verification of indistinguishability properties
play

Verification of Indistinguishability Properties Stphanie Delaune - PowerPoint PPT Presentation

Jun 05, 2023 •43 likes •673 views

Verification of Indistinguishability Properties Stphanie Delaune LSV, CNRS & ENS Cachan & INRIA Saclay le-de-France, France Thursday, October 11th, 2012 S. Delaune (LSV) VIP project 11th October 2012 1 / 30 VIP in a nutshell

  1. Verification of Indistinguishability Properties Stéphanie Delaune LSV, CNRS & ENS Cachan & INRIA Saclay Île-de-France, France Thursday, October 11th, 2012 S. Delaune (LSV) VIP project 11th October 2012 1 / 30

  2. VIP in a nutshell − → ANR project - programme JCJC (Jan. 2012 - Dec. 2015) http://www.lsv.ens-cachan.fr/Projects/anr-vip/ Ressources Travel + Equipment: 53,5 kE Pôle Systematic: 10 kE ?? 1 PhD student (Rémy Chrétien )+ 1 post-doc Permanent members: Stephanie Delaune (80%) Steve Kremer (35%) Graham Steel (35%) S. Delaune (LSV) VIP project 11th October 2012 2 / 30

  3. VIP in a nutshell − → ANR project - programme JCJC (Jan. 2012 - Dec. 2015) http://www.lsv.ens-cachan.fr/Projects/anr-vip/ Ressources Travel + Equipment: 53,5 kE Pôle Systematic: 10 kE ?? 1 PhD student (Rémy Chrétien )+ 1 post-doc Permanent members: Stephanie Delaune (80%) Steve Kremer (35%) − → Cassis team in Nancy since Sept. 2011 Graham Steel (35%) − → ProSecco team in Paris since Sept. 2012 S. Delaune (LSV) VIP project 11th October 2012 2 / 30

  4. Context: cryptographic protocols Cryptographic protocols small programs designed to secure communication ( e.g. confidentiality, authentication, . . . ) use cryptographic primitives ( e.g. encryption, signature, . . . . . . ) The network is unsecure! Communications take place over a public network like the Internet. S. Delaune (LSV) VIP project 11th October 2012 3 / 30

  5. Context: cryptographic protocols Cryptographic protocols small programs designed to secure communication ( e.g. confidentiality, authentication, . . . ) use cryptographic primitives ( e.g. encryption, signature, . . . . . . ) S. Delaune (LSV) VIP project 11th October 2012 3 / 30

  6. Context: cryptographic protocols Cryptographic protocols small programs designed to secure communication ( e.g. confidentiality, authentication, . . . ) use cryptographic primitives ( e.g. encryption, signature, . . . . . . ) It becomes more and more important to protect our privacy. S. Delaune (LSV) VIP project 11th October 2012 3 / 30

  7. Example: electronic passport − → studied in [Arapinis et al. , 10] An electronic passport is a passport with an RFID tag embedded in it. The RFID tag stores: the information printed on your passport, a JPEG copy of your picture. S. Delaune (LSV) VIP project 11th October 2012 4 / 30

  8. Example: electronic passport − → studied in [Arapinis et al. , 10] An electronic passport is a passport with an RFID tag embedded in it. The RFID tag stores: the information printed on your passport, a JPEG copy of your picture. The Basic Access Control (BAC) protocol is a key establishment protocol that has been designed to also ensure unlinkability. ISO/IEC standard 15408 Unlinkability aims to ensure that a user may make multiple uses of a service or resource without others being able to link these uses together . S. Delaune (LSV) VIP project 11th October 2012 4 / 30

  9. The electronic passport protocol Passport Reader ( K E , K M ) ( K E , K M ) S. Delaune (LSV) VIP project 11th October 2012 5 / 30

  10. The electronic passport protocol Passport Reader ( K E , K M ) ( K E , K M ) get_challenge S. Delaune (LSV) VIP project 11th October 2012 5 / 30

  11. The electronic passport protocol Passport Reader ( K E , K M ) ( K E , K M ) get_challenge N P , K P N P S. Delaune (LSV) VIP project 11th October 2012 5 / 30

