1 / 112

A Logic of Belief and a Model Checking Algorithm for Security Protocols

A Logic of Belief and a Model Checking Algorithm for Security Protocols. Fausto Giunchiglia University of Trento fausto@cs.unitn.it. joint work with Massimo Benerecetti. Logics of Beliefs for Security Protocols. BAN Logic (Borrows, Abadi & Needham)

tybalt
Download Presentation

A Logic of Belief and a Model Checking Algorithm for Security Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A Logic of Belief and a Model Checking Algorithm for Security Protocols Fausto Giunchiglia University of Trento fausto@cs.unitn.it joint work with Massimo Benerecetti

  2. Logics of Beliefs for Security Protocols • BAN Logic (Borrows, Abadi & Needham) • Concentrate on beliefs of trustworthy principals and on their evolutionas consequence of communication

  3. Logics of Beliefs for Security Protocols • BAN Logic (Borrows, Abadi & Needham) • Concentrate on beliefs of trustworthy principals and on their evolutionas consequence of communication • Some Extensions • Abadi & Tuttle (AT Logic) • Gong, Needham & Yahalom (GNY Logic) • Boyd & Mao

  4. Logics of Beliefs for Security Protocols • BAN Logic (Borrows, Abadi & Needham) • Concentrate on beliefs of trustworthy principals and on their evolutionas consequence of communication • Some Extensions • Abadi & Tuttle (AT Logic) • Gong, Needham & Yahalom (GNY Logic) • Boyd & Mao • Attempts to automate reasoning in BAN • Kindred & Wing (Theory Building)

  5. The Approach • Define a Logic of Belief and Time

  6. The Approach • Define a Logic of Belief and Time • A Model Checking Algorithm for this logic

  7. The Approach • Define a Logic of Belief and Time • A Model Checking Algorithm for this logic • Built on top of CTL model checking

  8. The Approach • Define a Logic of Belief and Time • A Model Checking Algorithm for this logic • Built on top of CTL model checking  Integration with existing tools (e.g. NuSMV)

  9. Example: The Andrew Protocol 1 A  B : {NA}KAB 2 B  A : {NA,NB}KAB 3 A  B : {NB}KAB 4 B  A : {KAB,NB}KAB

  10. Example: The Andrew Protocol 1 A  B : {NA}KAB 2 B  A : {NA,NB}KAB 3 A  B : {NB}KAB 4 B  A : {KAB,NB}KAB • Example Property: at the end of the protocol session, A believes that B believes thatK’AB is a "good shared key" for communication between them.

  11. Example: Attack to the Andrew Protocol 1aA  B : {NA}KAB 2aB  A : {NA,NB}KAB 3aA  B : {NB}KAB 4aB  A : {KAB,NB}KAB

  12. Example: Attack to the Andrew Protocol 1aA  B : {NA}KAB 2aB  A : {NA,NB}KAB 3aA  B : {NB}KAB 4aB  A : {KAB,NB}KAB 1bA  B : {NA}Kab 2bB  A : {NA,NB}Kab 3bA  B : {NB}KAB 4bI(B)  A : {KAB,NB}KAB

  13. Outline of the Talk • Intuitions

  14. Outline of the Talk • Intuitions • MultiAgent Temporal Logic (MATL) • MultiAgent Finite State Machine (MAFSM) • The Model Checking Algorithm (MAMC)

  15. Outline of the Talk • Intuitions • MultiAgent Temporal Logic (MATL) • MultiAgent Finite State Machine (MAFSM) • The Model Checking Algorithm (MAMC) • Model of the Andrew Protocol in MAFSM

  16. Outline of the Talk • Intuitions • MultiAgent Temporal Logic (MATL) • MultiAgent Finite State Machine (MAFSM) • The Model Checking Algorithm (MAMC) • Model of the Andrew Protocol in MAFSM • Conclusion and Future Work

  17. Intuitions

  18. Intuitions Principals have two orthogonal aspects: • Temporal Evolution:when we consider the temporal evolution (CTL), formulae expressing beliefs are treated as atomic propositions.

  19. Intuitions Principals have two orthogonal aspects: • Temporal Evolution:when we consider the temporal evolution (CTL), formulae expressing beliefs are treated as atomicpropositions. • Beliefs:"a principal ascribing beliefs to another one" means that it has access to a representation of the second principal as a process.

  20. Intuitions Principals have two orthogonal aspects: • Temporal Evolution:when we consider the temporal evolution (CTL), formulae expressing beliefs are treated as atomicpropositions. • Beliefs:"aprincipal ascribing beliefs to another one" means that it has access to a representation of the second principal as a process.

  21. Intuitions Principals have two orthogonal aspects: • Temporal Evolution:when we consider the temporal evolution (CTL), formulae expressing beliefs are treated as atomicpropositions. • Beliefs:"aprincipal ascribing beliefs to another one" means that it has access to a representation of the second principal as a process.

  22. Intuitions Principals have two orthogonal aspects: • Temporal Evolution:when we consider the temporal evolution (CTL), formulae expressing beliefs are treated as atomicpropositions. • Beliefs:"aprincipal ascribing beliefs to another one" means that it has access to a representation of the second principal as a process. BBf?

