版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)
文檔簡(jiǎn)介
網(wǎng)絡(luò)安全認(rèn)證協(xié)議形式化分析2021/6/101網(wǎng)絡(luò)安全認(rèn)證協(xié)議形式化分析2021/6/101OrganizationIntroductionRelatedWorkFormalSystemNotationIntrudersAlgorithmicKnowledgeLogicVerificationUsingSPIN/PromelaConclusion2021/6/102OrganizationIntroduction2021/Introduction
Cryptographicprotocolsareprotocolsthatusecryptographytodistributekeysandauthenticateprincipalsanddataoveranetwork.Formalmethods,acombinationofamathematicalorlogicalmodelofasystemanditsrequirements,togetherwithaneffectiveprocedurefordeterminingwhetheraproofthatasystemsatisfiesitsrequirementsiscorrect.Model;Requirement(Specification);Verification.
2021/6/103Introduction2021/6/103Introduction
(cont.)Incryptographicprotocols,itisverycrucialtoensure:Messagesmeantforaprincipalcannotberead/accessedbyothers(secrecy);Guaranteegenuinenessofthesenderofthemessage(authenticity);Integrity;Non-Repudiation(NRO,NRR);Fairness,etc.
2021/6/104Introduction(cont.)IncryptoRelatedWorkTechniquesofverifyingsecuritypropertiesofthecryptographicprotocolscanbebroadlycategorized:methodsbasedonbelieflogics(BANLogic)π-calculusbasedmodelsstatemachinemodels(ModelChecking)
Modelcheckingadvantages(comparewiththeoryproving):automatic;counterexampleifviolationUseLTL(Lineartemporallogic)tospecifyproperties
FDR(Lowe);Mur(Mitchell);
Interrogator(Millen);Brutus(Marrero)
SPIN(Hollzmann)theoremproverbasedmethods(NRL,Meadows)methodsbasedonstatemachinemodelandtheoremprover(Athena,Dawn)TypecheckingISCAS,LOIS,…(inChina)2021/6/105RelatedWorkTechniquesofveriNotation(1)Messages
a
∈Atom::=C|N|k|
m
∈
Msg::=a|m?
m|{m}k(2)Contain
Relationship(?)m?a?m=am?m1?m2
?m=m1?m2∨m?m1∨m?m2m?{m1}k
?m={m1}k
∨m?m1Submessage:sub-msgs(m)?{m’∈
Msg|
m’?m}
2021/6/106Notation(1)Messages2021/6/106Notation(3)Derivation(?,Dolev-Yaomodel)
m∈B?B?mB?m∧B?m’?B?m?m’(pairing)B?m?m’?B?m∧B?m’(projection)B?m∧B?k?B?{m}k(encryption)B?{m}k
∧B?k-1
?B?m(decryption)2021/6/107Notation(3)Derivation(?,DolNotation(4)
Properties
Lemma1.
B?m∧B?B’?B’?m
Lemma2.B?m’∧B∪{m’}?m?B?m
Lemma3.
B?m∧X?m∧B?X?(Y:Y∈
sub-msgs(m):X?Y∧B?Y)∧(b:b∈B:Y?b)∧(Z,k:Z∈Msg∧k
∈
Key:Y={Z}k∧B?k-1)Lemma4.
(k,b:k∈Key∧b∈B:k?b∧A?k∧A∪B?k)∨(z:z∈
sub-msgs(x):a?z∧A?z)∨(b:b∈B:a?b∧A?a)2021/6/108Notation(4)Properties2021/6LogicofAlgorithmicKnowledgeDefinition1.PrimitivepropositionsP0sforsecurity:p,q∈
P0s::=sendi(m)Principalisentmessagemrecvi(m)Principalireceivedmessagemhasi(m)Principalihasmessagem2021/6/109LogicofAlgorithmicKnowledgeLogicofAlgorithmicKnowledgeDefinition2.AninterpretedsecuritysystemS=(R,∏R),where∏Risasystemforsecurityprotocols,and∏RisthefollowinginterpretationoftheprimitivepropositionsinR.
