yapa a generic tool for computing intruder knowledge
play

YAPA: A generic tool for computing intruder knowledge Mathieu Baudet - PowerPoint PPT Presentation

Apr 09, 2024 •341 likes •763 views

YAPA: A generic tool for computing intruder knowledge Mathieu Baudet 1 eronique Cortier 2 and St ephanie Delaune 3 Joint work with V 1 DCSSI, France 2 LORIA, CNRS & INRIA project Cassis, France 3 LSV, ENS Cachan & CNRS & INRIA,

  1. YAPA: A generic tool for computing intruder knowledge Mathieu Baudet 1 eronique Cortier 2 and St´ ephanie Delaune 3 Joint work with V´ 1 DCSSI, France 2 LORIA, CNRS & INRIA project Cassis, France 3 LSV, ENS Cachan & CNRS & INRIA, France RTA’2009, Braz´ ılia, June 29. 1 / 41

  2. Content of the talk 1 Motivations Why study static equivalence ? Why a new tool ? 2 Results Overview of the procedure Examples Proving termination and non-failure 3 Conclusion 2 / 41

  3. Motivations Content of the talk 1 Motivations Why study static equivalence ? Why a new tool ? 2 Results Overview of the procedure Examples Proving termination and non-failure 3 Conclusion 3 / 41

  4. Motivations Why study static equivalence ? Static equivalence (teaser) 1 A useful logical tool for security protocols. 2 A nice and general algebraic notion. 4 / 41

  5. Motivations Why study static equivalence ? Algebraic framework • Consider a set F pub of first-order symbols f : s × · · · × s → s . (Single sort s assumed for simplicity.) • A F pub -algebra is a set A together with functions f A : A × · · · × A → A . • Standard definitions : F pub -morphisms, generated sub-algebras F pub [ S ] ⊆ A , free algebra F pub [ X ], . . . 5 / 41

  6. Motivations Why study static equivalence ? Static equivalence (algebraic definition) • Consider the tuples ϕ = ( t 1 , . . . , t n ) in A n , also called frames and written ϕ = { w 1 ⊲ t 1 , . . . , w n ⊲ t n } . • A formal equation on A n is a pair M 1 ⊲ ⊳ M 2 where M 1 , M 2 ∈ F pub [w 1 , . . . , w n ] are terms built upon special constants w i . 6 / 41

  7. Motivations Why study static equivalence ? Static equivalence (algebraic definition) • Consider the tuples ϕ = ( t 1 , . . . , t n ) in A n , also called frames and written ϕ = { w 1 ⊲ t 1 , . . . , w n ⊲ t n } . • A formal equation on A n is a pair M 1 ⊲ ⊳ M 2 where M 1 , M 2 ∈ F pub [w 1 , . . . , w n ] are terms built upon special constants w i . Definition Two frames ϕ 1 and ϕ 2 in A n are statically equivalent (from [Abadi and Fournet, 2001]), written ϕ 1 ≈ ϕ 2 , iff eq( ϕ 1 ) = eq( ϕ 2 ) where eq( ϕ ) = { M 1 ⊲ ⊳ M 2 | M 1 ϕ = A M 2 ϕ } . 7 / 41

  8. Motivations Why study static equivalence ? A mathematical example Example Let n = 1, A = C and the terms M ∈ Q [w 1 ] be rational polynomials with single variable w 1 . We have ϕ 1 ≈ ϕ 2 iff ϕ 1 and ϕ 2 are both transcendental or are conjugated elements (i.e. have the same minimal polynomial over Q ). √ √ For instance, π ≈ e and 2 ≈ − 2. We are currently investigating further links with the fundamentals of algebraic geometry. (Ask me for more details !) 8 / 41

  9. Motivations Why study static equivalence ? Back to logics and security protocols I • We are interested in modeling cryptographic messages : we let A be an F -algebra of ground terms taken modulo an equational theory E, where F pub � F . • Typically, the symbols in F − F pub are free constants modeling secret keys or random numbers. • E is generated by a finite set of equations modeling the cryptographic primitives. 9 / 41

  10. Motivations Why study static equivalence ? Back to logics and security protocols II • Static equivalence models indistinguishability between messages from an attacker’s point of view. • Another classical problem is deducibility : Given ϕ ∈ A n and t ∈ A , does there exist M ∈ F pub [ w 1 , . . . , w n ] such that M ϕ = A t ? N.B. Such an M is often called a recipe of t . 10 / 41

