La lecture à portée de main
Découvre YouScribe en t'inscrivant gratuitement
Je m'inscrisDécouvre YouScribe en t'inscrivant gratuitement
Je m'inscrisDescription
Sujets
Informations
Publié par | pefav |
Nombre de lectures | 14 |
Langue | English |
Extrait
IEnxttreondduicntgoinrPVorefis’rGuoprPtooocsleGenarilezdoHnrlCuaesseRosulitnolaogirhtmoCcnulisoExtendingProVerif’sResolutionAlgorithm
forVerifyingGroupProtocols
eRosulitnolAogirht,mofreViryfnigGMiriamPaiola
miriam.paiola@ens.fr
EcoleNormaleSupe´rieure
orpuPJune25,2010
orotocslsnnaduFtrehrowr1sk/42
nIrtoudtcoinContents
xEetdnnigrGuoprPtooocsleGenarilezdoHnrlCuaess1
Introduction
RepresentationwithHornclauses
Resolution
2
GroupProtocols
3
GeneralizedHornClauses
Syntax
eR4
Resolutionalgorithm
ExtensionofthedefinitionofResolution
RelationwithHornclauses
TheAlgorithm
5
ConclusionsandFurtherworks
rPVorefis’eRosulitnolAogirht,mofreViryfnigrGuoprPtooocslosulitnolaogirhtmoCcnulisnosnaduFtrehrowr2sk/42
nIrtoudtcoinrGuoprPtooocsleGenarilezdoHnrlCuaesseRosulitnolaogirhtmCryptographicprotocolsandtheirVerification
xEetdnnigrPVorefioCcnulisnosnaduFtrhCryptographicprotocolsareprotocolsthatperformasecurity-related
functionandapplycryptographicmethods.
Theconfidenceintheseprotocolscanbeincreasedbyaformal
analysisinordertoverifysecuritypropertiesconsidering
cryptographicprimitivesasblackboxes.
Foranunboundednumberofsessions
undecidability.
Groupprotocolsareprotocolsthatinvolveanunboundednumberof
participants
thenumberofstepsandtheformofmessages
dependonthenumberofparticipants.
s’eRosulitnolAogirht,mofreViryfnigrGuoprPtooocslreowr3sk/42
fireVorPfoweivrevOskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIHornclauses
Derivabilityqueries
Automatictranslator
Resolutionwithselection
Protocol:
Picalculus+cryptography
Propertiestoprove:
secrecy,authentication,...
Potentialattack
Thepropertyistrue
42/4slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE
42/5slocotorPpuoA
→
B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
sk
B
[]))
B
→
A
:
sencrypt
(
s
,
k
)
rMessage1
Message2
GRepresentationwithHornclauses
Example
Denning-Sacco
gniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
p(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIA
→
B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
sk
B
[]
))
B
→
A
:
sencrypt
(
s
,
k
)
Message1
Message2
RepresentationwithHornclauses
Example
Denning-Sacco
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(k
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgA
→
B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
x
))
B
→
A
:
sencrypt
(
s
,
k
)
nMessage1
Message2
iRepresentationwithHornclauses
Example
Denning-Sacco
dnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
skrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIA
→
B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
x
))
B
→
A
:
sencrypt
(
s
,
k
)
Message1
Message2
RepresentationwithHornclauses
Example
Denning-Sacco
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcatta
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][A
AA
→
B
:
pencrypt
(
sign
(
B
→
A
:
sencrypt
(
s
,
k
)
kMessage1
Message2
sRepresentationwithHornclauses
Example
Denning-Sacco
,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcatta))x(kp,)][ks,])x(kp[kskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
skrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIattacker(
pk
(
x
))
⇒
A
Message1
Message2
A
→
B
:
pencrypt
(
sign
(
k
[
pk
(
x
)]
,
sk
A
[])
,
pk
(
x
))
B
→
A
:
sencrypt
(
s
,
k
)
RepresentationwithHornclauses
Example
Denning-Sacco
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][ks,])x(kp[k(ngis(tpyrcnep(rekcatta