Reducing search space for trace equivalence checking FOSAD 2013 Lucca Hirschi LSV, ENS Cachan September 5, 2013 David Baelde Stéphanie Delaune joint work with and LSV LSV
Introduction Model Big Picture Differentiation Conclusion Context Prove automatically security properties of cryptographic protocols using formal methods. Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 2 / 20
Introduction Model Big Picture Differentiation Conclusion Context Prove automatically security properties of cryptographic protocols using formal methods. Tools Applied- π models protocols (Dolev-Yao model); Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 2 / 20
Introduction Model Big Picture Differentiation Conclusion Context Prove automatically security properties of cryptographic protocols using formal methods. Tools Applied- π models protocols (Dolev-Yao model); reachability or equivalence model security properties; Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 2 / 20
Introduction Model Big Picture Differentiation Conclusion Context Prove automatically security properties of cryptographic protocols using formal methods. Tools Applied- π models protocols (Dolev-Yao model); reachability or equivalence model security properties; algorithms check reachability or equivalence. Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 2 / 20
Introduction Model Big Picture Differentiation Conclusion Context Prove automatically security properties of cryptographic protocols using formal methods. Tools Applied- π models protocols (Dolev-Yao model); reachability or equivalence model security properties; algorithms check reachability or equivalence. Issue Main bottleneck: size of search space (interleavings). Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 2 / 20
Introduction Model Big Picture Differentiation Conclusion Context Prove automatically security properties of cryptographic protocols using formal methods. Tools Applied- π models protocols (Dolev-Yao model); reachability or equivalence model security properties; algorithms check reachability or equivalence. Issue Main bottleneck: size of search space (interleavings). Our Contribution Reduce search space of equivalence checking using POR ideas by eliminating a lot of redundancies. Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 2 / 20
Introduction Model Big Picture Differentiation Conclusion Our Contribution Reduce search space of equivalence checking using POR ideas by eliminating a lot of redundancies. Sebastian Mödersheim, Luca Vigano, and David Basin. Constraint differentiation: Search-space reduction for the constraint-based analysis of security protocols. Journal of Computer Security , 18(4):575–618, 2010. Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 3 / 20
Introduction Model Big Picture Differentiation Conclusion Outline Introduction 1 Model 2 Big Picture 3 Differentiation 4 Conclusion 5 Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 4 / 20
Introduction Model Big Picture Differentiation Conclusion Outline Introduction 1 Model 2 Big Picture 3 Differentiation 4 Conclusion 5 Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 5 / 20
Introduction Model Big Picture Differentiation Conclusion Applied- π Terms T : a given set of terms modulo an equational theory. E.g. dec ( enc ( m , k ) , k ) = m . Simple Processes P c ::= 0 | [ T ] in ( c , x ) | [ T ] out ( c , m ) . P c m 2 T P s ::= P c 1 | P c 2 | . . . P c n c i 6 = c j Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 6 / 20
Introduction Model Big Picture Differentiation Conclusion Applied- π Terms T : a given set of terms modulo an equational theory. E.g. dec ( enc ( m , k ) , k ) = m . Simple Processes P c ::= 0 | [ T ] in ( c , x ) | [ T ] out ( c , m ) . P c m 2 T P s ::= P c 1 | P c 2 | . . . P c n c i 6 = c j Process: ( P s ; Φ ) ( Φ set of messages revealed to the intruder). Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 6 / 20
