1 towards evolving specs of security protocols march 7, 2002 dusko pavlovic kestrel institute
TRANSCRIPT
![Page 1: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/1.jpg)
1
Towards evolving specs of security protocols
Towards evolving specs of security protocols
March 7, 2002
Dusko PavlovicKestrel Institute
![Page 2: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/2.jpg)
2
ClaimClaim
Security Engineering
is a part of
Software Engineering
![Page 3: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/3.jpg)
3
ClaimClaim
• it is helpful to analyze:• protocols in context of architectures
• security as a part of of high assurance
• malicious attackers on connectors together with
unspecified environments of components
• both SE and SE are concerned with• distributed,
• multi-layered,
• heterogenous complex systems…
![Page 4: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/4.jpg)
4
OutlineOutline
• Mobile proposals: – IPv4 vs IPv6
• Problem: – remote redirection (traffic hijacking)
• Adding authentication: – espec transformation
• Variations and ongoing work
![Page 5: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/5.jpg)
5
PapersPapers
• Authentication for Mobile IPv6
– with A. Datta, J. Mitchell and F. Muller
• Composition and refinement of behavioral specifications
– with D. Smith
• Guarded transitions in evolving specifications
– with D. Smith
http://www.kestrel.edu/users/pavlovic/
![Page 6: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/6.jpg)
6
Mobile IPv4Mobile IPv4
HAHA
MNMN
FAFA
CNCN
initial architecture
![Page 7: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/7.jpg)
7
Mobile IPv4Mobile IPv4
HAMN
FA
CN
![Page 8: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/8.jpg)
8
Mobile IPv4Mobile IPv4
HA
MN FA
CN
![Page 9: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/9.jpg)
9
Mobile IPv4Mobile IPv4
HA
MN FA
CN
![Page 10: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/10.jpg)
10
Mobile IPv4Mobile IPv4
HA
MN FA
CN
![Page 11: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/11.jpg)
11
Mobile IPv4Mobile IPv4
HA
MN FA
CN
triangle routing!
![Page 12: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/12.jpg)
12
Mobile IPv4Mobile IPv4
HAHA
MNMN
FAFA
CNCN
session architecture
![Page 13: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/13.jpg)
13
Mobile IPv6Mobile IPv6
• avoid triangle routing:– use IPv6 Routing Header and tunneling
• minimize– network partitioning
– computational load on:
» routers
» nodes: no expensive encryptions or decryptions
– number of messages
– need for infrastructure: no global PKI
• maximize– performance and availability: no DoS
– end-to-end security: authenticate location information
![Page 14: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/14.jpg)
14
Mobile IPv6Mobile IPv6
• home address – the node is always addressed by the same IP number
• care-of addresses (one or more)– bind dynamically to different subnet IP numbers
» all packets containing the binding information must be authenticated
» authentication relies upon previously established security associations
• Binding Update/Acknowledgement – realized through Destination Options Headers
– Binding Cache integrated with Destination Cache
![Page 15: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/15.jpg)
15
Mobile IPv6 proposalMobile IPv6 proposal
HAHA
MNMN CNCN
initial architecture
![Page 16: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/16.jpg)
16
HAMN
CN
![Page 17: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/17.jpg)
17
Mobile IPv6Mobile IPv6
HA
MN
CNg y
k = gxy
g x
g y
{BU} k
![Page 18: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/18.jpg)
18
Mobile IPv6Mobile IPv6
HA
MN
CN
![Page 19: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/19.jpg)
19
Mobile IPv6Mobile IPv6
HA
MN
CN
![Page 20: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/20.jpg)
20
Mobile IPv6 proposalMobile IPv6 proposal
MNMN CNCN
session architecture
![Page 21: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/21.jpg)
21
EE
EE
EE
Mobile IPv6 proposalMobile IPv6 proposal
HAHA
MNMN CNCN
EE
actual initial architecture
![Page 22: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/22.jpg)
22
Mobile IPv6Mobile IPv6
HA
MN
CN
g x
g v
g v
E
k = g uyEC
k = gME xv
g ug y
![Page 23: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/23.jpg)
23
Mobile IPv6 proposalMobile IPv6 proposal
MNMN EE CNCN
possible session architecture
![Page 24: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/24.jpg)
24
TaskTask
Use especs
to add authentication!