  12. The electronic passport protocol Passport Reader ( K E , K M ) ( K E , K M ) get_challenge N P , K P N P N R , K R MAC KM ( { N R , N P , K R } KE ) { N R , N P , K R } KE , S. Delaune (LSV) VIP project 11th October 2012 5 / 30

  13. The electronic passport protocol Passport Reader ( K E , K M ) ( K E , K M ) get_challenge N P , K P N P N R , K R MAC KM ( { N R , N P , K R } KE ) { N R , N P , K R } KE , { N P , N R , K P } KE , MAC KM ( { N P , N R , K P } KE ) S. Delaune (LSV) VIP project 11th October 2012 5 / 30

  14. The electronic passport protocol Passport Reader ( K E , K M ) ( K E , K M ) get_challenge N P , K P N P N R , K R MAC KM ( { N R , N P , K R } KE ) { N R , N P , K R } KE , { N P , N R , K P } KE , MAC KM ( { N P , N R , K P } KE ) K seed = K P ⊕ K R K seed = K P ⊕ K R S. Delaune (LSV) VIP project 11th October 2012 5 / 30

  15. How cryptographic protocols can be attacked? S. Delaune (LSV) VIP project 11th October 2012 6 / 30

  16. Some famous examples The Serge Humpich case (1997) He factorizes the number (320 bits) used to protect credit cards and he builds a false credit card. (the « YesCard »). → this makes it possible to withdraw a bank account that does not exist! − S. Delaune (LSV) VIP project 11th October 2012 7 / 30

  17. Some famous examples The Serge Humpich case (1997) He factorizes the number (320 bits) used to protect credit cards and he builds a false credit card. (the « YesCard »). → this makes it possible to withdraw a bank account that does not exist! − Attack on the Belgian e-passport (2006) − → this makes it possible to obtain the personnal data of the user ( e.g. the signature) S. Delaune (LSV) VIP project 11th October 2012 7 / 30

  18. How cryptographic protocols can be attacked? S. Delaune (LSV) VIP project 11th October 2012 8 / 30

  19. How cryptographic protocols can be attacked? Logical attacks can be mounted even assuming perfect cryptography, → replay attack, man-in-the middle attack, . . . ֒ are numerous, → a flaw discovered in 2008 in Single Sign On Protocols used in ֒ Google App (Avantssar european project) subtle and hard to detect by “eyeballing” the protocol S. Delaune (LSV) VIP project 11th October 2012 8 / 30

  20. French electronic passport → the passport must reply to all received messages. − Passport Reader ( K E , K M ) ( K E , K M ) get_challenge N P , K P N P N R , K R { N R , N P , K R } KE , MAC KM ( { N R , N P , K R } KE ) S. Delaune (LSV) VIP project 11th October 2012 9 / 30

  21. French electronic passport → the passport must reply to all received messages. − Passport Reader ( K E , K M ) ( K E , K M ) get_challenge N P , K P N P N R , K R { N R , N P , K R } KE , MAC KM ( { N R , N P , K R } KE ) If MAC check fails mac_error S. Delaune (LSV) VIP project 11th October 2012 9 / 30

  22. French electronic passport → the passport must reply to all received messages. − Passport Reader ( K E , K M ) ( K E , K M ) get_challenge N P , K P N P N R , K R { N R , N P , K R } KE , MAC KM ( { N R , N P , K R } KE ) If MAC check succeeds If nonce check fails nonce_error S. Delaune (LSV) VIP project 11th October 2012 9 / 30

  23. An attack on the French passport [Chothia & Smirnov, 10] Attack against unlinkability An attacker can track a French passport, provided he has once witnessed a successful authentication. S. Delaune (LSV) VIP project 11th October 2012 10 / 30

