1 / 22

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking. Tom Chothia CWI. Today. Model Checking is useful Probabilities can be an important part of a protocol (also next week). . The Rest of the Course. Today: Model Checking.

hayes
Download Presentation

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Modelling and Analysing of Security Protocol: Lecture 11Modelling Checking Tom Chothia CWI

  2. Today • Model Checking is useful • Probabilities can be an important part of a protocol (also next week).

  3. The Rest of the Course • Today: Model Checking. • 26th Oct: When you have to have probability and Fair Exchange protocols (Homework due). • 2nd, 9th, 16th, 23rd and 30th Nov Student presentations. • E-mail me your presentation idea’s by Friday

  4. Today • Model Checking for finite systems • Specifying properties in CTL • Dinning Philosophers BREAK • Probabilistic finite systems • Specifying probabilistic properties in PCTL • Dinning Cryptographers

  5. A Quick History of Key Establishment and Authentication • 50 BC to 1960s : Not relevant: • Pre-computer: Caesar cipher to Enigma. Keys prearranged by hand • 1960s to 1980s : Not considered necessary • ARPAnet, an open network, no or little secret, e.g. telnet. open relays

  6. A Quick History of Key Establishment and Authentication • 1970s to 1990s : First tries • Early Internet, trying for security, e.g. SSL version 1, Needham-sroder. • 1980-2000s : Becomes a science • Principles for protocol design, attacker models, Kerberos, TLS, SSH • 1990s to present: Automation • Understood well enough to check by machine.

  7. Anonymity Protocols • upto 1990s : Not relevant: • Little personal information on the Internet • upto 2000s : Not considered necessary • 1990 to Now: First tries, • Dinning Cryptographers, • anonymous proxies, • Tor.

  8. Anonymity Protocols Only now: • Becoming a Science • Limited automatic checking of automata protocols • Only for finite systems, no dedicated tools

  9. Model Checking • Idea: • Make a model of your system with has a limited number of states • Check every single state to make sure its OK • Problem: making the model finite • Problem: “state space explosion” • Very effective, many industrial applications

  10. Model Checking 1994 Pentium chip was missing a few entries in a table. Almost never used so missed by standard testing. If x=4195835 & y =3145727 then x/y =1.333739068902037589 rather than =1.333820449136241002 But x-(x.y/y)= 256 not 0

  11. Result • Public relations disaster • Jokes: • How many Pentium designers does it take to change a light bulb? • 1.99995827903 • 100 of millions of dollars of replacement costs. • Intel now model checks all hardware.

  12. PRISM

  13. Traffic Lights Example

  14. State Space

  15. CTL examples

  16. CTL

  17. CTL Derived Operators.

  18. Dinning Philosophers

  19. Dinning Philosophers in PRISM

  20. Checking the Dinning Philosphers

  21. Fixing the Deadlock

  22. Today • Model Checking for finite systems • Specifying properties in CTL • Dinning Philosophers example BREAK • Probabilistic finite systems • Specifying probabilistic properties in PCTL • Dinning Cryptographers

More Related