1 / 27

CSE503 – Design Charette

CSE503 – Design Charette. Mattias Engblom Robert Franzén Johan Hesselberg Raphael Hoffman Ramy Shahin. Presentation Overview. Introduction Design overview Models. Introduction. Chosen area – Security Known security techniques What we decided to implement Privacy Integrity

stans
Download Presentation

CSE503 – Design Charette

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSE503 – Design Charette Mattias Engblom Robert Franzén Johan Hesselberg Raphael Hoffman Ramy Shahin

  2. Presentation Overview • Introduction • Design overview • Models

  3. Introduction • Chosen area – Security • Known security techniques • What we decided to implement • Privacy • Integrity • Authentication

  4. Problem Frames (1/2) • Context Diagrams

  5. Problem Frames (2/2) • Usefulness of Problem Frames • Shared Phenomena • Idea of system participants • Derive requirements • Being able to focus on specific parts

  6. Cryptographic Techniques • Symmetric Cryptography • Asymmetric Cryptography • Hashes and message digests

  7. Design – Overview

  8. Design – Common modules

  9. Sending a Secure Message

  10. Receiving a Secure Message

  11. Design – UserManager module

  12. Models • Privacy and Authentication in Communication with Mail Server(SRPProtocol) • Privacy and Authentication in Email Communication • Secure Distribution Centers Spin Alloy

  13. Design – Logon algorithm • The Logon sequence diagram

  14. Privacy and Authentication in Communication with Mail Server Variables involved C, n, g, s, P, x, v, u, a, b, A, B, K, M1, M2

  15. Privacy and Authentication in Communication with Mail Server Client Server Intruder

  16. Privacy and Authentication in Communication with Mail Server n,g,a,P,C n,g,b,s,v Client Server Initial Knowledge Initial Knowledge Intruder Initial Knowledge n,g

  17. Privacy and Authentication in Communication with Mail Server “If x1,x2,x3 is known, then x4 can be computed” rule extraction #define updateMyKnowledge(arr) \ if \ :: (arr[serverDB] && arr[C]) -> arr[s] = 1; arr[v]=1; \ :: else skip \ fi; \ if \ :: (arr[s] && arr[C] && arr[P]) -> arr[x] = 1; \ :: else skip; \ fi; \ if \ :: (arr[n] && arr[g] && arr[a]) -> arr[A] = 1; \ :: else skip; \ fi; \ if \ :: (arr[n] && arr[v] && arr[g] && arr[b]) -> arr[B] = 1; \ ...

  18. Privacy and Authentication in Communication with Mail Server n,g,a,C n,g,b,C,s,v C Client Server Update knowledge based on observed data and prior knowledge, and rules Intruder n,g,C

  19. Privacy and Authentication in Communication with Mail Server proctype Intruder(mtype self; mtype party) { mtype msg; /* initialize knowledge of Intruder*/ knowledgeOfIntruder[g] = 1; knowledgeOfIntruder[n] = 1; /* can only send that information it knows */ do :: knowledgeOfIntruder[C] -> net ! self, party, C; :: knowledgeOfIntruder[n] -> net ! self, party, n; :: knowledgeOfIntruder[g] -> net ! self, party, g; :: knowledgeOfIntruder[s] -> net ! self, party, s; :: knowledgeOfIntruder[P] -> net ! self, party, P; :: knowledgeOfIntruder[x] -> net ! self, party, x; :: knowledgeOfIntruder[v] -> net ! self, party, v; :: knowledgeOfIntruder[a] -> net ! self, party, a; :: knowledgeOfIntruder[b] -> net ! self, party, b; :: knowledgeOfIntruder[A] -> net ! self, party, A; :: knowledgeOfIntruder[B] -> net ! self, party, B; :: knowledgeOfIntruder[K] -> net ! self, party, K; :: knowledgeOfIntruder[M1] -> net ! self, party, M1; :: knowledgeOfIntruder[M2] -> net ! self, party, M2; :: /* if intruder doesn't know, it can send junk */ net ! self, party, junk; :: net ? eval(party), eval(self), msg -> knowledgeOfIntruder[msg] = 1; updateMyKnowledge(knowledgeOfIntruder); od } Intruder send random messages learn new values

  20. Privacy and Authentication in Communication with Mail Server Modeled and verified three scenarios • Intruder cannot learn session key based on prior knowledge, observed data and rules • Intruder cannot impersonate the server • Intruder cannot impersonate the client Assumptions Rules are complete, etc.

  21. Q & A

  22. Privacy and Authentication in Email Communication CertificateServer A B A wants to send a secret message to B Intruder

  23. Privacy and Authentication in Email Communication proctype Intruder (mtype self) { ... do /* write random messages based on knowledge */ :: atomic { if :: sender = A; :: sender = B; :: sender = KeyServer; fi; if :: receiver = A; :: receiver = B; :: receiver = KeyServer; fi; if :: msg = learned1; :: msg = learned2; :: msg = PKC; ... a ! sender, receiver, msg, enc, sign; } /* try to learn something new */ :: a ? peer, _, x1, x2, x3 -> if :: (x2==nil || x2==PKC) -> if :: learned1 = x1; intruderLearned(x1); :: learned2 = x1; intruderLearned(x1); fi Intruder send random messages learn new values

  24. Privacy and Authentication in Email Communication • In our first scenario, A did not verify the signature of the response from the Certificate Server • SPIN detected a possible attack B Certificate Server A Request PK(B) send PK(B) encrypt M with PK(B) decrypt M with PK(B)

  25. Secure Distribution Servers Mailing Lists Client D A B C Client D Client DistributionServer Client Client

  26. Secure Distribution Servers • Problem: Cycles in Mailing Lists E F G H G I J K D A B E N D O P K L M N

  27. Secure Distribution Servers • Solution: Introduce a TTL (Time to live) field inside an email message, that is decremented each time the message reaches a distribution server • We modeled our system in Alloy and showed that with the above extension no infinite cycles are possible anymore.

More Related