  24. An attack on the French passport [Chothia & Smirnov, 10] Attack against unlinkability An attacker can track a French passport, provided he has once witnessed a successful authentication. Part 1 of the attack. The attacker eavesdropes on Alice using her passport and records message M . Alice’s Passport Reader ( K E , K M ) ( K E , K M ) get_challenge N P , K P N P N R , K R M = { N R , N P , K R } KE , MAC KM ( { N R , N P , K R } KE ) S. Delaune (LSV) VIP project 11th October 2012 10 / 30

  25. An attack on the French passport [Chothia & Smirnov, 10] Part 2 of the attack. The attacker replays the message M and checks the error code he receives. ???? ’s Passport Attacker ( K ′ E , K ′ M ) get_challenge N ′ P , K ′ P N ′ P M = { N R , N P , K R } KE , MAC KM ( { N R , N P , K R } KE ) S. Delaune (LSV) VIP project 11th October 2012 10 / 30

  26. An attack on the French passport [Chothia & Smirnov, 10] Part 2 of the attack. The attacker replays the message M and checks the error code he receives. ???? ’s Passport Attacker ( K ′ E , K ′ M ) get_challenge N ′ P , K ′ P N ′ P M = { N R , N P , K R } KE , MAC KM ( { N R , N P , K R } KE ) mac_error = ⇒ MAC check failed = ⇒ K ′ M � = K M = ⇒ ???? is not Alice S. Delaune (LSV) VIP project 11th October 2012 10 / 30

  27. An attack on the French passport [Chothia & Smirnov, 10] Part 2 of the attack. The attacker replays the message M and checks the error code he receives. ???? ’s Passport Attacker ( K ′ E , K ′ M ) get_challenge N ′ P , K ′ P N ′ P M = { N R , N P , K R } KE , MAC KM ( { N R , N P , K R } KE ) nonce_error = ⇒ MAC check succeeded = ⇒ K ′ M = K M = ⇒ ???? is Alice S. Delaune (LSV) VIP project 11th October 2012 10 / 30

  28. Objectives of the project Automatic verification of privacy-type security properties (in the symbolic model) Target applications: electronic voting protocols, RFID protocols, routing protocols, vehicular ad hoc networks, electronic auction protocols, . . . S. Delaune (LSV) VIP project 11th October 2012 11 / 30

  29. Objectives of the project Automatic verification of privacy-type security properties (in the symbolic model) Target applications: electronic voting protocols, RFID protocols, routing protocols, vehicular ad hoc networks, electronic auction protocols, . . . Main tasks of the project: Task 2. A taxonomy for privacy-type properties Task 3. Algorithmic and decidability issues Task 4. Modularity issues − → Tool development ( Task 5 ) + Case studies ( Task 6 ) S. Delaune (LSV) VIP project 11th October 2012 11 / 30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Verification of Indistinguishability Properties Stphanie Delaune quipe EMSEC (IRISA), CNRS,

Verification of Indistinguishability Properties Stphanie Delaune quipe EMSEC (IRISA), CNRS,

Verification of Indistinguishability Properties Stphanie Delaune quipe EMSEC (IRISA), CNRS, France November 16th, 2016 VIP in a nutshell V erifiation of I ndistinguishability P roperties Projet JCJC Jeunes Chercheuses Jeunes Chercheurs

488 views • 31 slides
Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar

Relaxing IND-CCA: Indistinguishability Against Chosen Ciphertext Verification Attack Sumit Kumar Pandey Indian Statistical Institute Kolkata January 14, 2012 Sumit Kumar Pandey Relaxing IND-CCA: Indistinguishability Against Chosen Outline 1

624 views • 37 slides
Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and

Symbolic verification of cryptographic protocols using Tamarin Part 3 : Security Properties and Algorithmic Verification David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018

1.23k views • 78 slides
Outline Introduction Modeling Specifying properties and Verification An example

Outline Introduction Modeling Specifying properties and Verification An example

Outline Introduction Modeling Specifying properties and Verification An example Project assignment References, links Shangzhu Weng Labeled Transition System Analyzer (LTSA) Animate and check the behavior of the overall

928 views • 51 slides
Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation

Multiparty Key Exchange, Efficient Traitor Tracing, and More from Indistinguishability Obfuscation Dan Boneh Mark Zhandry Stanford University {dabo, zhandry}@cs.stanford.edu Abstract In this work, we show how to use indistinguishability

780 views • 49 slides
Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla

Understanding the Security Properties of Ballot-Based Verification Techniques Eric Rescorla ekr@rtfm.com EVT/WOTE 2009 Understanding the Security Properties of Ballot-Based Verification 1 WARNING This talk contains no research content.

