysis by Alexander Dockhorn, Tony Schwensfeier, and Rudolf Kruse Institute for Intelligent Cooperating Systems Department for Computer Science, Otto von Guericke University Magdeburg Universittsplatz

422 views • 23 slides
Term rewriting Equational logic Term rewriting systems Termination Confluence

Term rewriting Equational logic Term rewriting systems Termination Confluence

Term rewriting Equational logic Term rewriting systems Termination Confluence Rapid prototyping Summary and Exercises Equational logic Reflexivity t = t t 1 = t 2 Symmetry t 2 = t 1 t 1 = t 2 t 2 = t 3 Transitivity t 1 =

769 views • 52 slides
Green Building Standards 2018 CDBG-DR Problem Solving Clinic Atlanta, GA | D e c e m b e r 1 2

Green Building Standards 2018 CDBG-DR Problem Solving Clinic Atlanta, GA | D e c e m b e r 1 2

Green Building Standards 2018 CDBG-DR Problem Solving Clinic Atlanta, GA | D e c e m b e r 1 2 - 1 4 , 2 0 1 8 2018 CDBG-DR PROGRAM Welcome & Speakers Session Objectives Describe green building requirements of CDBG-DR Identify

678 views • 41 slides
McCarran-Fergusons Enduring Power Thoughts For State Policymakers Working Under The Unique

McCarran-Fergusons Enduring Power Thoughts For State Policymakers Working Under The Unique

McCarran-Fergusons Enduring Power Thoughts For State Policymakers Working Under The Unique System of U.S. Insurance Regulation NCOIL Annual Meeting Oklahoma City, December 7, 2018 Nat Shapo, Partner, Katten Muchin Rosenman LLP

833 views • 57 slides
www.2014ahwp.com Highlights of Day-1 Programme 18 Nov 2014 Day 1 AHC-AHWP Joint Workshop

www.2014ahwp.com Highlights of Day-1 Programme 18 Nov 2014 Day 1 AHC-AHWP Joint Workshop

www.ahwp.info www.2014ahwp.com Highlights of Day-1 Programme 18 Nov 2014 Day 1 AHC-AHWP Joint Workshop Session 1: Regulatory Status of Premarket Submission and Approval Requirements in AHWP and APEC Region China Korea Japan

298 views • 5 slides
PUBLIC HEALTH POLICY CHANGE TELLING THE PUBLIC HEALTH STORY TO THE FDA The legal information and

PUBLIC HEALTH POLICY CHANGE TELLING THE PUBLIC HEALTH STORY TO THE FDA The legal information and

PUBLIC HEALTH POLICY CHANGE TELLING THE PUBLIC HEALTH STORY TO THE FDA The legal information and assistance provided in this webinar does not constitute legal advice or legal representation . Public Health Policy Change Webinar Series

814 views • 69 slides
Draft 2018 Funding Guidelines May 11, 2018 Sacramento Live comments: coastalrm@calepa.gov 1

Draft 2018 Funding Guidelines May 11, 2018 Sacramento Live comments: coastalrm@calepa.gov 1

Draft 2018 Funding Guidelines May 11, 2018 Sacramento Live comments: coastalrm@calepa.gov 1 zyxwvutsrqponmlkjihgfedcbaZYXWVUTSRQPONMLKJIHGFEDCBA California Climate Investments Help to address climate change Strengthen local economies

517 views • 17 slides
INFORMATION SUBSTRATES SUBSTRATES INSTRUMENTAL INTERFACES To create and edit

INFORMATION SUBSTRATES SUBSTRATES INSTRUMENTAL INTERFACES To create and edit

FUNDAMENTALS OF SITUATED INTERACTION - 28 SEPTEMBER 2018 MICHEL BEAUDOUIN-LAFON UNIVERSIT PARIS-SUD & INSTITUT UNIVERSITAIRE DE FRANCE INFORMATION SUBSTRATES SUBSTRATES INSTRUMENTAL INTERFACES To create and edit content

448 views • 25 slides
ORCA/BEN and Cluster D Demo GEC7 Jeff Chase Duke

ORCA/BEN and Cluster D Demo GEC7 Jeff Chase Duke

D D u k e S y s t t e m s ORCA/BEN and Cluster D Demo GEC7 Jeff Chase Duke University and GENI Cluster D Broker Experiments Federation or Etc. Coalition Open

585 views • 29 slides
Monolithic Pixel Sensors in Deep-Submicron SOI Technology Pixel 2008 International Workshop

Monolithic Pixel Sensors in Deep-Submicron SOI Technology Pixel 2008 International Workshop

Monolithic Pixel Sensors in Deep-Submicron SOI Technology Pixel 2008 International Workshop FNAL, September 23-26, 2008 Devis Contarato Lawrence Berkeley National Laboratory M. Battaglia, L. Glesener (UC Berkeley & LBNL) D. Bisello, P.

448 views • 17 slides

More recommend