modelling and analysing of security protocol lecture 11 modelling checking
Download
Skip this Video
Download Presentation
Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking

Loading in 2 Seconds...

play fullscreen
1 / 22

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking - PowerPoint PPT Presentation


  • 209 Views
  • Uploaded on

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking. Tom Chothia CWI. Today. Model Checking is useful Probabilities can be an important part of a protocol (also next week). . The Rest of the Course. Today: Model Checking.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking' - hayes


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
today
Today
  • Model Checking is useful
  • Probabilities can be an important part of a protocol (also next week).
the rest of the course
The Rest of the Course
  • Today: Model Checking.
  • 26th Oct: When you have to have probability and Fair Exchange protocols (Homework due).
  • 2nd, 9th, 16th, 23rd and 30th Nov

Student presentations.

  • E-mail me your presentation idea’s by Friday
today4
Today
  • Model Checking for finite systems
  • Specifying properties in CTL
  • Dinning Philosophers

BREAK

  • Probabilistic finite systems
  • Specifying probabilistic properties in PCTL
  • Dinning Cryptographers
a quick history of key establishment and authentication
A Quick History of Key Establishment and Authentication
  • 50 BC to 1960s : Not relevant:
    • Pre-computer: Caesar cipher to Enigma. Keys prearranged by hand
  • 1960s to 1980s : Not considered necessary
    • ARPAnet, an open network, no or little secret,

e.g. telnet. open relays

a quick history of key establishment and authentication6
A Quick History of Key Establishment and Authentication
  • 1970s to 1990s : First tries
    • Early Internet, trying for security, e.g. SSL version 1, Needham-sroder.
  • 1980-2000s : Becomes a science
    • Principles for protocol design, attacker models, Kerberos, TLS, SSH
  • 1990s to present: Automation
    • Understood well enough to check by machine.
anonymity protocols
Anonymity Protocols
  • upto 1990s : Not relevant:
    • Little personal information on the Internet
  • upto 2000s : Not considered necessary
  • 1990 to Now: First tries,
    • Dinning Cryptographers,
    • anonymous proxies,
    • Tor.
anonymity protocols8
Anonymity Protocols

Only now:

  • Becoming a Science
  • Limited automatic checking of automata protocols
    • Only for finite systems, no dedicated tools
model checking
Model Checking
  • Idea:
    • Make a model of your system with has a limited number of states
    • Check every single state to make sure its OK
  • Problem: making the model finite
  • Problem: “state space explosion”
  • Very effective, many industrial applications
model checking10
Model Checking

1994 Pentium chip was missing a few entries in a table.

Almost never used so missed by standard testing.

If x=4195835 & y =3145727 then

x/y =1.333739068902037589

rather than =1.333820449136241002

But x-(x.y/y)= 256 not 0

result
Result
  • Public relations disaster
  • Jokes:
    • How many Pentium designers does it take to change a light bulb?
    • 1.99995827903
  • 100 of millions of dollars of replacement costs.
  • Intel now model checks all hardware.
today22
Today
  • Model Checking for finite systems
  • Specifying properties in CTL
  • Dinning Philosophers example

BREAK

  • Probabilistic finite systems
  • Specifying probabilistic properties in PCTL
  • Dinning Cryptographers
ad