1 / 14

AGVI Automatic Generation, Verification, and Implementation of security protocols

AGVI Automatic Generation, Verification, and Implementation of security protocols. By: Dawn Song, Adrian Perrig, and Doantam Phan. In: 13 th Conference on Computer Aided Verification (CAV), 2001 Presenter: AliReza Namvar. Motivation. Rapid design&deployment of security protocol

brice
Download Presentation

AGVI Automatic Generation, Verification, and Implementation of security protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. AGVI Automatic Generation, Verification, and Implementation of security protocols • By: Dawn Song, Adrian Perrig, and Doantam Phan. • In: 13th Conference on Computer Aided Verification (CAV), 2001 Presenter: AliReza Namvar

  2. Motivation • Rapid design&deployment of security protocol • eCommerce systems • Security protocol are difficult to: • Design • Verify the correctness • Implement correctly

  3. Intoduction • Optimal security protocol: • System aspects: • Computation overhead • Communication overhead • Power consumptions • Guarantee the correctness by Automatic Verifiers • Automatic implementation to reduce the number of bugs

  4. Overview Protocol Generator Protocol Screener Code Generator Candidate • Specify security requirement: • Authentication and secrecy • System specification • System spec: • Sym/asym enc/decryption • Low bandwidth Protocols

  5. Protocol Specification • metric function • cost or overhead of the protocol • monotonically increasing • a specification of the initial setup • defines which cryptographic primitives are available to the principals • what keys each principal possesses • Adrian Perrig and Dawn Song. A first step towards the automatic generation of security protocols. • In Network and Distributed System Security Symposium, February 2000.

  6. Representation

  7. Representation • Each msg can be represented as a tree • atomic messages as leaves • operations as intermediate nodes. • A,B,{A,B}KB

  8. Protocol Generator • Generates candidate security protocol • Satisfying the system requirements • Using exhaustive search in a combinatorial protocol space[4round auth. = 10^12] • Discard obviously flawed protocols • Powerful reduction tech.(10000/s) Security Properties Automatic Protocol Generation Correct Protocol Metric function Initial Setup

  9. Protocol Generator(cntd) • Iterative deepening • Each iteration:cost threshold • Search < given threshold • Sorted protocols passed to the protocol screener • practical APG • Using efficient reduction techniques and heuristics • Each security property is therefore accompanied by: • pruning algorithm (which efficiently discards most severely flawed protocols) • a verification condition for the screener. Stuart Russell and Peter Norvig. Artificial Intelligence: A Modern Approach. Prentice Hall Series in Artificial Intelligence, 1995.

  10. Protocol Screener • Analyze protocol executions with any arbitrary protocol configuration • Analysis Termination • Gives a proof for satisfaction of sec. Props. • or Generates a counterexample • Exploits state space reduction techniques to achieve high efficiency • Backward search, symbolic representation • Average: 5-10/s [500Mhz PenIII linux]

  11. Protocol Screener(Cntd) • Athena: represent execution Strand SM • Logic:to reason about strand spaces&bundles • Automate procedure to evaluate well–formed formulae in this logic • Forced termination: • Bounding #of concurrent protocol runs • Length of msgs • No state explosion caused by asyn. Composition & symmetry redundancy • Uncertainty theorems: • Prune state space at early stage

  12. Athena:Logic • Terms: • Node constant (n,n1,…) • Strand constants (s,s1,…) • Bundle constant (c,c1,…) • Bundle variable (C,C1,…) • Prepositional Formula: • n  s,n  c, n  C, s  c,s  C are atomic • f1 and f1f2 are p.f. if f1 and f2 are p.f. • Well-formed formulae(wff) • f,F1,F1F2 Athena: a New Efficient Automatic Checker for Security Protocol Analysis , Song 1999

  13. Code Generator • translates the formal specification into Java code • final implementation is correct (proof by construction) • implementation is secure • Buffer overruns • False input attacks • Type flaws • Replay attacks and freshness attacks

  14. Conclusions • Variation of system speciation for experiments • Iterative deepening is Greedy.Any proof for optimality? • Is formal security protocol analysis is NP? • Automatic code generation.

More Related