Presentation is loading. Please wait.

Presentation is loading. Please wait.

Automated Analysis of Cryptographic Protocols Using Murphi Mingchen Zhao University of Pennsylvania.

Published byMonserrat Ovard Modified over 9 years ago

Similar presentations

Presentation on theme: "Automated Analysis of Cryptographic Protocols Using Murphi Mingchen Zhao University of Pennsylvania."— Presentation transcript:

1 Automated Analysis of Cryptographic Protocols Using Murphi Mingchen Zhao University of Pennsylvania

2 Outline Background – Model checking – Authentication protocol Outline of methodology Needham-Schroeder public-key protocol (with bug) Demo of Murphi Needham-Schroeder public-key protocol (with Lowe’s fix) Demo of Murphi Comparison between Model checking and Inductive Method

3 Background-Model checking Pioneering Work by Edmund M. Clarke, E. Allen Emerson and Joseph Sifakis Awarded 2007 Turing Award Definition: Model checking is a technique for automatically verifying correctness properties of finite state systems.

4 Model Checking Example P_{0}:: l_{0} : while True do NC_{0}: wait (turn=0); CR_{0}: turn:=1; end while; l’_{0} P_{1}:: l_{1} : while True do NC_{1}: wait (turn=1); CR_{1}: turn:=0; end while; l’_{1}

5 Model Checking Example

6 Authentication Protocol Needham-Schroeder Public-Key protocol – The Needham–Schroeder Public-Key Protocol is intended to provide mutual authentication between two parties communicating on a network, but in its proposed form is insecure.

7 Authentication Protocol – Imaging that you lost your debit card… How do you prove that you the person you claimed? Name? Photo? Birthday? SSN? Password? In cryptographic protocol, we trust you only when you have the private key.

8 Outline of Methodology Formulate the protocol Add an adversary to the system State the desired correctness condition Run the protocol for some specific choice of the system size parameters. Experiment with alternate formulations and repeat

9 NS public-key protocol (with bugs) Can anyone see the problem of this protocol?

10 Demo Murphi Ssh

11 NS public-key protocol (with Lowe’s fix)

12 Demo Murphi Ssh

13 Comparison between Model Checking and Inductive Method Model CheckingInductive approach Checking abilityFinite-State (Not only finite, the states increased exponentially with the size) Infinite-State Human Intelligence Involved Modeling PhaseThe whole process Easy-to-usePeople who can program Mathematician or Ph.D in corresponding area?

Download ppt "Automated Analysis of Cryptographic Protocols Using Murphi Mingchen Zhao University of Pennsylvania."

Similar presentations

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.

CS 267: Automated Verification Lecture 8: Automata Theoretic Model Checking Instructor: Tevfik Bultan.
1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.

1 Model checking. 2 And now... the system How do we model a reactive system with an automaton ? It is convenient to model systems with Transition systems.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:

Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
Lecture 3Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 3.

Lecture 3Dr. Verma1 COSC 6397 – Information Assurance Module M2 – Protocol Specification and Verification University of Houston Rakesh Verma Lecture 3.
CS259: Security Analysis of Network Protocols Overview of Murphi Arnab Roy.

CS259: Security Analysis of Network Protocols Overview of Murphi Arnab Roy.
SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.

SSL : An Overview Bruhadeshwar Bezawada International Institute of Information Technology, Hyderabad.
Chen Advisor: Limin Jia.  Whole picture  Process Calculus  Definition of Secrecy and Authenticity  Demo  Comparison  Conclusion.

Chen Advisor: Limin Jia.  Whole picture  Process Calculus  Definition of Secrecy and Authenticity  Demo  Comparison  Conclusion.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.

1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.
Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.

Modeling Insider Attacks on Group Key Exchange Protocols Jonathan Katz Ji Sun Shin University of Maryland.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.

15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :11.23 1.

A Secure Remote User Authentication Scheme with Smart Cards Manoj Kumar 報告者 : 許睿中 日期 :
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
Analysis of Security Protocols (I) John C. Mitchell Stanford University.

Analysis of Security Protocols (I) John C. Mitchell Stanford University.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Analysis of Security Protocols (IV) John C. Mitchell Stanford University.

Analysis of Security Protocols (IV) John C. Mitchell Stanford University.

Similar presentations

Ads by Google