  11. Motivations Why study static equivalence ? Example : deterministic symmetric encryption • M ∈ F pub [ w 1 , . . . , w n ] (recipes) ::= w i | enc( M 1 , M 2 ) | dec( M 1 , M 2 ) • t ∈ F [ ∅ ] ::= k j | enc( t 1 , t 2 ) | dec( t 1 , t 2 ) (plain terms) • Let E be generated by dec(enc( x , y ) , y ) = x . • Consider ϕ 1 = { w 1 ⊲ enc(k 1 , k 2 ) , w 2 ⊲ k 2 } (frames) and ϕ 2 = { w 1 ⊲ enc(k 1 , k 2 ) , w 2 ⊲ k 3 } . • We have ϕ 1 �≈ E ϕ 2 ( ϕ 1 , ϕ 2 not E-equivalent) because enc(dec( w 1 , w 2 ) , w 2 ) ϕ 1 = E w 1 ϕ 1 but enc(dec( w 1 , w 2 ) , w 2 ) ϕ 2 � = E w 1 ϕ 2 11 / 41

  12. Motivations Why study static equivalence ? Equational approach to security protocols I • Similar equational settings used in popular specification languages such as the applied pi calculus [Abadi and Fournet, 2001], or Proverif’s language [Blanchet, 2001, Blanchet et al., 2008]. • Studying full protocols requires a more general notion of observational equivalence. 12 / 41

  13. Motivations Why study static equivalence ? Equational approach to security protocols II • Proof techniques for observational equivalence include – labelled bisimulations built on the top of static equivalence [Abadi and Fournet, 2001], – and symbolic semantics based on a generalization of static equivalence [Baudet, 2005, Delaune et al., 2007]. • Static equivalence also applied to characterize guessing attacks [Corin et al., 2004, Baudet, 2005] • Correspondance between static equivalence and cryptographic (a.k.a. computational) indistinguishability investigated in several papers, e.g. [Abadi et al., 2006]. 13 / 41

  14. Motivations Why a new tool ? More equational theories I • More involved examples of cryptographic equational theories include (see e.g. [Cortier et al., 2006]) – public-key encryption : pdec(penc( x , pub( y ) , z ) , y ) = x – signatures : checksign(sign( x , y ) , pub( y )) = ok 14 / 41

  15. Motivations Why a new tool ? More equational theories I • More involved examples of cryptographic equational theories include (see e.g. [Cortier et al., 2006]) – public-key encryption : pdec(penc( x , pub( y ) , z ) , y ) = x – signatures : checksign(sign( x , y ) , pub( y )) = ok – XOR symbol : AC [ ⊕ ] x ⊕ x = 0 – XOR-homomorphic symbols : h ( x ⊕ y ) = h ( x ) ⊕ h ( y ) ( g x ) y = ( g y ) x – Diffie-Hellman exponents : 15 / 41

  16. Motivations Why a new tool ? More equational theories I • More involved examples of cryptographic equational theories include (see e.g. [Cortier et al., 2006]) – public-key encryption : pdec(penc( x , pub( y ) , z ) , y ) = x – signatures : checksign(sign( x , y ) , pub( y )) = ok – XOR symbol : AC [ ⊕ ] x ⊕ x = 0 – XOR-homomorphic symbols : h ( x ⊕ y ) = h ( x ) ⊕ h ( y ) ( g x ) y = ( g y ) x – Diffie-Hellman exponents : – pair-homomorphic encryption : . . . enc( � x , y � , z ) = � enc( x , z ) , enc( y , z ) � – prefix-homomorphic encryption : . . . pref(enc( � x , y � , z )) = enc( x , z ) – blind signatures : checksign(sign( x , y ) , pub( y )) = ok unblind(blind( x , y ) , y ) = x unblind(sign(blind( x , y ) , z ) , y ) = sign( x , z ) 16 / 41

  17. Motivations Why a new tool ? More equational theories II • Each of these theories yields new deduction and static-equivalence problems to decide. • So far the only applicable tool to static equivalence has been Proverif [Blanchet et al., 2008], but it does not make use of the specialized, existing decision procedures for static equivalence [Abadi and Cortier, 2006, Cortier and Delaune, 2007]. 17 / 41

