SAT-based Verifiction of NSPKT Protocol Including Delays in the Network
|
|
- Evan Austin
- 6 years ago
- Views:
Transcription
1 SAT-based Verifiction of NSPKT Protocol Including Delays in the Network Czestochowa University of Technology Cardinal Stefan Wyszynski University MMFT2017
2
3 Importance of Security Protocols Key point of security systems Used in many areas Errors in: structure, operations, security Specification and verification importance Need for the complete formal model IT market development sets new requirements
4 New Challenges Detailed analysis of the protocol Tailor-made security The importance of time
5 World Leaders AVISPA ProVerif Scyther VerIcs PRISM
6 Basic elements Protocol definition (with time aspect) α 1 = (S, R, L), α 2 = (τ, D, X, G, tc) (1)
7 Example: Needham-Schroeder Public Key Protocol α 1 = (α1, 1 α1), 2 α1 1 = (A; B; τ A I A KB ), α1 2 = (τ 1; D 1; {τ A, I A, K B}; {τ A}; τ 1 + D 1 τ A L), α 2 = (α2, 1 α2), 2 α2 1 = (B; A; τ B τ A KA ), α2 2 = (τ 2; D 2; {τ B, τ A, K A}; {τ B}; τ 2 + D 2 τ A L τ 2 + D 2 τ B L), α 3 = (α3, 1 α3), 2 α3 1 = (A; B; τ B KB ), α3 2 = (τ 3; D 3; {τ A, K B}; { }; τ 3 + D 3 τ A L τ 3 + D 3 τ B L).
8 Automata Model Network of synchronized timed automata for NSPK protocol
9 Automata Model Network of synchronized timed automata for NSPK protocol
10 Automata Model Network of synchronized timed automata for NSPK protocol
11 Automata Model Network of synchronized timed automata for NSPK protocol
12 Automata Model Network of synchronized timed automata for NSPK protocol
13 Time dependencies Message composing time Duration of k-step T c = T sz + T g (2) T k = T sz + T g + D + T dsz (3) T min k = T sz + T g + D min + T dsz (4) T max k = T sz + T g + D max + T dsz (5)
14 Time dependencies Session time T ses = T min ses = T max ses = n T k (6) k=1 n k=1 n k=1 T min k (7) T max k (8)
15 Time dependencies Lifetime in single step where: k step number, T out k = n i=k n number of all steps in protocol, T max i maximum time of step execution. T max i (9)
16 Steps of Procedure Writing protocol in ProToc language. Generating a set of protocol executions. Generating a network of timed automata. Generating a formulas for SAT-Solver. SAT-Solver testing. Saving results to a file.
17 Selected SAT-solvers
18 Experimental results for NSPK protocol Time assumptions: Delays in D = 0, 15[tu], lifetime Lf = 2[tu]
19 Susceptibility to Attack Protocol NSPK will be vulnerable to attack if in the first step: D Lf in the second step: D Lf /4 in the last step: D Lf /5
20 Experimental results for NSPK protocol, with time restrictions Time assumptions: Delay in the following steps D 1 = 10, 1[tu], D 2 = 2, 6[tu], D 3 = 2, 1[tu], lifetime Lf = 10[tu]
21 Presented method can be used for fast and simple protocol verification. With the implemented tool, we can not only find the attack on the protocol, but also check if the protocol makes sense. Shown time constraints, enable us to determine the protocol time frame in which it is vulnerable to attack. This is one of the steps to accurately show the strengths and weaknesses of security protocols.
