a computationally sound mechanized prover for security
play

A Computationally Sound Mechanized Prover for Security Protocols P. - PowerPoint PPT Presentation

Sep 03, 2023 •350 likes •591 views

A Computationally Sound Mechanized Prover for Security Protocols P. Cogn ee, D. Kolokosso, F. M ejean, L. Pillard, J. Tharaud National School of Applied Mathematics and Computer Science, ENSIMAG 27 November 2009 P. Cogn ee, D.

  1. A Computationally Sound Mechanized Prover for Security Protocols P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud National School of Applied Mathematics and Computer Science, ENSIMAG 27 November 2009 P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 1 / 22

  2. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 2 / 22

  3. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 3 / 22

  4. CryptoVerif and Semantic CryptoVerif A Computationally Sound Mechanized Prover for Security Protocols Bruno Blanchet (CNRS, ENS, Paris) P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 4 / 22

  5. CryptoVerif and Semantic 2 approaches for proving secrecy properties of security protocols : Symbolic : { < a , x > } k , a deduction system (e.g. Dolev-Yao model), proofs based on constraint solving, . . . Computational : 10101001010 . . . , a PPTT machine, proofs based on cryptographic assumption ( → CryptoVerif) P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 5 / 22

  6. CryptoVerif and Semantic CryptoVerif is a sequence of games transformations : first game = real protocol represented in process calculus final game = no variables, only arrays of booleans Two consecutive games cannot be distinguished. P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 6 / 22

  7. CryptoVerif and Semantic Process calculus = pi-calculus + cryptographic primitives Pi-calculus : probabilitic semantic over bistrings input process, output process arrays of booleans, replication parallel composition, channel restriction Cryptographic primitives : functions over bistrings (blackboxes) P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 7 / 22

  8. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 8 / 22

  9. Observational equivalence Definition, more important result Adversary represented by Context C[.] → a c ontext C: process with an hole, having access to V, set of Variables Processes Q,Q’, verifying invariant-rules if | Pr [ C [ Q ] → 1] − Pr [ C [ Q ′ ] → 1] | is negligible then Q ≈ V Q ′ The adversary cannot distinguish which process have been used. P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 9 / 22

  10. Observational equivalence Definition, more important result Adversary represented by Context C[.] → a c ontext C: process with an hole, having access to V, set of Variables Processes Q,Q’, verifying invariant-rules if | Pr [ C [ Q ] → 1] − Pr [ C [ Q ′ ] → 1] | is negligible then Q ≈ V Q ′ The adversary cannot distinguish which process have been used. Which purpose ? if Q ≈ V Q ′ then GAME1[Q] → ≈ GAME2[Q’] using syntactic and primitives transformations P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 9 / 22

  11. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 10 / 22

  12. Game Transformations Goal : transform the process that represents the initial protocol into a process on which security property can be proved directly. It consists in : syntactic transformations ( RemoveAssign ( x ), SArename ( x ), Simplify ()) applying the definition of security of primitives : axioms used by the prover to transform a game into another equivalent game P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 11 / 22

  13. Security Primitives What means the security primitives ? Cryptographic fonctions like enc, mac, keygen . . . Designed like black-boxes here e.g : MAC (Message Authentification Code) linked with check relation : check(m,k,mac(m,k)) = true Guaranties Authenticity and integrity of a message P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 12 / 22

  14. Security Primitives Predefined transformation for security primitives: check Because, mac is UF-CMA ( difficult to forge), then we can replace check(m,k,t) with: find j < N such that defined ( x [ j ]) ∧ ( m = x [ j ]) ∧ check’(m,k,t) then true , else false It means that he adversary can compute check only if he has already computed mac(m,k); P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 13 / 22

  15. Security Primitives enc Because enc is IND-CPA we can replace : enc ( x , keygen ( r )) with : enc ′ ( Z ( x ) , keygen ′ ( r )) where Z(x) returns a bitstring of the same length than x Intuitively, it means that adversary cannot distinguish the cyphering of 2 same-size messages P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 14 / 22

  16. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 15 / 22

  17. Proof for Security : Criteria for proving Secrecy Properties Secrecy Criterias: one-session secrecy secrecy Lemma If Q ≈ x Q ′ and Q preserves the one-session secrecy of x then Q ′ preserves the one-session secrecy of x. The same result holds for secrecy. We can then apply the following mechanism, to prove that oneprotocol preserves the one-session secrecy of x: P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 16 / 22

