The Wolf Within - PowerPoint PPT Presentation
1 / 41
Title:
The Wolf Within
Description:
The Wolf Within. 8. What's in MSR 2.0 ? Multiset rewriting with existentials ... The Wolf Within. 18. The Dolev-Yao Intruder Model. Interpret incoming information ... – PowerPoint PPT presentation
Number of Views:51
Avg rating:3.0/5.0
Title: The Wolf Within
1
The Wolf Within
- Iliano Cervesato iliano_at_itd.nrl.navy.mil
- ITT Industries, Inc _at_ NRL Washington DC
- http//www.cs.stanford.edu/iliano/
2
Outline
Work in progress
- Protocol specification
- MSR in brief
- Data Access Specification
- Dolev-Yao intruder
- DAS ? DY Intruder
- Protocol Spec. ? DAS
3
Data Access vs. Attacker
Dataaccesspolicy
Intro. MSR DAS ? DY Spec. ? DAS
4
A 1D View
Strict language Implicit attacker
Lax language Explicit attacker
YOURLANGUAGEHERE
Intro. MSR DAS ? DY Spec. ? DAS
5
The Extremes
- Lax and Explicit
- Strict and Implicit
Expressible
Reasonable
Attackable
Expressible Reasonable Attackable
Intro. MSR DAS ? DY Spec. ? DAS
?
Provably emptyin MSR
6
Summary
- Strictness
- Self-contained
- Express what we want
- More complex
- Explicitness
- Accommodate weak attackers
- External
Intro. MSR DAS ? DY Spec. ? DAS
The option of explicitness is valuable
7
MSR
- Follows the Dolev-Yao abstraction
- Based on
- Multiset rewriting, linear logic
- Type theory
- Used to prove
- Undecidability of protocol verification
- Completeness of Dolev-Yao intruder
- Specifications
- So many protocols so little time
- Related to CIL, strands, spi-calculus
Intro. MSR DAS ? DY Spec. ? DAS Concl.
8
Whats in MSR 2.0 ?
- Multiset rewriting with existentials
- Dependent types w/ subsorting
- Memory predicates
- Constraints
New
New
Intro. MSR DAS ? DY Spec. ? DAS Concl.
New
9
Roles
- Genericroles
- Anchoredroles
Intro. MSR DAS ? DY Spec. ? DAS Concl.
10
Rules
Intro. MSR DAS ? DY Spec. ? DAS Concl.
- N(t) Network
- L(t, , t) Local state
- MA(t, , t) Memory
- c Constraints
- N(t) Network
- L(t, , t) Local state
- MA(t, , t) Memory
11
NS Initiator
A ? B nA, AkB B ? A nA, nBkA A ? B nBkB
Intro. MSR DAS ? DY Spec. ? DAS Concl.
12
NS Responder
A ? B nA, AkB B ? A nA, nBkA A ? B nBkB
?B
?L princ(B) x pubK B(kB) x privK kB x nonce.
Intro. MSR DAS ? DY Spec. ? DAS Concl.
13
Type Checking
New
? P
G t t
t has type t in G
P is well-typed in S
- Catches
- Encryption with a nonce
Intro. MSR DAS ? DY Spec. ? DAS Concl.
- Transmission of a long term key
- Circular key hierarchies,
14
Data Access Specification
New
? ? P
r is DAS-valid for A in G
G ?A r
P is DAS-valid in S
- Catches
- A signing/encrypting with Bs key
- A accessing Bs private data,
Intro. MSR DAS ? DY Spec. ? DAS Concl.
- Static and decidable
15
pictorially
s
a
ka
Intro. MSR DAS ? DY Spec. ? DAS Concl.
kb
16
An Overview of DAS
- Interpret incoming information
- Collect received data
- Access unknown data
- Construct outgoing information
- Generate data
- Use known data
- Access new data
- all along, verify access to data
Intro. MSR DAS ? DY Spec. ? DAS Concl.
17
Verifying a Rule
Context
Intro. MSR DAS ? DY Spec. ? DAS
G ?A lhs D G D ?A rhs G ?A lhs ? rhs
Role owner
18
The Dolev-Yao Intruder Model
- Interpret incoming information
- Collect received data
- Access unknown data
- Construct outgoing information
- Generate data
- Use known data
- Access new data
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
- Same operations as DAS!