22 I Armando, A., et. al.: The AVISPA tool for the automated validation of internet security protocols and applications. In: Proc. of 17th Int. Conf. on Computer Aided Verification (CAV 05), vol of LNCS, pp , Springer (2005) Burrows M., Abadi M., Needham R.: A Logic of Authentication, In: Proceedings of the Royal Society of London A, vol. 426, pp , (1989) Cremers, C.: The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols, In: Proceedings of the 20th International Conference on Computer Aided Verification, Princeton, USA, pp (2008) Dolev, D. and Yao, A.: On the security of public key protocols. In: IEEE Transactions on Information Theory, 29(2), pp (1983) M., Penczek W.: Applying Timed Automata to Model Checking of Security Protocols, in ed. J. Wang, Handbook of Finite State Based Models and Applications, pp , CRC Press, Boca Raton, USA (2012) Lowe, G.: Breaking and Fixing the Needham-Schroeder Public-key Protocol Using fdr., In:TACAS, LNCS, Springer, pp (1996) Needham, R. M., Schroeder, M.D.: Using encryption for authentication in large networks of computers. Commun. ACM, 21(12), (1978) Paulson L.: Inductive Analysis of the Internet Protocol TLS, TR440, University of Cambridge, Computer Laboratory (1998)
Some Remarks on Security Protocols Verification Tools
Some Remarks on Security Protocols Verification Tools Mirosław Kurkowski 1, Adam Kozakiewicz 2 and Olga Siedlecka-Lamch 3 1 Institute of Computer Sciences, Cardinal Stefan Wyszynski University Warsaw,
More informationThe Scyther Tool: Verification, Falsification, and Analysis of Security Protocols
The Scyther Tool: Verification, Falsification, and Analysis of Security Protocols Tool Paper Cas J.F. Cremers Department of Computer Science, ETH Zurich, 8092 Zurich, Switzerland cas.cremers@inf.ethz.ch
More informationMechanising BAN Kerberos by the Inductive Method
Mechanising BAN Kerberos by the Inductive Method Giampaolo Bella Lawrence C Paulson Computer Laboratory University of Cambridge New Museums Site, Pembroke Street Cambridge CB2 3QG (UK) {gb221,lcp}@cl.cam.ac.uk
More informationThe AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications
The AVISPA Tool for the Automated Validation of Internet Security Protocols and Applications Alessandro Armando AI-Lab, DIST, Università di Genova Università di Genova INRIA-Lorraine ETH Zurich Siemens
More informationLogic of Authentication
Logic of Authentication Dennis Kafura Derived from materials authored by: Burrows, Abadi, Needham 1 Goals and Scope Goals develop a formalism to reason about authentication protocols uses determine guarantees
More informationComparing State Spaces in Automatic Security Protocol Verification
Technical Report No. 558 Comparing State Spaces in Automatic Security Protocol Verification Cas Cremers and Pascal Lafourcade Information Security, ETH Zürich, IFW C Haldeneggsteig 4 CH-8092 Zürich Switzerland.
More informationKey Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2. Cas Cremers, ETH Zurich
Key Exchange in IPsec revisited: Formal Analysis of IKEv1 and IKEv2 Cas Cremers, ETH Zurich Overview What is IKE? Internet Key Exchange, part of IPsec Formal analysis of IKE Previously considered infeasible
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationOutline. More Security Protocols CS 239 Security for System Software April 22, Needham-Schroeder Key Exchange
Outline More Security Protocols CS 239 Security for System Software April 22, 2002 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and
More informationOutline More Security Protocols CS 239 Computer Security February 6, 2006
Outline More Security Protocols CS 239 Computer Security February 6, 2006 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationA Comparative Study of Formal Verification Techniques for Authentication Protocols
University of South Florida Scholar Commons Graduate Theses and Dissertations Graduate School November 2015 A Comparative Study of Formal Verification Techniques for Authentication Protocols Hernan Miguel
More informationAnalysis of an E-voting Protocol using the Inductive Method
