56 Pages
English

Introduction Group Protocols Generalized Horn Clauses Resolution algorithm Conclusions and Further works

-

Gain access to the library to view online
Learn more

Description

Introduction Group Protocols Generalized Horn Clauses Resolution algorithm Conclusions and Further works Extending ProVerif's Resolution Algorithm for Verifying Group Protocols Miriam Paiola Ecole Normale Superieure June 25, 2010 Extending ProVerif's Resolution Algorithm, for Verifying Group Protocols 1 / 24

  • horn clauses

  • protocols generalized

  • introduction group

  • considering cryptographic

  • cryptographic protocols

  • protocols

  • clauses syntax

  • horn clause


Subjects

Informations

Published by
Reads 14
Language English

IEnxttreondduicntgoinrPVorefis’rGuoprPtooocsleGenarilezdoHnrlCuaesseRosulitnolaogirhtmoCcnulisoExtendingProVerif’sResolutionAlgorithm
forVerifyingGroupProtocols

eRosulitnolAogirht,mofreViryfnigGMiriamPaiola
miriam.paiola@ens.fr

EcoleNormaleSupe´rieure

orpuPJune25,2010

orotocslsnnaduFtrehrowr1sk/42
nIrtoudtcoinContents

xEetdnnigrGuoprPtooocsleGenarilezdoHnrlCuaess1
Introduction
RepresentationwithHornclauses
Resolution

2
GroupProtocols

3
GeneralizedHornClauses
Syntax

eR4
Resolutionalgorithm
ExtensionofthedefinitionofResolution
RelationwithHornclauses
TheAlgorithm

5
ConclusionsandFurtherworks

rPVorefis’eRosulitnolAogirht,mofreViryfnigrGuoprPtooocslosulitnolaogirhtmoCcnulisnosnaduFtrehrowr2sk/42
nIrtoudtcoinrGuoprPtooocsleGenarilezdoHnrlCuaesseRosulitnolaogirhtmCryptographicprotocolsandtheirVerification

xEetdnnigrPVorefioCcnulisnosnaduFtrhCryptographicprotocolsareprotocolsthatperformasecurity-related
functionandapplycryptographicmethods.

Theconfidenceintheseprotocolscanbeincreasedbyaformal
analysisinordertoverifysecuritypropertiesconsidering
cryptographicprimitivesasblackboxes.

Foranunboundednumberofsessions

undecidability.

Groupprotocolsareprotocolsthatinvolveanunboundednumberof
participants

thenumberofstepsandtheformofmessages
dependonthenumberofparticipants.

s’eRosulitnolAogirht,mofreViryfnigrGuoprPtooocslreowr3sk/42
fireVorPfoweivrevOskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIHornclauses

Derivabilityqueries

Automatictranslator

Resolutionwithselection

Protocol:
Picalculus+cryptography

Propertiestoprove:
secrecy,authentication,...

Potentialattack

Thepropertyistrue

42/4slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE
42/5slocotorPpuoA

B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
sk
B
[]))
B

A
:
sencrypt
(
s
,
k
)

rMessage1
Message2

GRepresentationwithHornclauses
Example
Denning-Sacco

gniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
p(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIA

B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
sk
B
[]
))
B

A
:
sencrypt
(
s
,
k
)

Message1
Message2

RepresentationwithHornclauses
Example
Denning-Sacco

42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(k
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgA

B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
x
))
B

A
:
sencrypt
(
s
,
k
)

nMessage1
Message2

iRepresentationwithHornclauses
Example
Denning-Sacco

dnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcattaskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
skrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIA

B
:
pencrypt
(
sign
(
k
,
sk
A
[])
,
pk
(
x
))
B

A
:
sencrypt
(
s
,
k
)

Message1
Message2

RepresentationwithHornclauses
Example
Denning-Sacco

42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcatta
42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][A

AA

B
:
pencrypt
(
sign
(
B

A
:
sencrypt
(
s
,
k
)

kMessage1
Message2

sRepresentationwithHornclauses
Example
Denning-Sacco

,y(ngis(tpyrcnep(rekcatta))x(kp,)][Aks,])x(kp[k(ngis(tpyrcnep(rekcatta⇒))x(kp(rekcatta))x(kp,)][ks,])x(kp[kskrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnI
skrowrehtruFdnasnoisulcnoCmhtiroglanoituloseRsesualCnroHdezilareneGslocotorPpuorGnoitcudortnIattacker(
pk
(
x
))

A

Message1
Message2

A

B
:
pencrypt
(
sign
(
k
[
pk
(
x
)]
,
sk
A
[])
,
pk
(
x
))
B

A
:
sencrypt
(
s
,
k
)

RepresentationwithHornclauses
Example
Denning-Sacco

42/5slocotorPpuorGgniyfireVrof,mhtiroglAnoituloseRs’fireVorPgnidnetxE))y,s(tpyrcnes(rekcatta⇒)))][Bks(kp,)][Aks,y(ngis(tpyrcnep(rekcatta))x(kp,)][ks,])x(kp[k(ngis(tpyrcnep(rekcatta