1 / 51

Towards evolving specs of security protocols

Towards evolving specs of security protocols. Dusko Pavlovic Kestrel Institute. March 7, 2002. Claim. Security Engineering is a part of Software Engineering. Claim. it is helpful to analyze: protocols in context of architectures security as a part of of high assurance

mstringer
Download Presentation

Towards evolving specs of security protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Towards evolving specs of security protocols Dusko Pavlovic Kestrel Institute March 7, 2002

  2. Claim Security Engineering is a part of Software Engineering

  3. Claim • it is helpful to analyze: • protocols in context of architectures • security as a part of of high assurance • malicious attackers on connectors together with unspecified environments of components • both SE and SE are concerned with • distributed, • multi-layered, • heterogenous complex systems…

  4. Outline • Mobile proposals: • IPv4 vs IPv6 • Problem: • remote redirection (traffic hijacking) • Adding authentication: • espec transformation • Variations and ongoing work

  5. Papers • Authentication for Mobile IPv6 • with A. Datta, J. Mitchell and F. Muller • Composition and refinement of behavioral specifications • with D. Smith • Guarded transitions in evolving specifications • with D. Smith http://www.kestrel.edu/users/pavlovic/

  6. Mobile IPv4 HA MN CN FA initial architecture

  7. Mobile IPv4 MN HA CN FA

  8. Mobile IPv4 HA CN MN FA

  9. Mobile IPv4 HA CN MN FA

  10. Mobile IPv4 HA CN MN FA

  11. Mobile IPv4 HA CN MN FA triangle routing!

  12. Mobile IPv4 HA MN CN FA session architecture

  13. Mobile IPv6 • avoid triangle routing: • use IPv6 Routing Header and tunneling • minimize • network partitioning • computational load on: • routers • nodes: no expensive encryptions or decryptions • number of messages • need for infrastructure: no global PKI • maximize • performance and availability: no DoS • end-to-end security: authenticate location information

  14. Mobile IPv6 • home address • the node is always addressed by the same IP number • care-of addresses (one or more) • bind dynamically to different subnet IP numbers • all packets containing the binding information must be authenticated • authentication relies upon previously established security associations • Binding Update/Acknowledgement • realized through Destination Options Headers • Binding Cache integrated with Destination Cache

  15. Mobile IPv6 proposal HA MN CN initial architecture

  16. MN HA CN

  17. g g y y g x {BU} k xy k = g Mobile IPv6 HA CN MN

  18. Mobile IPv6 HA CN MN

  19. Mobile IPv6 HA CN MN

  20. Mobile IPv6 proposal MN CN session architecture

  21. Mobile IPv6 proposal E HA MN CN E E E actual initial architecture

  22. g g g g y u v v g x xv k = g ME uy k = g EC Mobile IPv6 HA E CN MN

  23. Mobile IPv6 proposal MN E CN possible session architecture

  24. Task Use especs to add authentication!

  25. Task • Assess tradeoff between • maximizing strength of authentication • minimizing need for infrastructure

  26. gx (u) ux/k (u) (ux/k)  MN’s view espec MN (x) gx (u) ux/k

  27. (y) gy (wy/k) gy (wy/k)  CN’s view espec CN (w) (y) gy (wy/k)

  28. espec Net espec BU BU architecture espec CN espec HA espec MN

  29. (aspects of especs) • genericity • all agents are instances of cord espec • automated • composition of agents • trace generation • support for formal analysis • model checking • theorem proving • invariant generation

  30. espec Net espec BU BU architecture espec CN espec HA espec MN

  31. espec Net BU architecture diag BU espec CN espec HA espec MN

  32. (aspects of especs) • adjustable abstraction level • stratification: • agents: process calculus • protocols: especs • architectures: diagrams • network connectors and components • infrastructure and chain of trust • information flow • …

  33. BU architecture diag BU

  34. Lib diag KeyExch Lib diag AuthKeyExch diag AuthBU BU refinement diag BU

  35. (aspects of especs) • development (programming, generation) • top-down: refinement • morphisms: inheritance, genericity • bottom-up: composition • pushouts • emergent and vanishing properties • game theory, linear logic (strategies) • program transformation • authentication compiler (Bellare-Canetti-Krawczyk) • optimization • adaptation • specification-carrying software

  36. Lib diag KeyExch Lib diag AuthKeyExch diag AuthBU BU refinement diag BU

  37. AuthBU architecture diag AuthBU espec AuthCN espec HACN espec Net espec HAMN espec AuthMN

  38. (x) gx (u,v) (v/{gx,u}hm)(ux/k) gx (u,v) (v/{gx,u}hm) (ux/k) (u,v) (v/{gx,u}hm) (ux/k) (v/{gx,u}hm) (ux/k)  AuthMN’s view espec AuthMN

  39. Authenticated MIPv6 E HA HA MN CN E E E initial architecture

  40. HA CN HA MN x x y y g , g , {g , g } g , g , {g , g } y g , {g , g } x x y y x y sg hc hm g x xy k = g MN CN

  41. HA CN HA MN g x s xy k = g {iCN, iMN, gy, s}pk {iCN, iMN, gy, s}sg {iMN, gy, s}hm {iMN, gy, s}hc MN CN s = {iCN, iMN, gx , gy}k

  42. HA CN HA MN g x s xy k = g {iCN, iMN, gy, s, {iCN, iMN, gy, s}sg }pk {s, gy,iMN}hm {iMN, gy, s}hc MN CN s = {iCN, iMN, gx , gy}k

  43. Authenticated MIPv6 MN CN assured session architecture

  44. Variations • weaker authentications: • one-way: no PKI, just certificates, or AAA - no anonymity • first time unauthenticated (like SSH), then chained hashing • stronger authentications: • privacy • anonymity, non-repudiation • dynamic infrastructure • no shared secret: databases of “fingerprints” • authenticating by non-forgeable capability • authenticating by divided secret

  45. (aspects of especs) • additional aspects: • information flow • information hiding • cryptography • …

  46. Ongoing work IMPLEMENT the tool!

  47. Papers • Authentication for Mobile IPv6 • with A. Datta, J. Mitchell and F. Muller • Composition and refinement of behavioral specifications • with D. Smith • Guarded transitions in evolving specifications • with D. Smith http://www.kestrel.edu/users/pavlovic/

  48. (names) N ::= X | A (terms) t ::= x | a | N | t,...,t | {t} N a ::= t | (x) | (t/p(x)) (actions) (strands) S ::= aS (interaction) [(x)R] [tS] ...   [R(t/x)] [S] ... (cords) C ::= [S]  [(p(t)/p(x))R]...   [R(t/x)]... (reaction) (cord spaces) FV(t) =  FV(t) = 

  49. What are especs? • diagrams of specs • specification-carrying programs • in a development environment supporting • refinement (top-down) • composition (bottom-up) • synthesis of verified code • programming language with • guarded commands • logical annotations as first-class citizens (available at runtime) • procedural abstraction and refinement

  50. spec BinR spec BinO spec RefR spec AsymR spec TranR spec Assoc spec Comm spec Invol x<y xVy=y What are specs? spec Poset is sort X op < : X*X -> Bool ax trans is x<y /\ y<z => x<z ax sym... end-spec spec Semilattice is sort X op V in : X*X -> X cons b : X ax assoc is (xVy)Vz = xV(yVz)… end-spec

More Related