Analysis of an E-voting Protocol using the Inductive Method Najmeh Miramirkhani 1, Hamid Reza Mahrooghi 1, Rasool Jalili 1 1 Sharif University of Technology,Tehran, Iran {miramirkhani@ce., mahrooghi@ce.,
More informationAdvanced Cryptography 1st Semester Symmetric Encryption
Advanced Cryptography 1st Semester 2007-2008 Pascal Lafourcade Université Joseph Fourrier, Verimag Master: October 22th 2007 1 / 58 Last Time (I) Security Notions Cyclic Groups Hard Problems One-way IND-CPA,
More informationThe Weakest Precondition Protocol Analysis Environment
The Weakest Precondition Analysis Environment Alec Yasinsac Michael P. Runy yasinsac@cs.fsu.edu runy@nortelnetworks.com Department of Computer Science Florida State University Tallahassee, FL 32306-4530
More informationBAN Logic. Logic of Authentication 1. BAN Logic. Source. The language of BAN. The language of BAN. Protocol 1 (Needham-Schroeder Shared-Key) [NS78]
Logic of Authentication 1. BAN Logic Ravi Sandhu BAN Logic BAN is a logic of belief. In an analysis, the protocol is first idealized into messages containing assertions, then assumptions are stated, and
More informationPresented by Jack G. Nestell. Topics for Discussion. I. Introduction. Discussion on the different logics and methods of reasonings of Formal Methods
A Discussion on Security Protocols over open networks and distributed Systems: Formal methods for their Analysis, Design, and Verification S. Gritzalis, D. Spinellis, and P. Georgiadis Presented by Jack
More informationNEW FUNCTIONS FOR SECRECY ON REAL PROTOCOLS
NEW FUNCTIONS FOR SECRECY ON REAL PROTOCOLS Jaouhar Fattahi 1 and Mohamed Mejri 1 and Hanane Houmani 2 1 LSI Group, Laval University, Quebec, Canada 2 University Hassan II, Morocco ABSTRACT In this paper,
More informationOutline More Security Protocols CS 239 Computer Security February 4, 2004
Outline More Security Protocols CS 239 Computer Security February 4, 2004 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationA SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS
A SIGNATURE ALGORITHM BASED ON DLP AND COMPUTING SQUARE ROOTS Ounasser Abid 1 and Omar Khadir 2 1, 2 Laboratory of Mathematics, Cryptography and Mechanics, FSTM University Hassan II of Casablanca, Morocco
More informationFormal Methods for Assuring Security of Computer Networks
for Assuring of Computer Networks May 8, 2012 Outline Testing 1 Testing 2 Tools for formal methods Model based software development 3 Principals of security Key security properties Assessing security protocols
More informationAutomatic SAT-Compilation of Protocol Insecurity Problems via Reduction to Planning
Automatic SAT-Compilation of Protocol Insecurity Problems via Reduction to Planning Luca Compagna joint work with Alessandro Armando MRG-Lab DIST, University of Genova FLoC 2002 FCS and VERIFY, Copenhagen,
More informationComputationally Sound Mechanized Proof of PKINIT for Kerberos
Computationally Sound Mechanized Proof of PKINIT for Kerberos B. Blanchet 1, A. D. Jaggard 2, J. Rao 3, A. Scedrov 3, J.-K. Tsay 4 Protocol exchange Meeting 02 October 2008 1 ENS 2 Rutgers University 3
More informationState Identification In The Hybrid Automata Description Of Dynamical Systems
State Identification In The Hybrid Automata Description Of Dynamical Systems ISABELLA KOTINI, GEORGE HASSAPIS Dept. of Electrical and Computer Engineering Aristotle University of Thessaloniki 54006, Thessaloniki
More informationMechanized Proofs of Security Protocols: Needham-Schroeder with Public Keys
Mechanized Proofs of Security Protocols: Needham-Schroeder with Public Keys Lawrence C. Paulson Computer Laboratory University of Cambridge lcp@cl.cam.ac.uk January 1997 Abstract The inductive approach
More informationIntrusion Attack Tactics for the Model Checking of e-commerce Security Guarantees
Intrusion Attack Tactics for the Model Checking of e-commerce Security Guarantees Stylianos Basagiannis, Panagiotis Katsaros, and Andrew Pombortsis Department of Informatics, Aristotle University of Thessaloniki
More informationLogics of authentication
