State and Protocols: The Envelope Example

Similar documents
THE SHAPES OF BUNDLES

THE SHAPES OF BUNDLES

Strand Spaces Proving Protocols Corr. Jonathan Herzog 6 April 2001

Authentication Tests and the Structure of Bundles

The Sizes of Skeletons: Security Goals are Decidable

Notes on BAN Logic CSG 399. March 7, 2006

Formal analysis of protocols based on TPM state registers

Symbolic Protocol Analysis for Diffie-Hellman

Sessions and Separability in Security Protocols

Skeletons and the Shapes of Bundles

Lecture 28: Public-key Cryptography. Public-key Cryptography

Practice Assignment 2 Discussion 24/02/ /02/2018

StatVerif: Modelling protocols that involve persistent state

A Logic of Authentication

Term Rewriting applied to Cryptographic Protocol Analysis: the Maude-NPA tool

Lecture 1: Introduction to Public key cryptography

The Faithfulness of Abstract Protocol Analysis: Message Authentication

Lecture 19: Public-key Cryptography (Diffie-Hellman Key Exchange & ElGamal Encryption) Public-key Cryptography

Discrete Logarithm Problem

Cross-Tool Semantics for Protocol Security Goals

Verification of the TLS Handshake protocol

Elliptic Curves. Giulia Mauri. Politecnico di Milano website:

Büchi Automata and Linear Temporal Logic

Time-Bounding Needham-Schroeder Public Key Exchange Protocol

CPSA and Formal Security Goals

Logical Protocol Analysis for Authenticated Diffie-Hellman

Winter 2008 Introduction to Modern Cryptography Benny Chor and Rani Hod. Assignment #2

U.C. Berkeley CS276: Cryptography Luca Trevisan February 5, Notes for Lecture 6

Cross-Tool Semantics for Protocol Security Goals

Introduction to Cryptography. Lecture 8

Revisiting Cryptographic Accumulators, Additional Properties and Relations to other Primitives

CPSC 467b: Cryptography and Computer Security

A Relay-assisted Handover Pre-authentication Protocol in the LTE Advanced Network

Lecture 1: Perfect Secrecy and Statistical Authentication. 2 Introduction - Historical vs Modern Cryptography

1 Number Theory Basics

Lecture 11: Hash Functions, Merkle-Damgaard, Random Oracle

Generating Universal Models for Geometric Theories

The Maude-NRL Protocol Analyzer Lecture 3: Asymmetric Unification and Indistinguishability

Authentication Tests and Disjoint Encryption: a Design Method for Security Protocols

Verification of Security Protocols in presence of Equational Theories with Homomorphism

CPSC 467: Cryptography and Computer Security

Proving Security Protocols Correct. Lawrence C. Paulson Computer Laboratory

Analysing privacy-type properties in cryptographic protocols

Pseudo-Random Generators

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Pseudo-Random Generators

MSR by Examples. Iliano Cervesato. ITT Industries, NRL Washington DC.

Post-quantum security models for authenticated encryption

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

Modeling and Verifying Ad Hoc Routing Protocols

NTRU Cryptosystem and Its Analysis

A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols

Lecture 38: Secure Multi-party Computation MPC

Non-Interactive Zero-Knowledge Proofs of Non-Membership

A process algebraic analysis of privacy-type properties in cryptographic protocols

MSR by Examples. Iliano Cervesato. ITT Industries, NRL Washington DC.

1 Secure two-party computation

Analysing Layered Security Protocols

Secure Multiparty Computation from Graph Colouring

Proving Properties of Security Protocols by Induction

Additive Conditional Disclosure of Secrets

Verifiable Security of Boneh-Franklin Identity-Based Encryption. Federico Olmedo Gilles Barthe Santiago Zanella Béguelin

A Cryptographic Decentralized Label Model

McBits: Fast code-based cryptography

Non-Conversation-Based Zero Knowledge

Report on Learning with Errors over Rings-based HILA5 and its CCA Security

CS 395T. Probabilistic Polynomial-Time Calculus

L7. Diffie-Hellman (Key Exchange) Protocol. Rocky K. C. Chang, 5 March 2015

Extending Dolev-Yao with assertions

A derivation system and compositional logic for security protocols

Lectures 1&2: Introduction to Secure Computation, Yao s and GMW Protocols

On Everlasting Security in the Hybrid Bounded Storage Model

Typed MSR: Syntax and Examples

Collaborative Planning with Privacy

Cryptography CS 555. Topic 25: Quantum Crpytography. CS555 Topic 25 1

On the Automatic Analysis of Recursive Security Protocols with XOR

Lecture 15: Privacy Amplification against Active Attackers

On the CCA1-Security of Elgamal and Damgård s Elgamal

Enforcing honesty of certification authorities: Tagged one-time signature schemes