∏R(r,m)(sendi(m))=trueiff
jsuchthatsend(j,m)∈
ri(m)
∏R(r,m)(recvi(m))=trueiffrecv(m)∈
ri(m)
∏R(r,m)(hasi(m))=trueiffm’suchthatm?m’andrecv(m’)∈
ri(m)2021/6/1010LogicofAlgorithmicKnowledgeLogicofAlgorithmicKnowledgeDefinition3.Aninterpretedalgorithmicsecuritysystem(R,∏R,A1,A2,…,An),whereRisasecuritysystem,and∏RistheinterpretationinR,Aiisaknowledgealgorithmforprincipali.
2021/6/1011LogicofAlgorithmicKnowledgeAlgorithmknowledgelogic
AiDY(hasi(m),l)?K=keyof(l)foreachrecv(m’)inldoifsubmsg(m,m’,K)thenreturn“Yes”return“No”submsg(m,m’,K)?ifm=m’thenreturntrueifm’is{m1}kandk-1∈
Kthenreturnsubmsg(m,m1,K)ifm’ism1.m2thenreturnsubmsg(m,m1,K)∨submsg(m,m2,K)returnfalse2021/6/1012AlgorithmknowledgelogicAiDYCont.getkeys(m,K)?ifm∈
Keythenreturn{m}ifm’is{m1}kandk-1∈
Kthenreturngetkeys(m1,K)ifm’ism1.m2thenreturngetkeys(m1,K)∪getkeys(m2,K)return{}keysof(l)?K←initkeys(l)loopuntilnochangeinKk←∪getkeys(m,K)(whenrecv(m)∈
l)returnK2021/6/1013Cont.getkeys(m,K)?ifm∈KeVerificationUsingSPIN/PromelaSPINisahighlysuccessfulandwidelyusedsoftwaremodel-checkingsystembasedon"formalmethods"fromComputerScience.Ithasmadeadvancedtheoreticalverificationmethodsapplicabletolargeandhighlycomplexsoftwaresystems.InApril2002thetoolwasawardedtheprestigiousSystemSoftwareAwardfor2001bytheACM.SPINusesahighlevellanguagetospecifysystemsdescriptions,includingprotocols,calledPromela(PROcessMEtaLAnguage).
2021/6/1014VerificationUsingSPIN/PromelBAN-YahalomProtocol
[1]A→B:A,Na[2]B→S:B,Nb,{A,Na}Kbs[3]S→A:Nb,{B,Kab,Na}Kas,{A,Kab,Nb}Kbs[4]A→B:{A,Kab,Nb}Kbs,{Nb}Kab2021/6/1015BAN-YahalomProtocol2021/6/10Attack1
(intruderimpersonatesBobtoAlice)α.1A→I(B):A,Naβ.1I(B)→A:B,Naβ.2A→I(S):A,Na’,{B,Na}Kasγ.2I(A)→S:A,Na,{B,Na}Kasγ.3S→I(B):Na,{A,Kab,Na}Kas,{B,Kab,Na}Kbsα.3I(S)→A:Ne,{B,Kab,Na}Kas,{A,Kab,Na}Kbsα.4A→I(B):{A,Kab,Nb}Kbs,{Ne}Kab
2021/6/1016Attack1(intruderimpersonateAttack2
(intruderimpersonatesAlice)α.1A→B:A,Naα.2B→S:B,Nb,{A,Na}Kbsβ.1I(A)→B:A,(Na,Nb)β.2B→I(S):B,Nb’,{A,Na,Nb}Kas
α.3(Omitted)α.4I(A)→B:{A,Na,Nb}Kbs,{Nb}Na
2021/6/1017Attack2(intruderimpersonateAttack3α.1A→B:A,Naα.2B→S:B,Nb,{A,Na}Kbsβ.1I(B)→A:B,Nbβ.2A→I(S):A,Na’,{B,Nb}Kasγ.2I(A)→S:A,Na,{B,Nb}Kasβ.3S→I(B):Na,{A,Kab’,Nb}Kbs,{B,Kab’,Na}Kasδ.3I(S)→A:Nb,{B,Kab’,Na}Kas,{A,Kab’,Nb}Kbsα.4A→B:{A,Kab’,Nb}Kbs,{Nb}Kab’2021/6/1018Attack3α.1A→B:A,Na2021/6/Optimizationstrategies
UsingstaticanalysisandsyntacticalreorderingtechniquesThetwotechniquesareillustratedusingBAN-Yahalomverificationmodelasthebenchmark.describethemodelasOriginalversiontowhichstaticanalysisandthesyntacticalreorderingtechniquesarenotapplied,thestaticanalysistechniqueisonlyusedasFixedversion(1),boththestaticanalysisandthesyntacticalreorderingtechniquesareusedasFixedversion(2).2021/6/1019Optimizationstrategies2021ExperimentalresultsshowtheeffectivenessProtocolModelConfigurationWithtypeflawsNotypeflawsStatesTrans.StatesTrans.Originalversion15802065549697Fixedversion(1)7121690405379Fixedversion(2)4335122252432021/6/1020ExperimentalresultsshowtheNeedham-SchroederAuthenticationProtocol