284 views • 15 slides
Parameterised Verification of Strategic Properties in Probabilistic Multi-Agent Systems Alessio

Parameterised Verification of Strategic Properties in Probabilistic Multi-Agent Systems Alessio

Parameterised Verification of Strategic Properties in Probabilistic Multi-Agent Systems Alessio Lomuscio and Edoardo Pirovano Verification of Autonomous Systems Group Imperial College London, UK https://vas.doc.ic.ac.uk/ AAMAS 2020

289 views • 17 slides
Streaming Verification of Graph Properties Amirali Abdullah 1 Samira Daruki 2 Chitradeep Dutta Roy

Streaming Verification of Graph Properties Amirali Abdullah 1 Samira Daruki 2 Chitradeep Dutta Roy

Streaming Verification of Graph Properties Amirali Abdullah 1 Samira Daruki 2 Chitradeep Dutta Roy 2 Suresh Venkatasubramanian 2 December 11, 2016 1 Qualtrics 2 University of Utah 1 Streaming Verification of Graph Properties Amirali Abdullah 1

983 views • 72 slides
Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE

Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE

Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Comparison of Cryptographic Verification Tools Dealing with Algebraic Properties Pascal LAFOURCADE , Vanessa Terrade & Sylvain Vigier Universit e Joseph

1.01k views • 49 slides
Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir

Verification and Synthesis of Symmetric Uni-Rings for Leads-To Properties Ali Ebnenasir aebnenas@mtu.edu Department of Computer Science College of Computing Michigan Technological University Houghton MI 49931 http://asd.cs.mtu.edu/

584 views • 56 slides
Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien

Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien

Decidability of a Sound Set of Inference Rules for Computational Indistinguishability Adrien Koutsos LSV, CNRS, ENS Paris-Saclay June 29, 2019 Adrien Koutsos (LSV, ENS PS) Indistinguishability June 29, 2019 1 / 34 Introduction Motivation

1.06k views • 76 slides
Boosting Verification Scalability via Structural Grouping and Semantic Partitioning of Properties

Boosting Verification Scalability via Structural Grouping and Semantic Partitioning of Properties

Boosting Verification Scalability via Structural Grouping and Semantic Partitioning of Properties Rohit Dureja * , Jason Baumgartner , Alexander Ivrii , Robert Kanzelman , Kristin Y. Rozier * * Iowa State University IBM Corporation

577 views • 46 slides
Can Charlie distinguish Alice and Bob? Automated verification of equivalence properties Steve

Can Charlie distinguish Alice and Bob? Automated verification of equivalence properties Steve

Can Charlie distinguish Alice and Bob? Automated verification of equivalence properties Steve Kremer joint work with: Myrto Arapinis, David Baelde, Rohit Chadha, Vincent Cheval, S tefan Ciob ac a, V eronique Cortier, St ephanie

1.09k views • 87 slides
Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the Power of iO Limits on the Power of Indistinguishability Obfuscation (and Functional Encryption) FOCS 2015 On Constructing One-Way

841 views • 47 slides
An Automata Based Approach for Verification of Information Flow Properties Deepak DSouza,

An Automata Based Approach for Verification of Information Flow Properties Deepak DSouza,

An Automata Based Approach for Verification of Information Flow Properties Deepak DSouza, Raghavendra K.R., Barbara Sprick Indian Institute of Science, Bangalore, India An Automata Based Approach for Verification of Information Flow

696 views • 58 slides
Structured graphs and the verification of their monadic second-order properties by means of

Structured graphs and the verification of their monadic second-order properties by means of

