PPTX - NetDB@Penn - University of Pennsylvania
advertisement
Automated Analysis of
Cryptographic Protocols Using
Murphi
Mingchen Zhao
University of Pennsylvania
Outline
• Background
– Model checking
– Authentication protocol
•
•
•
•
Outline of methodology
Needham-Schroeder public-key protocol (with bug)
Demo of Murphi
Needham-Schroeder public-key protocol (with Lowe’s
fix)
• Demo of Murphi
• Comparison between Model checking and Inductive
Method
Background-Model checking
• Pioneering Work by Edmund M. Clarke, E.
Allen Emerson and Joseph Sifakis
• Awarded 2007 Turing Award
• Definition: Model checking is a technique for
automatically verifying correctness properties
of finite state systems.
Model Checking Example
P_{0}::
l_{0} :
while True do
NC_{0}: wait (turn=0);
CR_{0}: turn:=1;
end while;
l’_{0}
P_{1}::
l_{1} :
while True do
NC_{1}: wait (turn=1);
CR_{1}: turn:=0;
end while;
l’_{1}
Model Checking Example
Authentication Protocol
• Needham-Schroeder Public-Key protocol
– The Needham–Schroeder Public-Key Protocol is
intended to provide mutual authentication
between two parties communicating on a
network, but in its proposed form is insecure.
Authentication Protocol
– Imaging that you lost your debit card…
• How do you prove that you the person you claimed?
• Name? Photo? Birthday? SSN? Password?
• In cryptographic protocol, we trust you only when you
have the private key.
Outline of Methodology
•
•
•
•
Formulate the protocol
Add an adversary to the system
State the desired correctness condition
Run the protocol for some specific choice of
the system size parameters.
• Experiment with alternate formulations and
repeat
NS public-key protocol (with bugs)
Can anyone see the problem
of this protocol?
Demo Murphi
• Ssh
NS public-key protocol (with Lowe’s
fix)
Demo Murphi
• Ssh
Comparison between Model Checking
and Inductive Method
Checking ability
Model Checking
Inductive approach
Finite-State (Not
only finite, the
states increased
exponentially with
the size)
Infinite-State
Human Intelligence Modeling Phase
Involved
The whole process
Easy-to-use
Mathematician or
Ph.D in
corresponding
area?
People who can
program