Archive material from Edition 2 of Distributed Systems: Concepts and Design George Coulouris, Jean Dollimore & Tim indberg 1994 Permission to copy for all non-commercial purposes is hereby granted Originally
More informationTwo Formal Views of Authenticated Group Diffie-Hellman Key Exchange
Two Formal Views of Authenticated Group Diffie-Hellman Key Exchange E. Bresson 1, O. Chevassut 2,3, O. Pereira 2, D. Pointcheval 1 and J.-J. Quisquater 2 1 Ecole Normale Supérieure, 75230 Paris Cedex 05,
More informationModel Checking and Its Applications
Model Checking and Its Applications Orna Grumberg Technion, Israel Verification and Deduction Mentoring Workshop July 13, 2018 1 Personal data Ph.d. in (non-automated) verification Postdoc in Model Checking
More informationSymbolic Cryptographic Protocol Analysis I
Symbolic Cryptographic Protocol Analysis I Jonathan K. Millen The MITRE Corporation August 2007 The author s affiliation with The MITRE Corporation is provided for identification purposes only, and is
More informationAuthenticated Key Agreement without Subgroup Element Verification
Authenticated Key Agreement without Subgroup Element Verification Taekyoung Kwon Sejong University, Seoul 143-747, Korea E-mail: tkwon@sejong.ac.kr Abstract. In this paper, we rethink the security of authenticated
More informationSecurity protocols and their verification. Mark Ryan University of Birmingham
Security protocols and their verification Mark Ryan University of Birmingham Contents 1. Authentication protocols (this lecture) 2. Electronic voting protocols 3. Fair exchange protocols 4. Digital cash
More informationMechanized Proofs for a Recursive Authentication Protocol
Recursive Authentication Protocol 1 L. C. Paulson Mechanized Proofs for a Recursive Authentication Protocol Lawrence C. Paulson Computer Laboratory University of Cambridge Recursive Authentication Protocol
More informationA ROLE-BASED SPECIFICATION OF THE SET PAYMENT TRANSACTION PROTOCOL
A ROLE-BASED SPECIFICATION OF THE SET PAYMENT TRANSACTION PROTOCOL Hideki Sakurada NTT Communication Science Laboratories, NTT Corporation, 3-1 Morinosato- Wakamiya, Atsugi, Kanagawa, 243-0198 Japan sakurada0theory.brl.ntt.co.jp
More informationEvent-B Course. 11. Formal Development of a Security Protocol (the Needham-Schroeder protocol)
Event-B Course 11. Formal Development of a Security Protocol (the Needham-Schroeder protocol) Jean-Raymond Abrial September-October-November 2011 Outline 1 - Requirement Document - Refinement Strategy
More informationAcknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications
CSE565: Computer Security Lectures 16 & 17 Authentication & Applications Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 Lec 16.1 Acknowledgments Material for some
More informationRelations Between Secrets: Two Formal Analyses of the Yahalom Protocol
Relations Between Secrets: Two Formal Analyses of the Yahalom Protocol Lawrence C. Paulson Computer Laboratory University of Cambridge Pembroke Street Cambridge CB2 3QG England lcp@cl.cam.ac.uk July 1997
More informationRough Set Approaches to Rule Induction from Incomplete Data
Proceedings of the IPMU'2004, the 10th International Conference on Information Processing and Management of Uncertainty in Knowledge-Based Systems, Perugia, Italy, July 4 9, 2004, vol. 2, 923 930 Rough
More informationOn Formal Verification Methods for Password-based Protocols: CSP/FDR and AVISPA
On Formal Verification Methods for Password-based s: CSP/FDR and AVISPA ABDELILAH TABET, SEONGHAN SHIN, KAZUKUNI KOBARA, and HIDEKI IMAI Institute of Industrial Science University of Tokyo 4-6-1 Komaba
More informationEfficient Compilers for Authenticated Group Key Exchange
Efficient Compilers for Authenticated Group Key Exchange Qiang Tang and Chris J. Mitchell Information Security Group, Royal Holloway, University of London Egham, Surrey TW20 0EX, UK {qiang.tang, c.mitchell}@rhul.ac.uk
More informationSecurity Protocol Deployment Risk
Security Protocol Deployment Risk Simon N. Foley 1, Giampaolo Bella 2,3, and Stefano Bistarelli 4,5 1 Department of Computer Science, University College Cork, Ireland 2 SAP Research, Mougins, France 3
