Introduction Group Protocols Generalized Horn Clauses Resolution algorithm Conclusions and Further works

56 pages

English

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Introduction Group Protocols Generalized Horn Clauses Resolution algorithm Conclusions and Further works

pefav - Miriam Paiola

Découvre YouScribe en t'inscrivant gratuitement

Je m'inscris

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

56 pages

English

Obtenez un accès à la bibliothèque pour le consulter en ligne
En savoir plus

A propos
Informations
Extrait

Description

Introduction Group Protocols Generalized Horn Clauses Resolution algorithm Conclusions and Further works Extending ProVerif's Resolution Algorithm for Verifying Group Protocols Miriam Paiola Ecole Normale Superieure June 25, 2010 Extending ProVerif's Resolution Algorithm, for Verifying Group Protocols 1 / 24

horn clauses

protocols generalized

introduction group

considering cryptographic

cryptographic protocols

protocols

clauses syntax

horn clause

Sujets

Horn clause

Cryptographic protocol

Protocol

Informations

Publié par	pefav
Nombre de lectures	14
Langue	English

Extrait

IEnxttreondduicntgoinrPVorefis’rGuoprPtooocsleGenarilezdoHnrlCuaesseRosulitnolaogirhtmoCcnulisoExtendingProVerif’sResolutionAlgorithm
forVerifyingGroupProtocols

eRosulitnolAogirht,mofreViryfnigGMiriamPaiola
miriam.paiola@ens.fr

EcoleNormaleSupe´rieure

orpuPJune25,2010

orotocslsnnaduFtrehrowr1sk/42
nIrtoudtcoinContents

xEetdnnigrGuoprPtooocsleGenarilezdoHnrlCuaess1
Introduction
RepresentationwithHornclauses
Resolution

2
GroupProtocols

3
GeneralizedHornClauses
Syntax

eR4
Resolutionalgorithm
ExtensionofthedeﬁnitionofResolution
RelationwithHornclauses
TheAlgorithm

5
ConclusionsandFurtherworks

rPVorefis’eRosulitnolAogirht,mofreViryfnigrGuoprPtooocslosulitnolaogirhtmoCcnulisnosnaduFtrehrowr2sk/42
nIrtoudtcoinrGuoprPtooocsleGenarilezdoHnrlCuaesseRosulitnolaogirhtmCryptographicprotocolsandtheirVeriﬁcation

xEetdnnigrPVorefioCcnulisnosnaduFtrhCryptographicprotocolsareprotocolsthatperformasecurity-related
functionandapplycryptographicmethods.

Theconﬁdenceintheseprotocolscanbeincreasedbyaformal
analysisinordertoverifysecuritypropertiesconsidering
cryptographicprimitivesasblackboxes.

Foranunboundednumberofsessions

undecidability.

Groupprotocolsareprotocolsthatinvolveanunboundednumberof
participants

thenumberofstepsandtheformofmessages
dependonthenumberofparticipants.

s’eRosulitnolAogirht,mofreViryfnigrGuoprPtooocslreowr3sk/42
fireVorPfoweivrevOskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIHornclauses

Derivabilityqueries

Automatictranslator

Resolutionwithselection

Protocol:
Picalculus+cryptography

Propertiestoprove:
secrecy,authentication,...

Potentialattack

Thepropertyistrue

42/4slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE
42/5slocotorPpuoA
→
B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
sk
B
[]))
B
→
A
:
sencrypt
(
s
,
k
)

rMessage1
Message2

GRepresentationwithHornclauses
Example
Denning-Sacco

gniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
p(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIA
→
B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
sk
B
[]
))
B
→
A
:
sencrypt
(
s
,
k
)

Message1
Message2

RepresentationwithHornclauses
Example
Denning-Sacco

42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(k
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgA
→
B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
x
))
B
→
A
:
sencrypt
(
s
,
k
)

nMessage1
Message2

iRepresentationwithHornclauses
Example
Denning-Sacco

dnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
skrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIA
→
B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
x
))
B
→
A
:
sencrypt
(
s
,
k
)

Message1
Message2

RepresentationwithHornclauses
Example
Denning-Sacco

42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcatta
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][A

AA
→
B
:
pencrypt
(
sign
(
B
→
A
:
sencrypt
(
s
,
k
)

kMessage1
Message2

sRepresentationwithHornclauses
Example
Denning-Sacco

,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcatta))x(kp,)][ks,])x(kp[kskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
skrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIattacker(
pk
(
x
))
⇒

Message1
Message2

A
→
B
:
pencrypt
(
sign
(
k
[
pk
(
x
)]
,
sk
A
[])
,
pk
(
x
))
B
→
A
:
sencrypt
(
s
,
k
)

RepresentationwithHornclauses
Example
Denning-Sacco

42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][ks,])x(kp[k(ngis(tpyrcnep(rekcatta