98 research outputs found
Termination of Narrowing: Automated Proofs and Modularity Properties
En 1936 Alan Turing demostro que el halting problem, esto es, el problema de decidir
si un programa termina o no, es un problema indecidible para la inmensa mayoria de
los lenguajes de programacion. A pesar de ello, la terminacion es un problema tan
relevante que en las ultimas decadas un gran numero de tecnicas han sido desarrolladas
para demostrar la terminacion de forma automatica de la maxima cantidad posible de
programas. Los sistemas de reescritura de terminos proporcionan un marco teorico
abstracto perfecto para el estudio de la terminacion de programas. En este marco, la
evaluaci on de un t ermino consiste en la aplicacion no determinista de un conjunto de
reglas de reescritura.
El estrechamiento (narrowing) de terminos es una generalizacion de la reescritura
que proporciona un mecanismo de razonamiento automatico. Por ejemplo, dado un
conjunto de reglas que denan la suma y la multiplicacion, la reescritura permite calcular
expresiones aritmeticas, mientras que el estrechamiento permite resolver ecuaciones
con variables. Esta tesis constituye el primer estudio en profundidad de las
propiedades de terminacion del estrechamiento. Las contribuciones son las siguientes.
En primer lugar, se identican clases de sistemas en las que el estrechamiento tiene
un comportamiento bueno, en el sentido de que siempre termina. Muchos metodos
de razonamiento automatico, como el analisis de la semantica de lenguajes de programaci
on mediante operadores de punto jo, se benefician de esta caracterizacion.
En segundo lugar, se introduce un metodo automatico, basado en el marco teorico
de pares de dependencia, para demostrar la terminacion del estrechamiento en un
sistema particular. Nuestro metodo es, por primera vez, aplicable a cualquier clase
de sistemas.
En tercer lugar, se propone un nuevo metodo para estudiar la terminacion del
estrechamiento desde un termino particular, permitiendo el analisis de la terminacion
de lenguajes de programacion. El nuevo metodo generaliza losIborra López, J. (2010). Termination of Narrowing: Automated Proofs and Modularity Properties [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/19251Palanci
Advanced Features in Protocol Verification: Theory, Properties, and Efficiency in Maude-NPA
The area of formal analysis of cryptographic protocols has been an active
one since the mid 80’s. The idea is to verify communication protocols
that use encryption to guarantee secrecy and that use authentication of
data to ensure security. Formal methods are used in protocol analysis to
provide formal proofs of security, and to uncover bugs and security flaws
that in some cases had remained unknown long after the original protocol
publication, such as the case of the well known Needham-Schroeder
Public Key (NSPK) protocol. In this thesis we tackle problems regarding
the three main pillars of protocol verification: modelling capabilities,
verifiable properties, and efficiency.
This thesis is devoted to investigate advanced features in the analysis
of cryptographic protocols tailored to the Maude-NPA tool. This tool
is a model-checker for cryptographic protocol analysis that allows for
the incorporation of different equational theories and operates in the
unbounded session model without the use of data or control abstraction.
An important contribution of this thesis is relative to theoretical aspects
of protocol verification in Maude-NPA. First, we define a forwards
operational semantics, using rewriting logic as the theoretical framework
and the Maude programming language as tool support. This is the first
time that a forwards rewriting-based semantics is given for Maude-NPA.
Second, we also study the problem that arises in cryptographic protocol
analysis when it is necessary to guarantee that certain terms generated
during a state exploration are in normal form with respect to the protocol
equational theory.
We also study techniques to extend Maude-NPA capabilities to support
the verification of a wider class of protocols and security properties.
First, we present a framework to specify and verify sequential protocol
compositions in which one or more child protocols make use of information obtained from running a parent protocol. Second, we present a
theoretical framework to specify and verify protocol indistinguishability
in Maude-NPA. This kind of properties aim to verify that an attacker
cannot distinguish between two versions of a protocol: for example, one
using one secret and one using another, as it happens in electronic voting
protocols.
Finally, this thesis contributes to improve the efficiency of protocol
verification in Maude-NPA. We define several techniques which drastically
reduce the state space, and can often yield a finite state space,
so that whether the desired security property holds or not can in fact
be decided automatically, in spite of the general undecidability of such
problems.Santiago Pinazo, S. (2015). Advanced Features in Protocol Verification: Theory, Properties, and Efficiency in Maude-NPA [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/4852
Modeling and Analysis of Advanced Cryptographic Primitives and Security Protocols in Maude-NPA
Tesis por compendio[ES] La herramienta criptográfica Maude-NPA es un verificador de modelos especializado para protocolos de seguridad criptográficos que tienen en cuenta las propiedades algebraicas de un sistema criptográfico. En la literatura, las propiedades criptográficas adicionales han descubierto debilidades de los protocolos de seguridad y, en otros casos, son parte de los supuestos de seguridad del protocolo para funcionar correctamente. Maude-NPA tiene una base teórica en la rewriting logic, la unificación ecuacional y el narrowing para realizar una búsqueda hacia atrás desde un patrón de estado inseguro para determinar si es alcanzable o no. Maude-NPA se puede utilizar para razonar sobre una amplia gama de propiedades criptográficas, incluida la cancelación del cifrado y descifrado, la exponenciación de Diffie-Hellman, el exclusive-or y algunas aproximaciones del cifrado homomórfico.