More informationVerifying Real-World Security Protocols from finding attacks to proving security theorems
Verifying Real-World Security Protocols from finding attacks to proving security theorems Karthik Bhargavan http://prosecco.inria.fr + many co-authors at INRIA, Microsoft Research, Formal security analysis
More informationComputer Networks & Security 2016/2017
Computer Networks & Security 2016/2017 Network Security Protocols (10) Dr. Tanir Ozcelebi Courtesy: Jerry den Hartog Courtesy: Kurose and Ross TU/e Computer Science Security and Embedded Networked Systems
More informationRefining Computationally Sound Mech. Proofs for Kerberos
Refining Computationally Sound Mechanized Proofs for Kerberos Bruno Blanchet Aaron D. Jaggard Jesse Rao Andre Scedrov Joe-Kai Tsay 07 October 2009 Protocol exchange Meeting Partially supported by ANR,
More informationModelling and Analysing of Security Protocol: Lecture 1. Introductions to Modelling Protocols. Tom Chothia CWI
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI This Course This course will primarily teaching you: How to design your own secure communication
More informationCAS+ Ronan Saillard and Thomas Genet March 21, 2011
CAS+ Ronan Saillard and Thomas Genet March 21, 2011 We present the CAS+ language designed for the easy specification and verification of security protocols. The objective of CAS+ is to have a language
More informationSEMINAR REPORT ON BAN LOGIC
SEMINAR REPORT ON BAN LOGIC Submitted by Name : Abhijeet Chatarjee Roll No.: 14IT60R11 SCHOOL OF INFORMATION TECHNOLOGY INDIAN INSTITUTE OF TECHNOLOGY, KHARAGPUR-721302 (INDIA) Abstract: Authentication
More informationCIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols
CIS 6930/4930 Computer and Network Security Topic 6.2 Authentication Protocols 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake. Authenticate
More informationPROPAGATION-BASED CONSTRAINT SOLVER IN IMS Igor Ol. Blynov Kherson State University
Інформаційні технології в освіті UDC 0044:37 PROPAGATION-BASED CONSTRAINT SOLVER IN IMS Igor Ol Blynov Kherson State University Abstracts Article compiling the main ideas of creating propagation-based
More informationTowards Developing Secure Systems using UML
Towards Developing Secure Systems using UML Jan Jürjens Computing Laboratory, University of Oxford jan@comlab.ox.ac.uk http://www.jurjens.de/jan 1 Motivation Security important (business transactions over
More informationApplied Cryptography Basic Protocols
Applied Cryptography Basic Protocols Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Session keys It is prudent practice to use a different key for each session. This
More informationA Limitation of BAN Logic Analysis on a Man-in-the-middle Attack
ISS 1746-7659, England, U Journal of Information and Computing Science Vol. 1, o. 3, 2006, pp. 131-138 Limitation of Logic nalysis on a Man-in-the-middle ttack + Shiping Yang, Xiang Li Computer Software
More informationCRYPTOGRAPHIC PROTOCOLS SPECIFICATION AND VERIFICATION TOOLS - A SURVEY
DOI: 10.21917/ijct.2017.0226 CRYPTOGRAPHIC PROTOCOLS SPECIFICATION AND VERIFICATION TOOLS - A SURVEY Amol H. Shinde 1, A.J. Umbarkar 2 and N.R. Pillai 3 1,2 Department of Information Technology, Walchand
More informationTutorial on Model Checking Modelling and Verification in Computer Science
Tutorial on Model Checking Modelling and Verification in Computer Science Armin Biere Institute for Formal Models and Verification Johannes Kepler University, Linz, Austria Abstract. This paper serves
More informationSpecifying Kerberos 5 Cross-Realm Authentication
Specifying Kerberos 5 Cross-Realm Authentication Iliano Cervesato, Aaron D. Jaggard, Andre Scedrov, and Chris Walstad Supported by ONR, NSF, NRL Outline Introduction Kerberos 5 Formalization Properties
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationOutline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication
Outline Security Handshake Pitfalls (Chapter 11 & 12.2) Login Only Authentication (One Way) Login i w/ Shared Secret One-way Public Key Lamport s Hash Mutual Authentication Shared Secret Public Keys Timestamps
