1 / 9

Team Automata for Security Analysis (of Multicast/Broadcast Communication)

Team Automata for Security Analysis (of Multicast/Broadcast Communication). Maurice ter Beek 1 , Gabriele Lenzini 1,2 , Marinella Petrocchi 3 1 ISTI, CNR, Pisa, Italy 2 Dept. of CS, University of Twente, The Netherlands 3 Istituto di Informatica e Telematica, CNR, Pisa, Italy WISP 2003

lorant
Download Presentation

Team Automata for Security Analysis (of Multicast/Broadcast Communication)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Team Automata for Security Analysis(of Multicast/Broadcast Communication) Maurice ter Beek1, Gabriele Lenzini1,2, Marinella Petrocchi3 1 ISTI, CNR, Pisa, Italy 2 Dept. of CS, University of Twente, The Netherlands 3 Istituto di Informatica e Telematica, CNR, Pisa, Italy WISP 2003 1stWorkshop on Issues in Security and Petri nets Eindhoven, The Netherlands, 23 June 2003 Technical Report, University of Twente, The Netherlands

  2. Multicast/Broadcast technology Unicast: “sending a message through a point-to-pointconnection” Broadcast: “flooding a message to all the connected recipients using a single local transmit operation” (e.g. ordinary TV) Multicast: “sending a message to a set of designated recipients using a single local transmit operation” (e.g. pay-per-view TV) M/B technology was born with the intent of saving resources (e.g. bandwidth & CPU time) w.r.t. unicast

  3. Stream signature protocols • send digital streams, i.e. long (potentially infinite) sequences of bits, as packets • guarantee authenticity and integrity • aim at minimizing the computational cost of signing and verifying packets a sender broadcasts a continuous stream to a possibly unbounded number of receivers Features receivers use information retrieved in earlier packets to authenticate later packets (or v.v.)

  4. Tolerating packet loss • digital streams are usually sent over the User Data Protocol, an unreliable transport protocol • this may cause packet loss, i.e. the stream may be received incomplete by (a part of) the recipients • a stream signature protocol tolerates packet loss if it still allows a recipient to verify all packets that are not lost

  5. The EMSS family of protocols • Efficient Multi-chained Stream Signature: family of protocols to sign digital streams (Perrig et al., IEEE S&P 2000) • basic idea: a hash of packet Pi is appended to packet Pi-1 (whose hash is in turn appended to packetPi-2 , etc.) • signature packet Psign at the end of the stream • each packet contains multiple hashes of previous packets and the signature packet contains hashes of multiple packets • multiple copies of the signature packet are sent

  6. Packet PSign Hash(PLAST) Hash(PLAST-1) SIGNATURE The (1,2) deterministic EMSS Packet Pi-1 Packet Pi Packet Pi+1 Mi-1 Hash(Pi-2) Hash(Pi-3) Mi Hash(Pi-1) Hash(Pi-2) Mi+1 Hash(Pi) Hash(Pi-1) . . . Time / Number of packets EMSS achieves (some) robustness against packet loss

  7. S: Ri: a a p p’ qi qi’ a (p,q1,…,qi,…,qn) (p’,q1’,…,qi’,…,qn’) Broadcast communication in TA: max-ai broadcast TA |||{S,R1,…,Ri,…,Rn}:

  8. TX The insecure communication scenario TR TR TS assertions TR public send public receive TIC TP TI eavesdrop inject (Lynch, CSFW’99)

  9. (P) (P)     C C GeneralizedNon-Deducibility on Compositions Top  • P  GNDCiff (P || ) \C (P) • A system specification P satisfies GNDC if the behavior of P, • despite the presence of the most general intruder , • with initial knowledge and communication channels , • appears to be the same (w.r.t. a behavioural relation ) • as the expected (correct) behaviour of P • (Focardi-Martinelli, FM’99 & Focardi et al., ICALP’00) • composition, hiding Top  C  (P) || \

More Related