2021/6/1021Needham-SchroederAuthenticatiAttacktoN-SProtocol(foundbySPIN)2021/6/1022AttacktoN-SProtocol(foundConclusionbasedonalogicofknowledgealgorithm,aformaldescriptionoftheintrudermodelunderDolev-Yaomodelisconstructed;astudyonverifyingthesecurityprotocolsfollowingaboveusingmodelcheckerSPIN,andthreeattackshavebeenfoundsuccessfullyinonlyonegeneralmodelaboutBAN-Yahalomprotocol;somesearchstrategiessuchasstaticanalysisandsyntacticalreorderingareappliedtoreducethemodelcheckingcomplexityandtheseapproacheswillbenefittheanalysisofmoreprotocols.ScalibilityInanycase,havingalogicwherewecanspecifytheabilitiesofintrudersisanecessaryprerequisitetousingmodel-checkingtechniques.
2021/6/1023Conclusionbasedonalogicof
Thanks!2021/6/10242021/6/1024問(wèn)題解答?2021/6/1025問(wèn)題解答?2021/6/1025網(wǎng)絡(luò)安全認(rèn)證協(xié)議形式化分析2021/6/1026網(wǎng)絡(luò)安全認(rèn)證協(xié)議形式化分析2021/6/101OrganizationIntroductionRelatedWorkFormalSystemNotationIntrudersAlgorithmicKnowledgeLogicVerificationUsingSPIN/PromelaConclusion2021/6/1027OrganizationIntroduction2021/Introduction
Cryptographicprotocolsareprotocolsthatusecryptographytodistributekeysandauthenticateprincipalsanddataoveranetwork.Formalmethods,acombinationofamathematicalorlogicalmodelofasystemanditsrequirements,togetherwithaneffectiveprocedurefordeterminingwhetheraproofthatasystemsatisfiesitsrequirementsiscorrect.Model;Requirement(Specification);Verification.
2021/6/1028Introduction2021/6/103Introduction
(cont.)Incryptographicprotocols,itisverycrucialtoensure:Messagesmeantforaprincipalcannotberead/accessedbyothers(secrecy);Guaranteegenuinenessofthesenderofthemessage(authenticity);Integrity;Non-Repudiation(NRO,NRR);Fairness,etc.
2021/6/1029Introduction(cont.)IncryptoRelatedWorkTechniquesofverifyingsecuritypropertiesofthecryptographicprotocolscanbebroadlycategorized:methodsbasedonbelieflogics(BANLogic)π-calculusbasedmodelsstatemachinemodels(ModelChecking)
Modelcheckingadvantages(comparewiththeoryproving):automatic;counterexampleifviolationUseLTL(Lineartemporallogic)tospecifyproperties
FDR(Lowe);Mur(Mitchell);
Interrogator(Millen);Brutus(Marrero)
SPIN(Hollzmann)theoremproverbasedmethods(NRL,Meadows)methodsbasedonstatemachinemodelandtheoremprover(Athena,Dawn)TypecheckingISCAS,LOIS,…(inChina)2021/6/1030RelatedWorkTechniquesofveriNotation(1)Messages
a
∈Atom::=C|N|k|
m
∈
Msg::=a|m?