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationCODESSEAL: Compiler/FPGA Approach to Secure Applications
CODESSEAL: Compiler/FPGA Approach to Secure Applications Olga Gelbart 1, Paul Ott 1, Bhagirath Narahari 1, Rahul Simha 1, Alok Choudhary 2, and Joseph Zambreno 2 1 The George Washington University, Washington,
More informationFinal Exam 90 minutes Date: TOTAL: 90 points
F.Autreau J. Dreier P.Lafourcade Y. Lakhnech JL. Roch Final Exam 90 minutes Date: 13.12.2012 TOTAL: 90 points Security models 1st Semester 2012/2013 J. Dreier P. Lafourcade Y. Lakhnech Notice: the number
More informationFormalizing and Analyzing Sender Invariance
Formalizing and Analyzing Sender Invariance Paul Hankes Drielsma, Sebastian Mödersheim, Luca Viganò, David Basin Information Security Group, Dep. of Computer Science, ETH Zurich, Switzerland www.infsec.ethz.ch/~{drielsma,moedersheim,vigano,basin}
More informationOn-the-Fly Model Checking of Security Protocols and Web Services
On-the-Fly Model Checking of Security Protocols and Web Services Luca Viganò Department of Computer Science University of Verona Fosad 2009 Luca Viganò (University of Verona) OFMC Fosad 2009 1 / 116 Joint
More informationCuts from Proofs: A Complete and Practical Technique for Solving Linear Inequalities over Integers
Cuts from Proofs: A Complete and Practical Technique for Solving Linear Inequalities over Integers Isil Dillig, Thomas Dillig, and Alex Aiken Computer Science Department Stanford University Linear Arithmetic
More informationAnalysis of Verification Tools for Security Protocols
Analysis of Verification Tools for Security Protocols Sergey Reznick, Igor Kotenko Computer Security Research Group, St. Petersburg Institute for Informatics and Automation of Russian Academy of Sciences
More informationFast and Automatic Verification of Authentication and Key Exchange Protocols 1
IJCSNS International Journal of Computer Science and Network Security, VOL.11 No.4, April 2011 1 Fast and Automatic Verification of Authentication and Key Exchange Protocols 1 Haruki Ota Shinsaku Kiyomoto,
More informationEfficient Circuit to CNF Conversion
Efficient Circuit to CNF Conversion Panagiotis Manolios and Daron Vroon College of Computing, Georgia Institute of Technology, Atlanta, GA, 30332, USA http://www.cc.gatech.edu/home/{manolios,vroon} Abstract.
More informationDigital Signatures. Secure Digest Functions
Digital Signatures Secure Digest Functions 8 requirements for one-way hash functions given M, H(M) is easy to compute given H(M), M is difficult to compute given M, it is difficult to find M such that
More informationIntroduction to Security
Introduction to Security Avinanta Tarigan Universitas Gunadarma 1 Avinanta Tarigan Introduction to Security Layout Problems General Security Cryptography & Protocol reviewed 2 Avinanta Tarigan Introduction
More informationA Hierarchy of Authentication Specifications
A Hierarchy of Autication Specifications Gavin Lowe Department of Mathematics and Computer Science University of Leicester, University Road Leicester, LE1 7RH, UK Email: gavin.lowe@mcs.le.ac.uk Abstract
More informationThe Needham-Schroeder-Lowe Protocol with Event-B
The Needham-Schroeder-Lowe Protocol with Event-B (February 2011) (version 4) J.R. Abrial 1 1 Introduction This text contains the formal development (with proofs) of the Needham-Schroeder-Lowe Protocol
More informationVerification of security protocols introduction
Verification of security protocols introduction Stéphanie Delaune CNRS & IRISA, Rennes, France Tuesday, November 14th, 2017 Cryptographic protocols everywhere! they aim at securing communications over
More informationA Family of Multi-Party Authentication Protocols
A Family of Multi-Party Authentication Protocols Extended abstract C.J.F. Cremers and S.Mauw Eindhoven University of Technology, Department of Mathematics and Computer Science, P.O. Box 513, NL-5600 MB
More informationVerification of Java programs using networks of finite automata with discrete data.
