Scyther Semantics and Verification of Security Protocols Cas - - PowerPoint PPT Presentation

scyther
SMART_READER_LITE
LIVE PREVIEW

Scyther Semantics and Verification of Security Protocols Cas - - PowerPoint PPT Presentation

Jul 12, 2023 199 likes •343 views

Scyther Semantics and Verification of Security Protocols Cas Cremers Insecure networks and communication Arie Beppie ATM machine Bank Mobile phone Mobile phone Insecure networks and communication Arie Beppie Insecure ATM machine Bank

slide-1
SLIDE 1

Scyther

Semantics and Verification

  • f Security Protocols

Cas Cremers

slide-2
SLIDE 2

Insecure networks and communication

Arie Beppie Bank ATM machine Mobile phone Mobile phone

slide-3
SLIDE 3

Insecure networks and communication

How can we ensure that communication over an insecure network is secure ? Answer: by using security protocols.

Arie Beppie Bank ATM machine Mobile phone Mobile phone Insecure networks

slide-4
SLIDE 4

Security protocols and encryption

  • Security protocols use of a mathematical

mechanism called encryption to make information unreadable.

  • An encrypted message can only be opened by

someone who has the right key.

  • This is similar to a bike lock.
slide-5
SLIDE 5

Information security is more than just encryption

  • Even when

encryption is used, a security protocol can still be insecure.

  • I will give an overview
  • f the thesis by

comparing the topics with bikes and locks.

slide-6
SLIDE 6

Chapter 2 : Operational semantics

  • security protocol

– a way to connect the chain to the bike and lock

  • intruder model

– bike thieves

In order to assess the (in)security of a system we need to define precisely what we mean by... The meaning of the concepts is defined precisely in terms of a mathematical model.

slide-7
SLIDE 7

Chapter 3 : Security properties

  • complete bike remains as it is
  • bike frame cannot be stolen
  • bike saddle cannot be stolen

What do we mean by secure? Some examples: Security requirements for security protocols are defined precisely in the model.

slide-8
SLIDE 8

Chapter 4 : Verification

Starting from the mathematical model, we develop the Scyther tool in Chapter 4.

Description of a security protocol with security requirements.

Secure Insecure

attack example

Scyther

slide-9
SLIDE 9

Method 1:

Bike chain around rack and front wheel. If everybody does this, a thief can't steal a whole bike, and bike away! Chapter 5 : Multi-protocol attacks What happens when you combine several security protocols?

slide-10
SLIDE 10

Method 2:

Chapter 5 : Multi-protocol attacks What happens when you combine several security protocols? Bike chain around rack and frame. If everybody does this, a thief can't steal a whole bike, and bike away!

slide-11
SLIDE 11

Method 1: Method 2:

If people mix the methods, a thief can steal a whole bike! Conclusion: mixing several correct (secure) security protocols together can be incorrect (insecure)! Chapter 5 : Multi-protocol attacks What happens when you combine several security protocols?

slide-12
SLIDE 12

Chapter 6 : Multi-party authentication We design a (family of) new multi-party security protocols. Going out with a group of friends. Simple method: everybody uses his own lock. This requires as many locks as there are bikes. Can we do better? Design a way to use as few locks as possible for any number of bikes.

slide-13
SLIDE 13

Conclusions

  • We develop a new model to reason about

security protocols and their properties.

– New properties defined. – Theoretical results about model and properties.

  • We develop the Scyther tool based on the

model.

  • Application of the model and tool on case

studies.

– Discovery of new attacks. – Development of new multi-party protocols.