m|{m}k(2)Contain
Relationship(?)m?a?m=am?m1?m2
?m=m1?m2∨m?m1∨m?m2m?{m1}k
?m={m1}k
∨m?m1Submessage:sub-msgs(m)?{m’∈
Msg|
m’?m}
2021/6/1031Notation(1)Messages2021/6/106Notation(3)Derivation(?,Dolev-Yaomodel)
m∈B?B?mB?m∧B?m’?B?m?m’(pairing)B?m?m’?B?m∧B?m’(projection)B?m∧B?k?B?{m}k(encryption)B?{m}k
∧B?k-1
?B?m(decryption)2021/6/1032Notation(3)Derivation(?,DolNotation(4)
Properties
Lemma1.
B?m∧B?B’?B’?m
Lemma2.B?m’∧B∪{m’}?m?B?m
Lemma3.
B?m∧X?m∧B?X?(Y:Y∈
sub-msgs(m):X?Y∧B?Y)∧(b:b∈B:Y?b)∧(Z,k:Z∈Msg∧k
∈
Key:Y={Z}k∧B?k-1)Lemma4.
(k,b:k∈Key∧b∈B:k?b∧A?k∧A∪B?k)∨(z:z∈
sub-msgs(x):a?z∧A?z)∨(b:b∈B:a?b∧A?a)2021/6/1033Notation(4)Properties2021/6LogicofAlgorithmicKnowledgeDefinition1.PrimitivepropositionsP0sforsecurity:p,q∈
P0s::=sendi(m)Principalisentmessagemrecvi(m)Principalireceivedmessagemhasi(m)Principalihasmessagem2021/6/1034LogicofAlgorithmicKnowledgeLogicofAlgorithmicKnowledgeDefinition2.AninterpretedsecuritysystemS=(R,∏R),where∏Risasystemforsecurityprotocols,and∏RisthefollowinginterpretationoftheprimitivepropositionsinR.
∏R(r,m)(sendi(m))=trueiff
jsuchthatsend(j,m)∈
ri(m)
∏R(r,m)(recvi(m))=trueiffrecv(m)∈
ri(m)
∏R(r,m)(hasi(m))=trueiffm’suchthatm?m’andrecv(m’)∈
ri(m)2021/6/1035LogicofAlgorithmicKnowledgeLogicofAlgorithmicKnowledgeDefinition3.Aninterpretedalgorithmicsecuritysystem(R,∏R,A1,A2,…,An),whereRisasecuritysystem,and∏RistheinterpretationinR,Aiisaknowledgealgorithmforprincipali.
2021/6/1036LogicofAlgorithmicKnowledgeAlgorithmknowledgelogic
AiDY(hasi(m),l)?K=keyof(l)foreachrecv(m’)inldoifsubmsg(m,m’,K)thenreturn“Yes”return“No”submsg(m,m’,K)?ifm=m’thenreturntrueifm’is{m1}kandk-1∈
Kthenreturnsubmsg(m,m1,K)ifm’ism1.m2thenreturnsubmsg(m,m1,K)∨submsg(m,m2,K)returnfalse2021/6/1037AlgorithmknowledgelogicAiDYCont.getkeys(m,K)?ifm∈
Keythenreturn{m}ifm’is{m1}kandk-1∈
Kthenreturngetkeys(m1,K)ifm’ism1.m2thenreturngetkeys(m1,K)∪getkeys(m2,K)return{}keysof(l)?K←initkeys(l)loopuntilnochangeinKk←∪getkeys(m,K)(whenrecv(m)∈
l)returnK2021/6/1038Cont.getkeys(m,K)?ifm∈KeVerificationUsingSPIN/PromelaSPINisahighlysuccessfulandwidelyusedsoftwaremodel-checkingsystembasedon"formalmethods"fromComputerScience.Ithasmadeadvancedtheoreticalverificationmethodsapplicabletolargeandhighlycomplexsoftwaresystems.InApril2002thetoolwasawardedtheprestigiousSystemSoftwareAwardfor2001bytheACM.SPINusesahighlevellanguagetospecifysystemsdescriptions,includingprotocols,calledPromela(PROcessMEtaLAnguage).