  18. Motivations Why a new tool ? Our contributions Focusing on theories E generated by convergent rewrite systems R : • We present a uniform procedure for deducibility and static equivalence, that is – sound and complete, up to explicit failure cases, – provably non failing on a syntactic class of theories called layered , – “as much terminating as possible” in non-failing cases (termination implied by finite representation of deducible terms). • We provide an efficient Ocaml implementation : http://www.lsv.ens-cachan.fr/~baudet/yapa/ 18 / 41

  19. Results Content of the talk 1 Motivations Why study static equivalence ? Why a new tool ? 2 Results Overview of the procedure Examples Proving termination and non-failure 3 Conclusion 19 / 41

  20. Results Overview of the procedure Overview of the procedure I • We saturate a set of deduction facts Φ = { M i ⊲ t i } and a set of visible equations Ψ = {∀ x . M j ⊲ ⊳ N j } by ⇒ st ′ . means of transformation rules st = • The initial state Init( ϕ ) is (roughly) (Φ 0 , Ψ 0 ) ≃ ( ϕ ↓ R , ∅ ). • The final state is either ⊥ (failure) or a saturated state (Φ 1 , Ψ 1 ) (success). 20 / 41

  21. Results Overview of the procedure Overview of the procedure II • Saturated states are finite syntactic representations of the sets of deducible terms and equations of the initial frame ϕ . Theorem (soundness and completeness) ⇒ ∗ (Φ , Ψ) is saturated, then If Init( ϕ ) = 1 For all recipes M and ground terms t, M ϕ = E t ⇔ ∃ N s.t. Ψ ⊢ M ⊲ ⊳ N and N ⊲ Φ t ↓ R 2 For all recipes M and N, M ϕ = E N ϕ ⇔ Ψ ⊢ M ⊲ ⊳ N. � M = C [ M 1 , . . . , M n ] where M ⊲ Φ t ⇔ ∃ C , { M i ⊲ t i } ⊆ Φ , . t = C [ t 1 , . . . , t n ] 21 / 41

  22. Results Overview of the procedure Overview of the procedure III ⇒ ∗ (Φ i , Ψ i ), it is easy to From saturated states Init( ϕ i ) = deduce procedures to check whether (i) t is deducible from ϕ 1 , that is : t ↓ R ∈ F pub [im(Φ 1 )] (ii) eq E ( ϕ 1 ) ⊆ eq E ( ϕ 2 ), that is : for all ( ∀ x . M ⊲ ⊳ N ) ∈ Ψ 1 , ( M ϕ 2 ) ↓ R = ( N ϕ 2 ) ↓ R . 22 / 41

Recommend

Test Anxiety: The Silent Intruder, William B. Daigle, Ph.D. Test Anxiety The Silent Intruder

Test Anxiety: The Silent Intruder, William B. Daigle, Ph.D. Test Anxiety The Silent Intruder

Test Anxiety: The Silent Intruder, William B. Daigle, Ph.D. Test Anxiety The Silent Intruder Resources; St. Gerard Majella Catholic School, March 6, 2010 William B. Daigle, Ph.D. 8748 Quarters Lake Road Baton Rouge, LA 70809 (225)

91 views • 5 slides
Wide Area Network Programming q x q Pn Knowledge Intruder P1 Non-Functional Aspects

Wide Area Network Programming q x q Pn Knowledge Intruder P1 Non-Functional Aspects

1.1k views • 98 slides
Intruder on Campus Drills ALICE Training Grade 4-6 Student Information You are Safe Here

Intruder on Campus Drills ALICE Training Grade 4-6 Student Information You are Safe Here

Intruder on Campus Drills ALICE Training Grade 4-6 Student Information You are Safe Here Trainings Cameras Drills Fire Weather Evacuations (on and off site) Intruder on Campus Intruder on Campus What we will do if a

711 views • 13 slides
Sri Lanka Infrastructure Financing Policies and Opportunities Eng. Mangala P.B. Yapa Member,

Sri Lanka Infrastructure Financing Policies and Opportunities Eng. Mangala P.B. Yapa Member,

