Modelling and analysing of security protocol lecture 11 modelling checking l.jpg
This presentation is the property of its rightful owner.
Sponsored Links
1 / 22

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking PowerPoint PPT Presentation


  • 163 Views
  • Uploaded on
  • Presentation posted in: General

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking. Tom Chothia CWI. Today. Model Checking is useful Probabilities can be an important part of a protocol (also next week). . The Rest of the Course. Today: Model Checking.

Download Presentation

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Modelling and analysing of security protocol lecture 11 modelling checking l.jpg

Modelling and Analysing of Security Protocol: Lecture 11Modelling Checking

Tom Chothia

CWI


Today l.jpg

Today

  • Model Checking is useful

  • Probabilities can be an important part of a protocol (also next week).


The rest of the course l.jpg

The Rest of the Course

  • Today: Model Checking.

  • 26th Oct: When you have to have probability and Fair Exchange protocols (Homework due).

  • 2nd, 9th, 16th, 23rd and 30th Nov

    Student presentations.

  • E-mail me your presentation idea’s by Friday


Today4 l.jpg

Today

  • Model Checking for finite systems

  • Specifying properties in CTL

  • Dinning Philosophers

    BREAK

  • Probabilistic finite systems

  • Specifying probabilistic properties in PCTL

  • Dinning Cryptographers


A quick history of key establishment and authentication l.jpg

A Quick History of Key Establishment and Authentication

  • 50 BC to 1960s : Not relevant:

    • Pre-computer: Caesar cipher to Enigma. Keys prearranged by hand

  • 1960s to 1980s : Not considered necessary

    • ARPAnet, an open network, no or little secret,

      e.g. telnet. open relays


A quick history of key establishment and authentication6 l.jpg

A Quick History of Key Establishment and Authentication

  • 1970s to 1990s : First tries

    • Early Internet, trying for security, e.g. SSL version 1, Needham-sroder.

  • 1980-2000s : Becomes a science

    • Principles for protocol design, attacker models, Kerberos, TLS, SSH

  • 1990s to present: Automation

    • Understood well enough to check by machine.


Anonymity protocols l.jpg

Anonymity Protocols

  • upto 1990s : Not relevant:

    • Little personal information on the Internet

  • upto 2000s : Not considered necessary

  • 1990 to Now: First tries,

    • Dinning Cryptographers,

    • anonymous proxies,

    • Tor.


Anonymity protocols8 l.jpg

Anonymity Protocols

Only now:

  • Becoming a Science

  • Limited automatic checking of automata protocols

    • Only for finite systems, no dedicated tools


Model checking l.jpg

Model Checking

  • Idea:

    • Make a model of your system with has a limited number of states

    • Check every single state to make sure its OK

  • Problem: making the model finite

  • Problem: “state space explosion”

  • Very effective, many industrial applications


Model checking10 l.jpg

Model Checking

1994 Pentium chip was missing a few entries in a table.

Almost never used so missed by standard testing.

If x=4195835 & y =3145727 then

x/y=1.333739068902037589

rather than =1.333820449136241002

But x-(x.y/y)= 256 not 0


Result l.jpg

Result

  • Public relations disaster

  • Jokes:

    • How many Pentium designers does it take to change a light bulb?

    • 1.99995827903

  • 100 of millions of dollars of replacement costs.

  • Intel now model checks all hardware.


Prism l.jpg

PRISM


Traffic lights example l.jpg

Traffic Lights Example


State space l.jpg

State Space


Ctl examples l.jpg

CTL examples


Slide16 l.jpg

CTL


Ctl derived operators l.jpg

CTL Derived Operators.


Dinning philosophers l.jpg

Dinning Philosophers


Dinning philosophers in prism l.jpg

Dinning Philosophers in PRISM


Checking the dinning philosphers l.jpg

Checking the Dinning Philosphers


Fixing the deadlock l.jpg

Fixing the Deadlock


Today22 l.jpg

Today

  • Model Checking for finite systems

  • Specifying properties in CTL

  • Dinning Philosophers example

    BREAK

  • Probabilistic finite systems

  • Specifying probabilistic properties in PCTL

  • Dinning Cryptographers


  • Login