  23. Intuitions Principals have two orthogonal aspects: • Temporal Evolution:when we consider the temporal evolution (CTL), formulae expressing beliefs are treated as atomicpropositions. • Beliefs:"aprincipal ascribing beliefs to another one" means that it has access to a representation of the second principal as a process. BBf? f?

  24. MultiAgent Temporal Logic(MATL)

  25. MATL: Views To eachlevel of nesting of beliefswe associate aRepresentationof aprocessevolving over time. e BA BB BBBA BABA BABB BBBB . . . . . . . . . . . .

  26. MATL: Views To each level of nesting of beliefs we associate a Representation of a process evolving over time. e Each Representation is called a View BA BB BBBA BABA BABB BBBB . . . . . . . . . . . .

  27. MATL: Views Views represent the beliefs about a principal's evolution during the protocol • Viewe: the protocol as seen by the external observer (the analyser's point of view) • ViewBA :e's beliefs about the evolution of principal A. • ViewBB :e's beliefs about the evolution of principal B. • ViewBABB : (e's beliefs about) A's beliefs about the evolution of principal B • ....

  28. MATL: Views e B* is the set of (possibly empty) strings of the form BX1···BXn BB BA BBBB BABA BABB BBBA . . . . . . . . .

  29. MATL: Language • We associate to each view a language • The language of each view allows for expressing properties of the process associated with that view

  30. MATL: Language e BA BB BABA BABB BBBB BBBA f . . . . . . . . . . . .

  31. MATL: Language e BA BB BBf BABA BABB BBBB BBBA f . . . . . . . . . . . .

  32. MATL: Language e BABBf BA BB BBf BABA BABB BBBB BBBA f . . . . . . . . . . . .

  33. MATL: Language e BABBf BBBAj BA BB BBf BAj BABA BABB BBBB BBBA j f . . . . . . . . . . . .

  34. MATL: Language To each view a we associate the smallestCTL language containing: • a finite set of Propositional Atoms Pa • the set of Atoms BAa= {BXf| fis a formula ofaBX} that is the Belief Atoms of the form BXf for each formula f of view aBX

  35. MATL: Language To each view a we associate the smallestCTL language containing: • a finite set of Propositional Atoms Pa • the set of Atoms BAa= {BXf| fis a formula ofaBX} that is the Belief Atoms of the form BXf for each formula f of view aBX Example AG(BABBP)is a formula of viewe

  36. MATL: Language Definition: Given a family{Pa }of sets of propositional atoms, the family ofMATL languages on Pais the family of CTL languages{La}

  37. MATL: Language Definition: Given a family{Pa }of sets of propositional atoms, the family ofMATL languages on Pais the family of CTL languages{La} A MATL formulafbelonging toLa is denoted by a : f Example e :AG(BABBP)denotes the formulaAG(BABBP)of view e

  38. MultiAgent Finite State Machine(MAFSM)

  39. MAFSM: Intuitions • Model Checking employs Finite State Machines • We extend the notion of FSM to accommodate beliefs • We associate theFinite State Machineof aprocessto eachview

  40. MAFSM: Intuitions • Model Checking employs Finite State Machines • We extend the notion of FSM to accommodate beliefs • We associate theFinite State Machineof a process to each view Restriction: • We consider only afinite number of views

  41. MultiAgent Finite State Machine e B* is the set of (possibly empty) strings of the form BX1···BXn BB BA BBBB BABA BABB BBBA . . . . . . . . .

  42. MultiAgent Finite State Machine e Bn BB BA BBBB BABA BABB BBBA . . . . . . . . .

  43. MultiAgent Finite State Machine e Bn BB BA Bn is a finite subset of strings in B* BBBB BABA BABB BBBA . . . . . . . . .

  44. MultiAgent Finite State Machine e We associate the Finite State Machine of a process to each view in Bn BA BB BBBA BA BB

  45. MultiAgent Finite State Machine e We associate the Finite State Machine of a process to each view in Bn BA BB BBBA BA BB Problem: there's a infinite number of Belief Atoms in each view!

  46. Explicit Belief Atoms Solution: chose a finite number of Belief Atoms (Explicit Beliefs Atoms) as state variables of the FSM of a view. BXf a s aBX s' s''

  47. Explicit Belief Atoms Explicit Belief Atoms induce a Compatibility Relationamong states in different views. BXf a s aBX f f s' s''

  48. BXy BXs Implicit Belief Atoms Implicit Belief Atoms are the infinite set of Belief Atoms which are not Explicit BXf a aBX f f

  49. BXy BXs y y s s Implicit Belief Atoms Satisfiability of Implicit Belief Atims in a state is computed via Compatibility Relation BXf a aBX f f

  50. BXy BXs y y s s Implicit Belief Atoms Satisfiability of Implicit Belief Atims in a state is computed via Compatibility Relation Explicit Belief Atoms are used to assess the truth of Implicit Belief Atoms BXf a aBX f f

More Related