Structured graphs and the verification of their monadic second-order properties by means of automata Bruno Courcelle and Irne Durand Bordeaux University, LaBRI (CNRS laboratory) Demonstration of the software TRAG Written by Irne Durand and

754 views • 52 slides
Open Software for Smart Cards Threat, Opportunity and Challenge. Pierre.Paradinas @ cnam.fr 1

Open Software for Smart Cards Threat, Opportunity and Challenge. Pierre.Paradinas @ cnam.fr 1

CASSIS-Round Table Open Software for Smart Cards Threat, Opportunity and Challenge. Pierre.Paradinas @ cnam.fr 1 Pierre Paradinas/CNAM/CEDRIC - Embedded and Distributed System Participants From industry : Jean-Claude Huot (OCS),

438 views • 9 slides
BUILDING ON THE EDGE Climatic design guidelines for Emerging Cities of EtEthiopia The case of

BUILDING ON THE EDGE Climatic design guidelines for Emerging Cities of EtEthiopia The case of

BUILDING ON THE EDGE Climatic design guidelines for Emerging Cities of EtEthiopia The case of Addis Ababa Fasika Sahlemariam Gebremeskel Project mentors Jochen Lam Matthias Rammig Final presentation slides June 25 2015 Stuttgart, Germany

927 views • 24 slides
Online boom and cross-border sales: the need for a political agenda Beat Vonlanthen, Member of

Online boom and cross-border sales: the need for a political agenda Beat Vonlanthen, Member of

1 Online boom and cross-border sales: the need for a political agenda Beat Vonlanthen, Member of the Council of States Regulatory framework for operating e-commerce Bern, January 16 th , 2018 2 Presentation outline 1. E-commerce and politics:

349 views • 16 slides
Tariffication and Transparency of Non-tariff Measures in CEFTA possibilities from support from

Tariffication and Transparency of Non-tariff Measures in CEFTA possibilities from support from

Tariffication and Transparency of Non-tariff Measures in CEFTA possibilities from support from academia Zlatko Veterovski, Customs Administration of the Republic of North Macedonia Importance of non-tariff measures Studies about

156 views • 15 slides
A Rewriting Logic Approach to Static Checking of Units of Measurement in C Mark Hills, Feng Chen,

A Rewriting Logic Approach to Static Checking of Units of Measurement in C Mark Hills, Feng Chen,

Outline Motivation CPF Unit Safety Related Work Conclusion A Rewriting Logic Approach to Static Checking of Units of Measurement in C Mark Hills, Feng Chen, and Grigore Ro su { mhills, fengchen, grosu } @cs.uiuc.edu Formal Systems

851 views • 39 slides
Maison Louis Latour Maison Louis Latour Masterclass Twelve Innovative Wines 1 Maison Louis

Maison Louis Latour Maison Louis Latour Masterclass Twelve Innovative Wines 1 Maison Louis

Maison Louis Latour Masterclass Twelve innovative Wines 100 years of innovation and leadership at Maison Louis Latour Maison Louis Latour Masterclass Twelve Innovative Wines 1 Maison Louis Latour Masterclass Twelve Innovative Wines

441 views • 27 slides
The Derivation of Second and Fourth Order Differentiation Matrices Chris Moody and Boden Hegdal

The Derivation of Second and Fourth Order Differentiation Matrices Chris Moody and Boden Hegdal

1/26 The Derivation of Second and Fourth Order Differentiation Matrices Chris Moody and Boden Hegdal Back Close Introduction Differentiation matrices are a class of band matrices that use meth- ods of linear

514 views • 26 slides
Q2 2019 result 12 July 2019 Henri de Sauvage-Nolting, President/CEO and Frans Rydn, CFO 2

Q2 2019 result 12 July 2019 Henri de Sauvage-Nolting, President/CEO and Frans Rydn, CFO 2

Q2 2019 result 12 July 2019 Henri de Sauvage-Nolting, President/CEO and Frans Rydn, CFO 2 Q2 highlights Strong organic growth and improved operating profit Net sales amounted to SEK 1,583m (1,472). Organic growth amounted to 5.7 per

344 views • 19 slides

More recommend