  18. Presentation overview 1 CryptoVerif and Semantic 2 Equivalences 3 Game Transformations 4 Proof for Security Security Primitives Criteria for proving Secrecy Properties Proof Strategy 5 Results and Conclusion P. Cogn´ ee, D. Kolokosso, F. M´ ejean, L. Pillard, J. Tharaud (National School of Applied Mathematics and Computer Science, ENSIMAG) A Computationally Sound Mechanized Prover for Security Protocols 27 November 2009 17 / 22

Recommend

CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno

CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno

Introduction Using CryptoVerif Proof technique Enc-then-MAC example FDH example Conclusion CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno Blanchet CNRS, Ecole Normale Sup erieure, INRIA,

972 views • 78 slides
Towards computationally sound symbolic security analysis Daniele Micciancio, UCSD DIMACS

Towards computationally sound symbolic security analysis Daniele Micciancio, UCSD DIMACS

Towards computationally sound symbolic security analysis Daniele Micciancio, UCSD DIMACS Tutorial June 2004 Security protocols Protocols: distributed programs Goal: maintain prescribed behavior in adversarial execution environment

1.34k views • 51 slides
The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with

1/25 The Journey towards a Reference Implementation of IPSec Automatic Security Analysis with Tamarin-Prover Eike Stadtlnder July 12, 2018 2/25 Outline Motivation Tamarin-Prover Overview Multiset Rewriting Tamarin-Prover in Practice

1.32k views • 117 slides
Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike

Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike

1/18 Automatic Security Analyses of Network Protocols with Tamarin-Prover Introductory Talk Eike Stadtlnder May 17, 2018 2/18 Outline Motivation Tamarin-Prover Overview Language and Environment State Demo Goals for the Lab . 3/18

1.33k views • 99 slides
Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech)

Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech)

Two-prover entangled games are NP hard Anand Natarajan (MIT) Thomas Vidick (Caltech) arXiv:1710.03062 Interactive proofs MIP IP Completeness: If YES, prover can convince verifier with Pr c (e.g. 2/3) Soundness : If NO, prover cannot

472 views • 19 slides
Towards Automated Computationally Faithful Specify protocol participants as processes following

Towards Automated Computationally Faithful Specify protocol participants as processes following

2 Security Analysis a la Dolev-Yao Towards Automated Computationally Faithful Specify protocol participants as processes following Dolev, Yao 1982: In addition to Verification of Cryptoprotocols expected participants, model attacker who: Jan

146 views • 4 slides
Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let

Meditation for a Theorem Prover Reasoning and Consciousness Teaching a Theorem Prover to let its Mind Wander Ulrich Furbach Claudia Schon Univ. Koblenz - DFG Project Cognitive Reasoning Reasoning and Consciousness Teaching a

715 views • 55 slides
Using Python to Solve Computationally Hard Problems Using Python to Solve Computationally Hard

Using Python to Solve Computationally Hard Problems Using Python to Solve Computationally Hard

Using Python to Solve Computationally Hard Problems Using Python to Solve Computationally Hard Problems Rachael Madsen Optimal Design Software LLC BS in Mathematics Software Engineer &amp; Architect Python programmer

872 views • 46 slides
Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used

Sound 1 Sound &quot;50% of the movie experience is sound - George Lucas Sound is used to create: Mood Ambience Drama Environmental clues Continuity Feedback Practical Issues Real-time requirement

311 views • 17 slides
Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of

Masters Thesis Mechanized Type Soundness Proofs using Definitional Interpreters Hannes Saffrich University of Freiburg Department of Computer Science Programming Languages Chair September 1, 2019 Hannes Saffrich Mechanized Type

1.03k views • 39 slides
? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf)

? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf)

9/4/19 Speech Hynek Hermansky Elecrical and Computer Engineering Hackerman 324Fp ? Message sound Message P(wolf|sound) P(sound| wolf) x P(wolf) 1 9/4/19 P(sound| wolf) no wolf wolf loudness timbre (sound color) More

334 views • 14 slides
Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for

Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for

Taking the machine seriously. A study of mechanized mathematics L. De Mol Taking the machine seriously. A study of mechanized mathematics Liesbeth De Mol Centre for Logic and Philosophy of Science, Belgium elizabeth.demol@ugent.be

969 views • 57 slides
Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity

Mechanized Formal Analysis for Safety-Critical Systems: The Convergence of Need and Opportunity John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SRI Mechanized Analysis: 1

433 views • 20 slides
Tamarin prover Farzane Karami November 2019 Tamarin A tool for modeling and analysis of

Tamarin prover Farzane Karami November 2019 Tamarin A tool for modeling and analysis of

Tamarin prover Farzane Karami November 2019 Tamarin A tool for modeling and analysis of security protocols Core team: David Basin, Cas Cremers, Jannik Dreier, Simon Meier, Ralf Sasse, Benedikt Schmidt