En esta tesis consideramos nuevas propiedades criptográficas, ya sea como parte de protocolos de seguridad o para descubrir nuevos ataques. También hemos modelado diferentes familias de protocolos de seguridad, incluidos los Distance Bounding Protocols or Multi-party key agreement protocolos. Y hemos desarrollado nuevas técnicas de modelado para reducir el coste del análisis en protocolos con tiempo y espacio. Esta tesis contribuye de varias maneras al área de análisis de protocolos criptográficos y muchas de las contribuciones de esta tesis pueden ser útiles para otras herramientas de análisis criptográfico.[CAT] L'eina criptografica Maude-NPA es un verificador de models especialitzats per a protocols de seguretat criptogrà fics que tenen en compte les propietats algebraiques d'un sistema criptogrà fic. A la literatura, les propietats criptogrà fiques addicionals han descobert debilitats dels protocols de seguretat i, en altres casos, formen part dels supòsits de seguretat del protocol per funcionar correctament. Maude-NPA te' una base teòrica a la rewriting lògic, la unificació' equacional i narrowing per realitzar una cerca cap enrere des d'un patró' d'estat insegur per determinar si es accessible o no. Maude-NPA es pot utilitzar per raonar sobre una amplia gamma de propietats criptogrà fiques, inclosa la cancel·lació' del xifratge i desxifrat, l'exponenciacio' de Diffie-Hellman, el exclusive-or i algunes aproximacions del xifratge homomòrfic.
En aquesta tesi, considerem noves propietats criptogrà fiques, ja sigui com a part de protocols de seguretat o per descobrir nous atacs. Tambe' hem modelat diferents famÃlies de protocols de seguretat, inclosos els Distance Bounding Protocols o Multi-party key agreement protocols. I hem desenvolupat noves tècniques de modelització' de protocols per reduir el cost de l'analisi en protocols amb temps i espai. Aquesta tesi contribueix de diverses maneres a l’à rea de l’anà lisi de protocols criptogrà fics i moltes de les contribucions d’aquesta tesi poden ser útils per a altres eines d’anà lisi criptogrà fic.[EN] The Maude-NPA crypto tool is a specialized model checker for cryptographic security protocols that take into account the algebraic properties of the cryptosystem. In the literature, additional crypto properties have uncovered weaknesses of security protocols and, in other cases, they are part of the protocol security assumptions in order to function properly. Maude-NPA has a theoretical basis on rewriting logic, equational unification, and narrowing to perform a backwards search from an insecure state pattern to determine whether or not it is reachable. Maude-NPA can be used to reason about a wide range of cryptographic properties, including cancellation of encryption and decryption, Diffie-Hellman exponentiation, exclusive-or, and some approximations of homomorphic encryption.
In this thesis, we consider new cryptographic properties, either as part of security protocols or to discover new attacks. We have also modeled different families of security protocols, including Distance Bounding Protocols or Multi-party key agreement protocols. And we have developed new protocol modeling techniques to reduce the time and space analysis effort. This thesis contributes in several ways to the area of cryptographic protocol analysis and many of the contributions of this thesis can be useful for other crypto analysis tools.This thesis would not have been possible without the funding of a set of research projects. The main contributions and derivative works of this thesis
have been made in the context of the following projects:
- Ministry of Economy and Business of Spain : Project LoBaSS Effective Solutions Based on Logic, Scientific Research under award number TIN2015-69175-C4-1-R, this project was focused on using powerful logic-based technologies to analyze safety-critical systems.
- Air Force Office of Scientific Research of United States of America : Project Advanced symbolic methods for the cryptographic protocol analyzer Maude-NPA Scientific Research under award number FA9550-17-1-0286
- State Investigation Agency of Spain : Project FREETech: Formal Reasoning for Enabling and Emerging Technologies Scientific I+D-i Research under award number RTI2018-094403-B-C32Aparicio Sánchez, D. (2022). Modeling and Analysis of Advanced Cryptographic Primitives and Security Protocols in Maude-NPA [Tesis doctoral]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/190915Compendi
Theory of partial-order programming
This paper shows the use of partial-order program clauses and lattice domains for declarative programming. This paradigm is particularly useful for expressing concise solutions to problems from graph theory, program analysis, and database querying. These applications are characterized by a need to solve circular constraints and perform aggregate operations, a capability that is very clearly and efficiently provided by partial-order clauses. We present a novel approach to their declarative and operational semantics, as well as the correctness of the operational semantics. The declarative semantics is model-theoretic in nature, but the least model for any function is not the classical intersection of all models, but the greatest lower bound/least upper bound of the respective terms defined for this function in the different models. The operational semantics combines top-down goal reduction with memo-tables. In the partial-order programming framework, however, memoization is primarily needed in order to detect circular circular function calls. In general we need more than simple memoization when functions are defined circularly in terms of one another through monotonic functions. In such cases, we accumulate a set of functional-constraint and solve them by general fixed-point-finding procedure. In order to prove the correctness of memoization, a straightforward induction on the length of the derivation will not suffice because of the presence of the memo-table. However, since the entries in the table grow monotonically, we identify a suitable table invariant that captures the correctness of the derivation. The partial-order programming paradigm has been implemented and all examples shown in this paper have been tested using this implementation
Computing knowledge in security protocols under convergent equational theories
International audienceThe analysis of security protocols requires reasoning about the knowledge an attacker acquires by eavesdropping on network traffic. In formal approaches, the messages exchanged over the network are modeled by a term algebra equipped with an equational theory axiomatizing the properties of the cryptographic primitives (e.g. encryption, signature). In this context, two classical notions of knowledge, deducibility and indistinguishability, yield corresponding decision problems.\par We propose a procedure for both problems under arbitrary convergent equational theories. Since the underlying problems are undecidable we cannot guarantee termination. Nevertheless, our procedure terminates on a wide range of equational theories. In particular, we obtain a new decidability result for a theory we encountered when studying electronic voting protocols. We also provide a prototype implementation
- …