Introduction Model Big Picture Differentiation Conclusion Applied- π Terms T : a given set of terms modulo an equational theory. E.g. dec ( enc ( m , k ) , k ) = m . Simple Processes P c ::= 0 | [ T ] in ( c , x ) | [ T ] out ( c , m ) . P c m 2 T P s ::= P c 1 | P c 2 | . . . P c n c i 6 = c j Process: ( P s ; Φ ) ( Φ set of messages revealed to the intruder). Semantics ν w . out ( c , w ) ( { [ T ] . out ( c , m ) . P } ] P ; Φ ) � � � � � � � ! ( { P } ] P ; Φ [ { w B m } ) if T ^ w fresh in Φ in ( c , t ) ( { in ( c , x ) . P } ] P ; Φ ) � � � ! ( { P [ x 7! u ] } [ P ; Φ ) if t Φ = u ^ fv ( t ) ✓ dom ( Φ ) Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 6 / 20
Introduction Model Big Picture Differentiation Conclusion Equivalence Trace equivalence Φ ⇠ Φ 0 ( ) M Φ 0 = N Φ 0 and ) 8 M , N , M Φ = N Φ ( conversely; s ! B 0 ^ Φ A 0 ⇠ Φ B 0 and conversely. s A ⇡ B ( ) 8 A ! A 0 , 9 B 0 , B � � Trace equivalence allows to model anonymity, unlikability, etc. Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 7 / 20
Introduction Model Big Picture Differentiation Conclusion Equivalence Trace equivalence Φ ⇠ Φ 0 ( ) M Φ 0 = N Φ 0 and ) 8 M , N , M Φ = N Φ ( conversely; s ! B 0 ^ Φ A 0 ⇠ Φ B 0 and conversely. s A ⇡ B ( ) 8 A � ! A 0 , 9 B 0 , B � Trace equivalence allows to model anonymity, unlikability, etc. Our aim Improve algorithms / programs checking trace equivalence (for simple processes). Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 7 / 20
Introduction Model Big Picture Differentiation Conclusion Symbolic calculus - 1 Inputs messages: infinitely branching symbolic calculus. Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 8 / 20
Introduction Model Big Picture Differentiation Conclusion Symbolic calculus - 1 Inputs messages: infinitely branching symbolic calculus. System of Constraints Constraints: ( X B x ); u = v , ( fv ? ( X ) : dom ( Φ )) ; System of constraints: ( Φ , D ) . Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 8 / 20
Introduction Model Big Picture Differentiation Conclusion Symbolic calculus - 1 Inputs messages: infinitely branching symbolic calculus. System of Constraints Constraints: ( X B x ); u = v , ( fv ? ( X ) : dom ( Φ )) ; System of constraints: ( Φ , D ) . P = out ( c , k ) . in ( c , x ) . out ( c , h k , x i ) . in ( c , y ) leads to D = { X B x ; Y B y ; ( fv ? ( X ) : { w } ); ( fv ? ( Y ) = { w ; w 0 } ) } Φ = { w B k ; w 0 B h k , x i } Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 8 / 20
Introduction Model Big Picture Differentiation Conclusion Symbolic calculus - 1 Inputs messages: infinitely branching symbolic calculus. System of Constraints Constraints: ( X B x ); u = v , ( fv ? ( X ) : dom ( Φ )) ; System of constraints: ( Φ , D ) . P = out ( c , k ) . in ( c , x ) . out ( c , h k , x i ) . in ( c , y ) leads to D = { X B x ; Y B y ; ( fv ? ( X ) : { w } ); ( fv ? ( Y ) = { w ; w 0 } ) } Φ = { w B k ; w 0 B h k , x i } Symbolic processes ( P ; Φ ; D ; tr ) Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 8 / 20
Introduction Model Big Picture Differentiation Conclusion Symbolic Calculus - 2 Semantics: ν w . out ( c , X ) ( { [ T ] . out ( c , m ) . P } ] P ; Φ ; D ; tr ) � � � � � � � ! s ( { P } ] P ; Φ [ { w B m } ; D [ { T } ; tr . ν w . out ( c , X )) if w fresh in φ in ( c , X ) ( { [ T ] . in ( c , x ) . P } ] P ; Φ ; D ; tr ) � � � � ! s ( P ; Φ ; D [ { T ; ( X B x ); ( fv ? ( X ) : dom ( Φ )) } ; tr . in ( c , X )) Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 9 / 20
Introduction Model Big Picture Differentiation Conclusion Symbolic Calculus - 2 Semantics: ν w . out ( c , X ) ( { [ T ] . out ( c , m ) . P } ] P ; Φ ; D ; tr ) � � � � � � � ! s ( { P } ] P ; Φ [ { w B m } ; D [ { T } ; tr . ν w . out ( c , X )) if w fresh in φ in ( c , X ) ( { [ T ] . in ( c , x ) . P } ] P ; Φ ; D ; tr ) � � � � ! s ( P ; Φ ; D [ { T ; ( X B x ); ( fv ? ( X ) : dom ( Φ )) } ; tr . in ( c , X )) Symbolic equivalence ! s A 0 8 Θ 2 S ol ( Φ A 0 , D A 0 ) , 9 B 0 B s s A ⇡ s B ( ) 8 A � � ! s B 0 , Θ 2 S ol ( Φ B 0 , D B 0 ) and Φ A 0 ⇠ Φ B 0 and conversely. Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 9 / 20
Introduction Model Big Picture Differentiation Conclusion Outline Introduction 1 Model 2 Big Picture 3 Differentiation 4 Conclusion 5 Lucca Hirschi FOSAD 2013: Reducing search space for trace equivalence checking 10 / 20
Recommend
More recommend