578 views • 26 slides
A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore)

A Self-Verifying Theorem Prover Jared Davis (advertisement by J Strother Moore) Department of Computer Sciences University of Texas at Austin September 18, 2009 1 Theorem Prover ? Yes Proof Checker Yes No 2 Rules of

693 views • 40 slides
SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are

SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are

SOUND SOUND Wha hat is t is sound sound? Click on the image below to find out. Sounds are made when objects vibrate and the vibrations travel to enter you ear. You hear these vibrations as sounds. Sound is all around us We cannot

357 views • 9 slides
Making Sound Design Decisions Using Quantitative Security Metrics Bill Sanders 1 The Problem:

Making Sound Design Decisions Using Quantitative Security Metrics Bill Sanders 1 The Problem:

7/8/2014 Making Sound Design Decisions Using Quantitative Security Metrics Bill Sanders 1 The Problem: Assessing Security and Resilience Systems operate in adversarial environments Adversaries seek to degrade system operation by affecting

363 views • 19 slides
Logik Cafe, Vienna 23 May 2016 Mechanized Analysis of Reconstructions of Anselms Ontological

Logik Cafe, Vienna 23 May 2016 Mechanized Analysis of Reconstructions of Anselms Ontological

Logik Cafe, Vienna 23 May 2016 Mechanized Analysis of Reconstructions of Anselms Ontological Argument John Rushby Computer Science Laboratory SRI International Menlo Park, California, USA John Rushby, SR I Mechanized Ontological Argument

764 views • 42 slides
A Generic Tableau Prover and Its Integration with Isabelle Lawrence C. Paulson Computer

A Generic Tableau Prover and Its Integration with Isabelle Lawrence C. Paulson Computer

A Generic Tableau Prover and Its Integration with Isabelle Lawrence C. Paulson Computer Laboratory University of Cambridge 1 Overview of Isabelle a generic interactive prover for FOL, set theory, HOL, . . . Prolog influence: resolution

227 views • 10 slides
Sound &amp; Editing Lily, Matt, Mei, Michaela Sound WHAT IS SOUND? An audible vibration of the

Sound &amp; Editing Lily, Matt, Mei, Michaela Sound WHAT IS SOUND? An audible vibration of the

Sound &amp; Editing Lily, Matt, Mei, Michaela Sound WHAT IS SOUND? An audible vibration of the air or some other material. Difference between Sound and Noise Sound has communication purpose. Noise is random and unwanted. TYPES OF Sounds

103 views • 7 slides
Mechanized Metatheory Model-Checking WMM 2006 James Cheney 9/21/06 Mechanized Metatheory

Mechanized Metatheory Model-Checking WMM 2006 James Cheney 9/21/06 Mechanized Metatheory

Mechanized Metatheory Model-Checking WMM 2006 James Cheney 9/21/06 Mechanized Metatheory Model-Checking p. 1/25 Mechanized (partial) Metatheory Model-Checking WMM 2006 James Cheney 9/21/06 Mechanized Metatheory Model-Checking p.

516 views • 25 slides
Sound Slide 2 / 50 Characteristics of Sound Sound can travel through any kind of matter, but

Sound Slide 2 / 50 Characteristics of Sound Sound can travel through any kind of matter, but

Slide 1 / 50 Sound Slide 2 / 50 Characteristics of Sound Sound can travel through any kind of matter, but not through a vacuum. The speed of sound is different in different materials; in general, it is slowest in gases, faster in liquids,

326 views • 17 slides
Learning to Advise an Equational Prover Chad E. Brown 1 , Bartosz Piotrowski 1,2 , Josef Urban 1 1

Learning to Advise an Equational Prover Chad E. Brown 1 , Bartosz Piotrowski 1,2 , Josef Urban 1 1

Learning to Advise an Equational Prover Chad E. Brown 1 , Bartosz Piotrowski 1,2 , Josef Urban 1 1 Czech Technical University 2 University of Warsaw AITP 17 September 2020 Aussois Introduction aimleap is a simple prover for solving equations

790 views • 13 slides
Feedback: From Privacy &amp; Security Webinar Heres what you said: More than 95% said the

Feedback: From Privacy &amp; Security Webinar Heres what you said: More than 95% said the

O PEN E NROLLMENT &amp; R ENEWALS There is no sound through your Time: 10:00am 11:30am computer. You must dial-in Dial-In Number: 1-855-897-5763 Conference ID: 7089627 on the telephone in order to hear the sound. nystateofhealth.ny.gov 1

509 views • 46 slides

More recommend