Sri Lanka Infrastructure Financing Policies and Opportunities Eng. Mangala P.B. Yapa Member, Board of Directors COUNTRY PROFILE Island Nation of 65,000 Sq. Kilometers (6-times of Singapore) Air Routes Population of 20.2 Million

243 views • 10 slides
1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

1 Definition of a simple generic class Why generic programming (cont.) class Pair <T> {

Topics background and goals of generic programming basics of generic classes = parameterized types generic methods for general algorithms inheritance rules for generic types Generic programming in Java bounded type parameters

261 views • 5 slides
Parallel Computing in R and Simulations on the Cluster Computing Club April 30, 2019 Lamar Hunt

Parallel Computing in R and Simulations on the Cluster Computing Club April 30, 2019 Lamar Hunt

Parallel Computing in R and Simulations on the Cluster Computing Club April 30, 2019 Lamar Hunt Background Brand and Generic drugs are generally considered equivalent, however, the FDA does not require generic drug producers to

572 views • 18 slides
Generic programming in Haskell Bo Simonsen bo@geekworld.dk Department of Computing The

Generic programming in Haskell Bo Simonsen bo@geekworld.dk Department of Computing The

Outline Introduction Generic programming References Generic programming in Haskell Bo Simonsen bo@geekworld.dk Department of Computing The University of Copenhagen June 6, 2008 Outline Introduction Generic programming References

376 views • 14 slides
Intruder on Campus Drills ALICE Training Grade K-3 Student Information You are Safe Here

Intruder on Campus Drills ALICE Training Grade K-3 Student Information You are Safe Here

Intruder on Campus Drills ALICE Training Grade K-3 Student Information You are Safe Here Trainings Cameras Drills Fire Weather Evacuations (on and off site) Intruder on Campus A Better Way to Stay Safe My goal is for

690 views • 11 slides
Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs

Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs

Knowledge Model Basics Challenges in knowledge modeling Basic knowledge-modeling constructs Comparison to general software analysis Knowledge model specialized tool for specification of knowledge- intensive tasks abstracts from

758 views • 44 slides
Generic Programming with Adjunctions Ralf Hinze Computing Laboratory, University of Oxford

Generic Programming with Adjunctions Ralf Hinze Computing Laboratory, University of Oxford

Generic Programming with Adjunctions 0.0 Generic Programming with Adjunctions Ralf Hinze Computing Laboratory, University of Oxford Wolfson Building, Parks Road, Oxford, OX1 3QD, England ralf.hinze@comlab.ox.ac.uk

2.01k views • 172 slides
A generic ROOT monitoring tool for EUDAQ2 L. Forthomme (Helsinki Institute of Physics) on behalf

A generic ROOT monitoring tool for EUDAQ2 L. Forthomme (Helsinki Institute of Physics) on behalf

A generic ROOT monitoring tool for EUDAQ2 L. Forthomme (Helsinki Institute of Physics) on behalf of the CMS and TOTEM Collaborations 8th Beam Telescopes and Test Beam workshop, Tbilisi, Georgia January 27-31, 2020 L. Forthomme (Helsinki

377 views • 14 slides
Generic Methods 36 What are Generic Methods? Generic methods = methods that introduce type

Generic Methods 36 What are Generic Methods? Generic methods = methods that introduce type

Generic Methods 36 What are Generic Methods? Generic methods = methods that introduce type parameters Similar to declaring a generic type but type parameter's scope is limited to method where it is declared The following are

584 views • 6 slides
Terrorist & Violent Intruder Preparedness/Response Simplifying Your

Terrorist & Violent Intruder Preparedness/Response Simplifying Your

Terrorist & Violent Intruder Preparedness/Response Simplifying Your Response Based on A6acker Objec<ve Commonali<es www.intruderresponse.com Vaughn Baker Co-Founder Strategos

884 views • 52 slides
Layer Manufacturing as a Generic Tool for Microsystem Integration , Sjoerd Haasl 2 , Katrin

Layer Manufacturing as a Generic Tool for Microsystem Integration , Sjoerd Haasl 2 , Katrin

IVF Industrial Research and Development Corporation www.ivf.se Layer Manufacturing as a Generic Tool for Microsystem Integration , Sjoerd Haasl 2 , Katrin Persson 2 and Urban Harrysson 3 Per Johander 1 1 IVF- Industrial Research and Development