Catholic University in Ružomberok Scientific Issues, Mathematica II, Ružomberok 2009 Verification of Java programs using networks of finite automata with discrete data. Bożena Woźna, Andrzej Zbrzezny Institute
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationThe Maude LTL Model Checker and Its Implementation
The Maude LTL Model Checker and Its Implementation Steven Eker 1,José Meseguer 2, and Ambarish Sridharanarayanan 2 1 Computer Science Laboratory, SRI International Menlo Park, CA 94025 eker@csl.sri.com
More informationBreaking and Fixing Public-Key Kerberos
Breaking and Fixing Public-Key Kerberos Iliano Cervesato Carnegie Mellon University - Qatar iliano@cmu.edu Joint work with Andre Scedrov, Aaron Jaggard, Joe-Kai Tsay, Christopher Walstad ASIAN 06 December
More informationProtocols. Protocols. Pascal Lafourcade. Université Joseph Fourier, Verimag. October 6th / 63
Protocols Pascal Lafourcade Université Joseph Fourier, Verimag October 6th 2008 1 / 63 Last Time Historic and Motivation 2 / 63 General Schedule 1 Lundi 15 septembre Historique de la cryptographie 2 Lundi
More informationThe automatic analysis of cryptographic protocols by using formal methods on concurrent. languages is a subject widely treated
Using tccp for the Specication of Communication Protocols Alexei Lescaylle Alicia Villanueva alescaylle@dsic.upv.es DSIC, UPV villanue@dsic.upv.es DSIC, UPV Abstract The automatic analysis of cryptographic
More informationBreaking and Fixing Public-Key Kerberos
Breaking and Fixing Public-Key Kerberos Iliano Cervesato Carnegie Mellon University - Qatar iliano@cmu.edu Joint work with Andre Scedrov, Aaron Jaggard, Joe-Kai Tsay, Christopher Walstad Qatar University
More informationNew attacks on the MacDES MAC Algorithm. 1st July Two new attacks are given on a CBC-MAC algorithm due to Knudsen and Preneel, [2],
New attacks on the MacDES MAC Algorithm Don Coppersmith IBM Research T. J. Watson Research Center Yorktown Heights, NY 10598, USA copper@watson.ibm.com Chris J. Mitchell Information Security Group Royal
More informationKey Agreement. Guilin Wang. School of Computer Science, University of Birmingham
Key Agreement Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Motivations As we know, symmetric key encryptions are usually much more efficient than public key encryptions,
More informationA New Energy Efficient and Scalable Multicasting Algorithm for Hierarchical Networks
International Journal of Engineering Research and Development ISSN: 2278-067X, Volume 1, Issue 5 (June 2012), PP.12-17 www.ijerd.com A New Energy Efficient and Scalable Multicasting Algorithm for Hierarchical
More informationThe Needham-Schroeder-Lowe Protocol with Event-B
The Needham-Schroeder-Lowe Protocol with Event-B J.R. Abrial 1 1 Introduction This text contains the formal development (with proofs) of the Needham-Schroeder-Lowe Protocol [1] [2] using Event-B [3] and
More informationFormal Methods for Security Protocols
Role of Temur.Kutsia@risc.uni-linz.ac.at Formal Methods Seminar January 26, 2005 Role of Outline 1 Role of 2 Security Properties Attacker Models Keys Symmetric and Asymmetric Systems 3 Notation and Examples
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationA Short SPAN+AVISPA Tutorial
A Short SPAN+AVISPA Tutorial Thomas Genet IRISA/Université de Rennes 1 genet@irisa.fr November 6, 2015 Abstract The objective of this short tutorial is to show how to use SPAN to understand and debug HLPSL
More informationSecurity Protocol Verification: Symbolic and Computational Models
Security Protocol Verification: Symbolic and Computational Models Bruno Blanchet INRIA, École Normale Supérieure, CNRS Bruno.Blanchet@ens.fr March 2012 Bruno Blanchet (INRIA, ENS, CNRS) ETAPS March 2012
