462 research outputs found
Implementing a Unification Algorithm for Protocol Analysis with XOR
In this paper, we propose a unification algorithm for the theory which
combines unification algorithms for E\_{\std} and E\_{\ACUN} (ACUN
properties, like XOR) but compared to the more general combination methods uses
specific properties of the equational theories for further optimizations. Our
optimizations drastically reduce the number of non-deterministic choices, in
particular those for variable identification and linear orderings. This is
important for reducing both the runtime of the unification algorithm and the
number of unifiers in the complete set of unifiers. We emphasize that obtaining
a ``small'' set of unifiers is essential for the efficiency of the constraint
solving procedure within which the unification algorithm is used. The method is
implemented in the CL-Atse tool for security protocol analysis
Representing Conversations for Scalable Overhearing
Open distributed multi-agent systems are gaining interest in the academic
community and in industry. In such open settings, agents are often coordinated
using standardized agent conversation protocols. The representation of such
protocols (for analysis, validation, monitoring, etc) is an important aspect of
multi-agent applications. Recently, Petri nets have been shown to be an
interesting approach to such representation, and radically different approaches
using Petri nets have been proposed. However, their relative strengths and
weaknesses have not been examined. Moreover, their scalability and suitability
for different tasks have not been addressed. This paper addresses both these
challenges. First, we analyze existing Petri net representations in terms of
their scalability and appropriateness for overhearing, an important task in
monitoring open multi-agent systems. Then, building on the insights gained, we
introduce a novel representation using Colored Petri nets that explicitly
represent legal joint conversation states and messages. This representation
approach offers significant improvements in scalability and is particularly
suitable for overhearing. Furthermore, we show that this new representation
offers a comprehensive coverage of all conversation features of FIPA
conversation standards. We also present a procedure for transforming AUML
conversation protocol diagrams (a standard human-readable representation), to
our Colored Petri net representation
Unification modulo a partial theory of exponentiation
Modular exponentiation is a common mathematical operation in modern
cryptography. This, along with modular multiplication at the base and exponent
levels (to different moduli) plays an important role in a large number of key
agreement protocols. In our earlier work, we gave many decidability as well as
undecidability results for multiple equational theories, involving various
properties of modular exponentiation. Here, we consider a partial subtheory
focussing only on exponentiation and multiplication operators. Two main results
are proved. The first result is positive, namely, that the unification problem
for the above theory (in which no additional property is assumed of the
multiplication operators) is decidable. The second result is negative: if we
assume that the two multiplication operators belong to two different abelian
groups, then the unification problem becomes undecidable.Comment: In Proceedings UNIF 2010, arXiv:1012.455
Advanced Features in Protocol Verification: Theory, Properties, and Efficiency in Maude-NPA
The area of formal analysis of cryptographic protocols has been an active
one since the mid 80’s. The idea is to verify communication protocols
that use encryption to guarantee secrecy and that use authentication of
data to ensure security. Formal methods are used in protocol analysis to
provide formal proofs of security, and to uncover bugs and security flaws
that in some cases had remained unknown long after the original protocol
publication, such as the case of the well known Needham-Schroeder
Public Key (NSPK) protocol. In this thesis we tackle problems regarding
the three main pillars of protocol verification: modelling capabilities,
verifiable properties, and efficiency.
This thesis is devoted to investigate advanced features in the analysis
of cryptographic protocols tailored to the Maude-NPA tool. This tool
is a model-checker for cryptographic protocol analysis that allows for
the incorporation of different equational theories and operates in the
unbounded session model without the use of data or control abstraction.
An important contribution of this thesis is relative to theoretical aspects
of protocol verification in Maude-NPA. First, we define a forwards
operational semantics, using rewriting logic as the theoretical framework
and the Maude programming language as tool support. This is the first
time that a forwards rewriting-based semantics is given for Maude-NPA.
Second, we also study the problem that arises in cryptographic protocol
analysis when it is necessary to guarantee that certain terms generated
during a state exploration are in normal form with respect to the protocol
equational theory.
We also study techniques to extend Maude-NPA capabilities to support
the verification of a wider class of protocols and security properties.
First, we present a framework to specify and verify sequential protocol
compositions in which one or more child protocols make use of information obtained from running a parent protocol. Second, we present a
theoretical framework to specify and verify protocol indistinguishability
in Maude-NPA. This kind of properties aim to verify that an attacker
cannot distinguish between two versions of a protocol: for example, one
using one secret and one using another, as it happens in electronic voting
protocols.
Finally, this thesis contributes to improve the efficiency of protocol
verification in Maude-NPA. We define several techniques which drastically
reduce the state space, and can often yield a finite state space,
so that whether the desired security property holds or not can in fact
be decided automatically, in spite of the general undecidability of such
problems.Santiago Pinazo, S. (2015). Advanced Features in Protocol Verification: Theory, Properties, and Efficiency in Maude-NPA [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/4852
Compiling and securing cryptographic protocols
Protocol narrations are widely used in security as semi-formal notations to
specify conversations between roles. We define a translation from a protocol
narration to the sequences of operations to be performed by each role. Unlike
previous works, we reduce this compilation process to well-known decision
problems in formal protocol analysis. This allows one to define a natural
notion of prudent translation and to reuse many known results from the
literature in order to cover more crypto-primitives. In particular this work is
the first one to show how to compile protocols parameterised by the properties
of the available operations.Comment: A short version was submitted to IP
An Efficient Canonical Narrowing Implementation with Irreducibility and SMT Constraints for Generic Symbolic Protocol Analysis
Narrowing and unification are very useful tools for symbolic analysis of
rewrite theories, and thus for any model that can be specified in that way. A
very clear example of their application is the field of formal cryptographic
protocol analysis, which is why narrowing and unification are used in tools
such as Maude-NPA, Tamarin and Akiss. In this work we present the
implementation of a canonical narrowing algorithm, which improves the standard
narrowing algorithm, extended to be able to process rewrite theories with
conditional rules. The conditions of the rules will contain SMT constraints,
which will be carried throughout the execution of the algorithm to determine if
the solutions have associated satisfiable or unsatisfiable constraints, and in
the latter case, discard them.Comment: 41 pages, 7 tables, 1 algorithm, 9 example
- …