349 views • 20 slides
F LOW P ROPHET : Generic and Accurate Traffic Prediction for Data-parallel Cluster Computing Hao

F LOW P ROPHET : Generic and Accurate Traffic Prediction for Data-parallel Cluster Computing Hao

ICDCS15, Columbus, USA F LOW P ROPHET : Generic and Accurate Traffic Prediction for Data-parallel Cluster Computing Hao Wang 1,2 , Li Chen 2 , Kai Chen 2 , Ziyang Li 2,3 , Yiming Zhang 3 , Haibing Guan 1 , Zhengwei Qi 1 , Dongsheng Li 3 ,

943 views • 48 slides
What is it? Tool for computing CO 2 emissions from passenger air travel What is it used for?

What is it? Tool for computing CO 2 emissions from passenger air travel What is it used for?

What is it? Tool for computing CO 2 emissions from passenger air travel What is it used for? Knowing your aviation carbon footprint Can be used with offset programs Verification of reported emissions 3 Climate Neutrality

229 views • 10 slides
IT-SDC : Support for Distributed Computing 1 The problem Pick a number of generic

IT-SDC : Support for Distributed Computing 1 The problem Pick a number of generic

Dynamic Federations Storage federations for HTTP and WebDAV Fabrizio Furano (presenter) Adrien Devresse CERN IT-SDC IT-SDC : Support for Distributed Computing 1 The problem Pick a number of generic HTTP/WebDAV storage endpoints,

704 views • 47 slides
Best Management Practices - A Tool Not a Rule Jay Hesse and Becky Johnson Nez Perce Tribe

Best Management Practices - A Tool Not a Rule Jay Hesse and Becky Johnson Nez Perce Tribe

Best Management Practices - A Tool Not a Rule Jay Hesse and Becky Johnson Nez Perce Tribe "Knowledge is a tool, and like all tools, its impact is in the hands of the user(s) Dan Brown, The Lost Symbol Tool versus Rule Tool

334 views • 20 slides
CMPE 450/490 Capstone Project Intruder Alert System Jordan Tymburski

CMPE 450/490 Capstone Project Intruder Alert System Jordan Tymburski

CMPE 450/490 Capstone Project Intruder Alert System Jordan Tymburski Rachita Bhatia Motivation / Achievement An unmanned security system that will be able to detect intruders. Target audience: personal

495 views • 14 slides
Generic classes Declaration Use Annotations 54 Generic classes Declaration add

Generic classes Declaration Use Annotations 54 Generic classes Declaration add

Generic classes Declaration Use Annotations 54 Generic classes Declaration add generic types between angle brackets: public class MyStack < E,F >{ E item; } 55 Generic Classes Use MyStack<Integer> ms= new

273 views • 23 slides
Generic functional programming Basic idea: define generic functions by induction on the

Generic functional programming Basic idea: define generic functions by induction on the

A Hitchhikers Guide to the Universes (Universes for Generic Programs and Proofs) Marcin Benke Peter Dybjer Patrik Jansson Chalmers Technical University Main goals: extend generic programming to functional languages with dependent types

250 views • 10 slides
The Multi Intruder Brazil Nut Problem Supervisors: Heinrich M. Jaeger Sidney R. Nagel

The Multi Intruder Brazil Nut Problem Supervisors: Heinrich M. Jaeger Sidney R. Nagel

The Multi Intruder Brazil Nut Problem Supervisors: Heinrich M. Jaeger Sidney R. Nagel Matthias E. Mbius Detlef Lohse Internship Chicago, Summer 2002 Peter Eshuis Overview Intro to Granular Material (GM) Brazil Nut

408 views • 25 slides
Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter

Generic Programming in a Dependently Typed Language Generic proofs for generic programs Peter Morris pwm@cs.nott.ac.uk University of Nottingham Generic Programming in a Dependently Typed Language p. 1/12 This talk We introduce a

599 views • 45 slides
HPC Cloud A tool for research Floris Sluiter Project leader SARA computing & networking

HPC Cloud A tool for research Floris Sluiter Project leader SARA computing & networking

HPC Cloud A tool for research Floris Sluiter Project leader SARA computing & networking services SARA Project involvements HPC Cloud Philosophy HPC Cloud Computing: Self Service Dynamically Scalable Computing Facilities Cloud

679 views • 22 slides

More recommend