2021/6/1039VerificationUsingSPIN/PromelBAN-YahalomProtocol
[1]A→B:A,Na[2]B→S:B,Nb,{A,Na}Kbs[3]S→A:Nb,{B,Kab,Na}Kas,{A,Kab,Nb}Kbs[4]A→B:{A,Kab,Nb}Kbs,{Nb}Kab2021/6/1040BAN-YahalomProtocol2021/6/10Attack1
(intruderimpersonatesBobtoAlice)α.1A→I(B):A,Naβ.1I(B)→A:B,Naβ.2A→I(S):A,Na’,{B,Na}Kasγ.2I(A)→S:A,Na,{B,Na}Kasγ.3S→I(B):Na,{A,Kab,Na}Kas,{B,Kab,Na}Kbsα.3I(S)→A:Ne,{B,Kab,Na}Kas,{A,Kab,Na}Kbsα.4A→I(B):{A,Kab,Nb}Kbs,{Ne}Kab
2021/6/1041Attack1(intruderimpersonateAttack2
(intruderimpersonatesAlice)α.1A→B:A,Naα.2B→S:B,Nb,{A,Na}Kbsβ.1I(A)→B:A,(Na,Nb)β.2B→I(S):B,Nb’,{A,Na,Nb}Kas
α.3(Omitted)α.4I(A)→B:{A,Na,Nb}Kbs,{Nb}Na
2021/6/1042Attack2(intruderimpersonateAttack3α.1A→B:A,Naα.2B→S:B,Nb,{A,Na}Kbsβ.1I(B)→A:B,Nbβ.2A→I(S):A,Na’,{B,Nb}Kasγ.2I(A)→S:A,Na,{B,Nb}Kasβ.3S→I(B):Na,{A,Kab’,Nb}Kbs,{B,Kab’,Na}Kasδ.3I(S)→A:Nb,{B,Kab’,Na}Kas,{A,Kab’,Nb}Kbsα.4A→B:{A,Kab’,Nb}Kbs,{Nb}Kab’2021/6/1043Attack3α.1A→B:A,Na2021/6/Optimizationstrate
溫馨提示
- 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
- 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
- 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
- 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。
最新文檔
- unit5(進(jìn)階作業(yè))2024-2025學(xué)年六年級(jí)上冊(cè) 英語(yǔ) 人教版
- 廢棄建筑材料回收利用行業(yè)發(fā)展方向及匹配能力建設(shè)研究報(bào)告
- 2023年優(yōu)湃能源科技(廣州)有限公司招聘考試試題及答案
- 2023年溫州甌海城市建設(shè)投資集團(tuán)招聘筆試真題
- 2023年平?jīng)龀缧趴h縣政府部門事業(yè)單位工作人員筆試真題
- 2023年紅河黃岡實(shí)驗(yàn)學(xué)校招聘教師教師筆試真題
- 2023年安福縣城控投資集團(tuán)有限公司社會(huì)招聘筆試真題
- 廢物焚燒處理行業(yè)的消費(fèi)市場(chǎng)分析
- 2024年?yáng)|莞駕校資格證模擬考試題
- 2024年拉薩客運(yùn)從業(yè)資格證考試答題模板
- 手術(shù)切口等級(jí)分類標(biāo)準(zhǔn)
- 小學(xué)語(yǔ)文新課程標(biāo)準(zhǔn)(2022版)測(cè)試題題庫(kù)及答案
- 漢語(yǔ)與日語(yǔ)量詞的對(duì)比
- 大班-數(shù)學(xué)-分禮物-課件(互動(dòng)版)
- 兒科醫(yī)生進(jìn)修自我鑒定(4篇)
- 2024年國(guó)家普通話水平測(cè)試試題(單音字節(jié)+多音字節(jié))
- 2024年政府工作報(bào)告基礎(chǔ)知識(shí)試題及答案(100題)
- 《幼兒園講石油》課件3
- 停車費(fèi)收條模板
- 2018通信工程師中級(jí)考試終端與業(yè)務(wù)務(wù)實(shí)真題及答案
- 23秋國(guó)家開(kāi)放大學(xué)《法律職業(yè)倫理》形考任務(wù)1-3參考答案
評(píng)論
0/150
提交評(píng)論