1 / 18

Executable specification of cryptofraglets with Maude for security verification

Executable specification of cryptofraglets with Maude for security verification. Fabio Martinelli and Marinella Petrocchi IIT-CNR, Pisa Italy presented by Daniel Schreckling (Univ. Passau, Germany) and Lidia Yamamoto (Univ. Basel, Switzerland). Overview.

marlon
Télécharger la présentation

Executable specification of cryptofraglets with Maude for security verification

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Executable specification of cryptofraglets with Maude for security verification Fabio Martinelli and Marinella Petrocchi IIT-CNR, Pisa Italy presented by Daniel Schreckling (Univ. Passau, Germany) and Lidia Yamamoto (Univ. Basel, Switzerland)

  2. Overview • Introduction: context, motivation, and goal • The Fraglets language • Cryptofraglets • Threat model • Maude specification language • Cryptofraglets in Maude • Case study: attack detection on Needham Schroeder Public Key (NSPK) protocol • Conclusions, future work

  3. Introduction • Adaptive and autonomic systems need: • New methodologies to assess security and trustworthiness of network protocols and services in a potentially changing environment • Techniques for automated security verification • Chemical computing (e.g. Gamma, Fraglets) as a tool for specifying autonomic behavior • Goal • Development of a software tool supporting specification of crypto-protocols in Fraglets and their security analysis

  4. The Fraglets Language • Programming language inspired by chemistry • Code and data represented as molecules = strings = computation fragments • Processing by chemical reactions that consume and produce molecules (code and data) • Goal: automated synthesis and evolution of communication protocols

  5. Fraglets Basic Instruction Set (educts) (products)

  6. The Fraglets Language • Fraglets processing: chemical reactions perform string rewriting operations • head of string fully determines rewriting operation • analogous to packet header processing in network protocols • Distributed computation: Fraglets (computation fragments) flow through a computer network • Applications: active networks, self-modifying code, autonomic communication protocols

  7. Cryptofraglets • Original Fraglets language lacked security features • Cryptofraglets [BIONETICS 2006]: our extension of the Fraglets instruction set for • symmetric/asymmetric cryptography • hashing techinques • Encryption [enc newtag k1 tail] → [newtag tail_k1] • Decryption • [dec newtag k2 tail_k2] → [newtag tail] • Hash [hash newtag tail] → [newtag h(tail)]

  8. Fraglets-Based Threat Model • Protocol specification involving two honest roles • initiator SS • responder SR. • Communication flow through untrusted store SX • Secret keys initially contained in the legitimate store(s)

  9. Definition of Security Properties • It is now possible to define security properties (secrecy, authentication, integrity…) • Classical notion of intruder’s knowledge rephrased: • the set of symbols that the intruder's store contains • example: secrecy property: “at each point of the computation, a symbol is secret between initiator and responder if it is not possible for the intruder store to know that symbol” (Formal definitions in the Bionetics 2009 paper)

  10. The Maude Rewrite System • Reflective Specification language and system based on Rewriting Logic • Distributed systems specified as: • Algebraic data type axiomatizing system state • Rewrite rules axiomatising system’s local transitions • Providesexecutable semantics and toolkit allowing for formal reasoning • User-defined execution strategies allow for state exploration strategies, e.g., breadth-first search

  11. What is a rewrite rule? mod climate is sort wheatercondition . op sunnyday : -> wheatercondition . op rainyday : -> wheatercondition . rl [raincloud] : sunnyday => rainyday . Endm

  12. Maude “search” strategies • Maude commands • rewrite, can explore one possible sequence of rewrites • search command looks for all the possible traces from an initial to a particular configuration of interest (e.g. set of fraglets in store X) • Possibility to exploit built-in toolkits: • model checker • theorem prover, • User-defined ad hoc search strategies

  13. We use Maude for… • Encoding of fraglets (crypto)instructions into an executable specification • Perform security analysis on this specification • Case study • Formulation of Needham Schroeder Public Key protocol • Attack on flawed version of NSPK analyzed and detected

  14. Encoding • Fraglets instructions become rewrite rules • Example • Dup (duplicate symbol) • Send (transfer fraglet from to another store)

  15. Encoding • En/decryption-instructions:

  16. Case Study: NSPK Protocol • Protocol authenticates two agents A and B • At the end of the protocol • Agents know their identities • Agents share a secret (nonces) • Original protocol was vulnerable to a man-in-the-middle attack • Implementation of vulnerable version in fraglets

  17. Flawed NSPK in Maude • Translate fraglets version into Maude • Command rewrite takes initial configuration of fraglets in stores A, B, and X • Maude executes two interleaved sessions of NSPK • At the end of computation: • Store A contains newly received nonce nb • Store B contains [what expected] • Store X contains [auxtag5 nb] • Maude detects secrecy violation

  18. Conclusions • Main result: • assessment of usefulness of executing fraglets specifications for security verification purposes • Possible follow-ups: • analyzing complex security protocols and properties; • definition of the fraglets-based most powerful intruder to verify security properties over universal quantification

More Related