19
Accessing Principal Names
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
20
What did we do?
- RHS data access
- Instantiate acting principal to I
- Accessed data ? Intruder knowledge
- Meta-variables ? Rule variables
- Context provides types
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
21
Checking it out Shared Keys
G, Aprinc, Bprinc, kshK A B ?A k
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
dual
22
Getting Confident Pub./Priv. Keys
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
23
Constructing Messages Pairs
G D ?A t1 G D ?A t2 G D ?A (t1, t2)
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
24
Now, what did we do?
- RHS message construction
- Instantiate acting principal to I
- Meta-variables ? Rule variables
- Premises ? antecedent
- Conclusion ? consequent
- Types from auxiliary typing derivation
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
25
Carrying on Shared-Key Encrypt.
G D ?A t G D ?A k G D ?A tk
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
Similar for public-key encryption
26
Generating Nonces
(G, xnonce) (D, x) ?A rhs G D ?A ?xnonce.
rhs
I
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
? ? ?xnonce. MI(x)
Similarly for other generated data
27
Now, what did we do?
- Data generation on the RHS
- Instantiate acting principal to I
- Auxiliary typing derivation gives types
- Remember generated object
- Follow knowledge acquisition flow
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
28
Accessing Shared Keys on the LHS
(G, kshK A B) D ?A k (D,k)
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
Similarly for other keys
29
Now, what did we do?
- LHS data access
- Instantiate acting principal to I
- Meta-variables ? Rule variables
- Types from auxiliary typing derivation
- Follow knowledge acquisition flow
- Remember generated object
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
Same target rules as for RHS data access
30
Interpreting Shared-Key Encrypt.
G D ?A k D G D ?A t D G D ?A
tk D
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
Similar for public-key encryption and pairing
31
Now, what did we do?
- LHS message interpretation
- Instantiate acting principal to I
- Meta-variables ? Rule variables
- Types from auxiliary typing derivation
- Follow knowledge acquisition flow
- Conclusion ? antecedant
- Last premises ? consequent
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
32
Network Rules
LHS
G D ?A t D G D ?A N(t) D
RHS
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
G D ?A t G D ?A N(t)
33
Other Rules?
- Either
- redundant, or
- or, innocuous (but sensible)
Intro. MSR DAS ? DY RHS data RHS msg New
data LHS data LHS msg Spec. ? DAS
34
Automating DAS Rule Design?
- One size does not fit all
- Look at protocol
- Typed MSR spec.
- Usage of constructs
- Involve construct declarations
- Not sufficient
- Use annotations
Intro. MSR DAS ? DY Spec. ? DAS
35
Generating DAS rules from use
Constructors atoms ? ? ? ? ? ? ?
- Interpret messagecomponents on LHS
- Access data (keys) on LHS
- Generate data on RHS
- Construct messages on RHS
- Access data on RHS
Intro. MSR DAS ? DY Spec. ? DAS Data lookup
New data Pat. matching
36
Accessing data
Intro. MSR DAS ? DY Spec. ? DAS Data lookup
New data Pat. matching
37
Generating data
- Again, annotate types
Intro. MSR DAS ? DY Spec. ? DAS Data lookup
New data Pat. matching
nonce type
shK princ - princ - type
38
Pattern-matching constructors
- Mark arguments as input or output
Intro. MSR DAS ? DY Spec. ? DAS Data lookup
New data Pat. matching
39
Annotating Declarations
- Integrates semantics of types and constructors
- Trimmed down version of DAS
- Allows constructing DAS rules
- and Dolev-Yao intruder
Intro. MSR DAS ? DY Spec. ? DAS Data lookup
New data Pat. matching
40
alternatively
- Compute DAS rules from protocol
- There are finitely many annotations
- Check protocol against each of them
- Keep the most restrictive ones that validate the
protocol - Exponential!
- More efficient algorithms?
Intro. MSR DAS ? DY Spec. ? DAS Data lookup
New data Pat. matching
41
(No Transcript)
Recommended
CrystalGraphics Presentations
