Cet ouvrage fait partie de la bibliothèque YouScribe
Obtenez un accès à la bibliothèque pour le lire en ligne
En savoir plus

Introduction Group Protocols Generalized Horn Clauses Resolution algorithm Conclusions and Further works

De
56 pages
Introduction Group Protocols Generalized Horn Clauses Resolution algorithm Conclusions and Further works Extending ProVerif's Resolution Algorithm for Verifying Group Protocols Miriam Paiola Ecole Normale Superieure June 25, 2010 Extending ProVerif's Resolution Algorithm, for Verifying Group Protocols 1 / 24

  • horn clauses

  • protocols generalized

  • introduction group

  • considering cryptographic

  • cryptographic protocols

  • protocols

  • clauses syntax

  • horn clause


Voir plus Voir moins

IEnxttreondduicntgoinrPVorefis’rGuoprPtooocsleGenarilezdoHnrlCuaesseRosulitnolaogirhtmoCcnulisoExtendingProVerif’sResolutionAlgorithm
forVerifyingGroupProtocols

eRosulitnolAogirht,mofreViryfnigGMiriamPaiola
miriam.paiola@ens.fr

EcoleNormaleSupe´rieure

orpuPJune25,2010

orotocslsnnaduFtrehrowr1sk/42
nIrtoudtcoinContents

xEetdnnigrGuoprPtooocsleGenarilezdoHnrlCuaess1
Introduction
RepresentationwithHornclauses
Resolution

2
GroupProtocols

3
GeneralizedHornClauses
Syntax

eR4
Resolutionalgorithm
ExtensionofthedefinitionofResolution
RelationwithHornclauses
TheAlgorithm

5
ConclusionsandFurtherworks

rPVorefis’eRosulitnolAogirht,mofreViryfnigrGuoprPtooocslosulitnolaogirhtmoCcnulisnosnaduFtrehrowr2sk/42
nIrtoudtcoinrGuoprPtooocsleGenarilezdoHnrlCuaesseRosulitnolaogirhtmCryptographicprotocolsandtheirVerification

xEetdnnigrPVorefioCcnulisnosnaduFtrhCryptographicprotocolsareprotocolsthatperformasecurity-related
functionandapplycryptographicmethods.

Theconfidenceintheseprotocolscanbeincreasedbyaformal
analysisinordertoverifysecuritypropertiesconsidering
cryptographicprimitivesasblackboxes.

Foranunboundednumberofsessions

undecidability.

Groupprotocolsareprotocolsthatinvolveanunboundednumberof
participants

thenumberofstepsandtheformofmessages
dependonthenumberofparticipants.

s’eRosulitnolAogirht,mofreViryfnigrGuoprPtooocslreowr3sk/42
fireVorPfoweivrevOskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIHornclauses

Derivabilityqueries

Automatictranslator

Resolutionwithselection

Protocol:
Picalculus+cryptography

Propertiestoprove:
secrecy,authentication,...

Potentialattack

Thepropertyistrue

42/4slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE
42/5slocotorPpuoA

B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
sk
B
[]))
B

A
:
sencrypt
(
s
,
k
)

rMessage1
Message2

GRepresentationwithHornclauses
Example
Denning-Sacco

gniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
p(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIA

B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
sk
B
[]
))
B

A
:
sencrypt
(
s
,
k
)

Message1
Message2

RepresentationwithHornclauses
Example
Denning-Sacco

42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(k
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgA

B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
x
))
B

A
:
sencrypt
(
s
,
k
)

nMessage1
Message2

iRepresentationwithHornclauses
Example
Denning-Sacco

dnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
skrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIA

B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
x
))
B

A
:
sencrypt
(
s
,
k
)

Message1
Message2

RepresentationwithHornclauses
Example
Denning-Sacco

42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcatta
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][A

AA

B
:
pencrypt
(
sign
(
B

A
:
sencrypt
(
s
,
k
)

kMessage1
Message2

sRepresentationwithHornclauses
Example
Denning-Sacco

,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcatta))x(kp,)][ks,])x(kp[kskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
skrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIattacker(
pk
(
x
))

A

Message1
Message2

A

B
:
pencrypt
(
sign
(
k
[
pk
(
x
)]
,
sk
A
[])
,
pk
(
x
))
B

A
:
sencrypt
(
s
,
k
)

RepresentationwithHornclauses
Example
Denning-Sacco

42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][ks,])x(kp[k(ngis(tpyrcnep(rekcatta

Un pour Un
Permettre à tous d'accéder à la lecture
Pour chaque accès à la bibliothèque, YouScribe donne un accès à une personne dans le besoin