![Page 25: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/25.jpg)
25
TaskTask
• Assess tradeoff between• maximizing strength of authentication
• minimizing need for infrastructure
![Page 26: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/26.jpg)
26
MN’s viewMN’s view
(u) (ux/k)
gx (u) ux/k
(x) gx (u) ux/k
espec MN
![Page 27: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/27.jpg)
27
CN’s viewCN’s view
gy (wy/k)
(y) gy (wy/k)
(w) (y) gy (wy/k)
espec CN
![Page 28: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/28.jpg)
28
BU architectureBU architecture
espec CN
espec MN
espec HAespec Net espec BU
![Page 29: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/29.jpg)
29
(aspects of especs)(aspects of especs)
• genericity– all agents are instances of cord espec
• automated – composition of agents
– trace generation
• support for formal analysis– model checking
– theorem proving
– invariant generation
![Page 30: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/30.jpg)
30
BU architectureBU architecture
espec CN
espec MN
espec HAespec Net espec BU
![Page 31: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/31.jpg)
31
BU architectureBU architecture
espec CN
espec MN
espec HAespec Net diag BU
![Page 32: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/32.jpg)
32
(aspects of especs)(aspects of especs)
• adjustable abstraction level
• stratification:– agents: process calculus
– protocols: especs
– architectures: diagrams
» network connectors and components
» infrastructure and chain of trust
» information flow
» …
![Page 33: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/33.jpg)
33
BU architectureBU architecture
diag BU
![Page 34: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/34.jpg)
34
BU refinementBU refinement
diag BU
diagAuthKeyExch
diagKeyExch
diagAuthBU
Lib
Lib
![Page 35: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/35.jpg)
35
(aspects of especs)(aspects of especs)
• development (programming, generation)– top-down: refinement
» morphisms: inheritance, genericity
– bottom-up: composition» pushouts
» emergent and vanishing properties
» game theory, linear logic (strategies)
– program transformation » authentication compiler (Bellare-Canetti-Krawczyk)
» optimization
– adaptation» specification-carrying software
![Page 36: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/36.jpg)
36
BU refinementBU refinement
diag BU
diagAuthKeyExch
diagKeyExch
diagAuthBU
Lib
Lib
![Page 37: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/37.jpg)
37
AuthBU architectureAuthBU architecture
especAuthCN
especAuthMN
especHACN
espec Net
especHAMN
diag AuthBU
![Page 38: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/38.jpg)
38
gx (u,v) (v/{gx,u}hm) (ux/k)
(u,v) (v/{gx,u}hm) (ux/k)
(v/{gx,u}hm) (ux/k)
(x) gx (u,v) (v/{gx,u}hm) (ux/k)
especAuthMN
AuthMN’s viewAuthMN’s view
![Page 39: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/39.jpg)
39
EE
EE
EE
Authenticated MIPv6Authenticated MIPv6
HAHA
MNMN CNCN
EEHAHA
initial architecture
![Page 40: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/40.jpg)
40
MN CN
k = gxy
HA MN HA CN
g x
g , g ,{g , g } x y
hc
x y
g , g ,{g , g } x y
sg
x y
g ,{g , g } x y
hm
y
![Page 41: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/41.jpg)
41
MN CN
HA MN HA CN
{iMN, gy, s}hc
s
{iCN, iMN, gy, s}pk {iCN, iMN, gy, s}sg
s = {iCN, iMN, gx , gy}k
{iMN, gy, s}hm
k = gxy
g x
![Page 42: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/42.jpg)
42
MN CN
HA MN HA CN
{iMN, gy, s}hc
s
{iCN, iMN, gy, s, {iCN, iMN, gy, s}sg }pk
s = {iCN, iMN, gx , gy}k
{s, gy, iMN}hm
k = gxy
g x
![Page 43: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/43.jpg)
43
Authenticated MIPv6Authenticated MIPv6
MNMN CNCN
assured session architecture
![Page 44: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/44.jpg)
44
VariationsVariations
• weaker authentications:– one-way: no PKI, just certificates, or AAA - no anonymity
– first time unauthenticated (like SSH), then chained hashing
• stronger authentications:– privacy
– anonymity, non-repudiation
• dynamic infrastructure– no shared secret: databases of “fingerprints”
– authenticating by non-forgeable capability
– authenticating by divided secret
![Page 45: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/45.jpg)
45
(aspects of especs)(aspects of especs)
• additional aspects:– information flow
– information hiding
– cryptography
– …
![Page 46: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/46.jpg)
46
Ongoing workOngoing work
IMPLEMENT the tool!
![Page 47: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/47.jpg)
47
PapersPapers
• Authentication for Mobile IPv6
– with A. Datta, J. Mitchell and F. Muller
• Composition and refinement of behavioral specifications
– with D. Smith
• Guarded transitions in evolving specifications
– with D. Smith
http://www.kestrel.edu/users/pavlovic/
![Page 48: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/48.jpg)
48
(cord spaces)(cord spaces)
(names) N ::= X | A
(terms) t ::= x | a | N | t,...,t | {t}N
(strands) S ::= aS
(cords) C ::= [S]
(actions) a ::= t | (x) | (t/p(x))
(interaction) [(x)R] [tS] ... [R(t/x)] [S] ...
(reaction) [(p(t)/p(x))R] ... [R(t/x)]...
FV(t) =
FV(t) =
![Page 49: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/49.jpg)
49
What are especs?What are especs?
• diagrams of specs
• specification-carrying programs
• in a development environment supporting– refinement (top-down)
– composition (bottom-up)
– synthesis of verified code
• programming language with– guarded commands
– logical annotations as first-class citizens (available at runtime)
– procedural abstraction and refinement
![Page 50: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/50.jpg)
50
What are specs?What are specs?
spec Poset is sort X op < : X*X -> Bool ax trans is x<y /\ y<z => x<z ax sym...end-spec
spec Semilattice is sort X op V in : X*X -> X cons b : X
ax assoc is (xVy)Vz = xV(yVz)…end-spec
x<y xVy=y
spec BinR
spec AsymRspec RefR spec TranR
spec BinO
spec Comm spec Involspec Assoc
![Page 51: 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute](https://reader036.vdocuments.us/reader036/viewer/2022062519/5697c01b1a28abf838ccfb4f/html5/thumbnails/51.jpg)
51
What are especs?What are especs?
espec Basic_Acct is spec … end-spec
prog stad Create init[X] is… stad Amount[self] is… … step Depos[self,d]: Amount[self] -> Amount[self,d] cond d>0 balance(self)|-> balance(self)+d end-step end-progend-espec
Create
AmountDepos
espec Savings_Acct is spec … end-spec
prog stad Create init[X] is … stad Accum… step Transfer… … end-step …
end-progend-espec
Create
AmountDepos Accum