More informationGeneralized Coordinates for Cellular Automata Grids
Generalized Coordinates for Cellular Automata Grids Lev Naumov Saint-Peterburg State Institute of Fine Mechanics and Optics, Computer Science Department, 197101 Sablinskaya st. 14, Saint-Peterburg, Russia
More informationCryptanalysis of Two Password-Authenticated Key Exchange. Protocols between Clients with Different Passwords
International Mathematical Forum, 2, 2007, no. 11, 525-532 Cryptanalysis of Two Password-Authenticated Key Exchange Protocols between Clients with Different Passwords Tianjie Cao and Yongping Zhang School
More informationF-Soft: Software Verification Platform
F-Soft: Software Verification Platform F. Ivančić, Z. Yang, M.K. Ganai, A. Gupta, I. Shlyakhter, and P. Ashar NEC Laboratories America, 4 Independence Way, Suite 200, Princeton, NJ 08540 fsoft@nec-labs.com
More informationfor Compound Authentication
Verified Contributive Channel Bindings for Compound Authentication Antoine Delignat-Lavaud, Inria Paris Joint work with Karthikeyan Bhargavan and Alfredo Pironti Motivation: Authentication Composition
More informationHECTOR: Formal System-Level to RTL Equivalence Checking
ATG SoC HECTOR: Formal System-Level to RTL Equivalence Checking Alfred Koelbl, Sergey Berezin, Reily Jacoby, Jerry Burch, William Nicholls, Carl Pixley Advanced Technology Group Synopsys, Inc. June 2008
More informationAuthentication Protocols
COMP Distributed Systems Protocols Kevin Jeffay Department of Computer Science University of North Carolina at Chapel Hill jeffay@cs.unc.edu October 5, 999 http://www.cs.unc.edu/~jeffay/courses/compf99
More information(In)security of ecient tree-based group key agreement using bilinear map
Loughborough University Institutional Repository (In)security of ecient tree-based group key agreement using bilinear map This item was submitted to Loughborough University's Institutional Repository by
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationDesign of an Efficient Security Protocol Analyzer
74 IJCSNS International Journal of Computer Science and Network Security, VOL.7 No.6, June 2007 Design of an Efficient Security Protocol Analyzer Shinsaku KIYOMOTO, Haruki OTA, and Toshiaki TANAKA KDDI
More informationConstraint Differentiation: A New Reduction Technique for Constraint-Based Analysis of Security Protocols
Constraint Differentiation: A New Reduction Technique for Constraint-Based Analysis of Security Protocols David Basin Dep. of Computer Science ETH Zurich CH-8092 Zurich, Switzerland basin@inf.ethz.ch Sebastian
More informationOPTICAL ERATOSTHENES SIEVE
STUDIA UNIV. BABEŞ BOLYAI, INFORMATICA, Volume LVI, Number 1, 2011 OPTICAL ERATOSTHENES SIEVE LIVIU ŞTIRB Abstract. The sieve of Eratosthenes is a simple algorithm for finding all prime numbers up to a
More informationSystematic generation of attack scenarios against industrial systems
Systematic generation of attack scenarios against industrial systems Maxime Puys, Marie-Laure Potet and Jean-Louis Roch VERIMAG, University of Grenoble Alpes / Grenoble-INP, France Firstname.Name@imag.fr
More informationA Remote Biometric Authentication Protocol for Online Banking
International Journal of Electrical Energy, Vol. 1, No. 4, December 2013 A Remote Biometric Authentication Protocol for Online Banking Anongporn Salaiwarakul Department of Computer Science and Information
More informationSecurity protocols. Correctness of protocols. Correctness of protocols. II. Logical representation and analysis of protocols.i
Security protocols Logical representation and analysis of protocols.i A security protocol is a set of rules, adhered to by the communication parties in order to ensure achieving various security or privacy
More information