Quantum Wireless Sensor Networks

COS433/Math 473: Cryptography. Mark Zhandry Princeton University Spring 2017

arxiv: v1 [cs.cr] 3 Mar 2016

Quantum threat...and quantum solutions

Topics in Cryptography. Lecture 5: Basic Number Theory

Exam Security January 19, :30 11:30

Peculiar Properties of Lattice-Based Encryption. Chris Peikert Georgia Institute of Technology

2 Message authentication codes (MACs)

SIGNATURE SCHEMES & CRYPTOGRAPHIC HASH FUNCTIONS. CIS 400/628 Spring 2005 Introduction to Cryptography

Question 1. The Chinese University of Hong Kong, Spring 2018

Models and analysis of security protocols 1st Semester Security Protocols Lecture 6

One Year Later. Iliano Cervesato. ITT Industries, NRL Washington, DC. MSR 3.0:

Lecture th January 2009 Fall 2008 Scribes: D. Widder, E. Widder Today s lecture topics

Joint State Composition Theorems for Public-Key Encryption and Digital Signature Functionalities with Local Computation

NSL Verification and Attacks Agents Playing Both Roles

Privacy-Preserving Data Imputation

Logic gates. Quantum logic gates. α β 0 1 X = 1 0. Quantum NOT gate (X gate) Classical NOT gate NOT A. Matrix form representation

Chapter 7: Signature Schemes. COMP Lih-Yuan Deng

A decidable subclass of unbounded security protocols

Topics. Pseudo-Random Generators. Pseudo-Random Numbers. Truly Random Numbers

All-Or-Nothing Transforms Using Quasigroups

Transcription:

State and Protocols: The Envelope Example rigorous design for protocols using state Daniel J. Dougherty and Joshua D. Guttman Worcester Polytechnic Institute Thanks to: National Science Foundation (Grant CNS-0952287). Mar 2013 DD & JDG ( WPI ) Envelope BiSS 1 / 23

Goal of this Talk Illustrate a: Logical approach to protocol refinement for protocols using state via Hardware Security Modules (specifically Trusted Platform Modules) using M. Ryan s envelope protocol DD & JDG ( WPI ) Envelope BiSS 2 / 23

Goal of this Talk Illustrate a: Diagrammatic approach to protocol refinement for protocols using state via Hardware Security Modules (specifically Trusted Platform Modules) using M. Ryan s envelope protocol DD & JDG ( WPI ) Envelope BiSS 2 / 23

Goal of this Talk Illustrate a: Diagrammatic approach to protocol refinement for protocols using state via Hardware Security Modules (specifically Trusted Platform Modules) using M. Ryan s envelope protocol DD & JDG ( WPI ) Envelope BiSS 2 / 23

Trusted Platform Modules Small cheap chip on motherboard of many PCs Offers: Cryptographic primitives Some protected storage Platform configuration registers that record certain event sequences State is a reliable record of those events Supports attestation Signed assertions about TPM state, reflecting system history DD & JDG ( WPI ) Envelope BiSS 3 / 23

The Envelope Protocol Alice deposits an encrypted secret { v } K s.t. Bob can obtain v Or Bob can certify v was never obtained, and never will be obtained But not both Bob may be adversarial, misbehaving to try to get both v and refuse({ v } K ) TPM used to achieve protocol goal DD & JDG ( WPI ) Envelope BiSS 4 / 23

The Envelope Protocol Alice deposits an encrypted secret { v } K s.t. Bob can obtain v Or Bob can certify v was never obtained, and never will be obtained But not both Bob may be adversarial, misbehaving to try to get both v and refuse({ v } K ) TPM used to achieve protocol goal DD & JDG ( WPI ) Envelope BiSS 4 / 23

The Envelope Protocol Alice deposits an encrypted secret { v } K s.t. Bob can obtain v Or Bob can certify v was never obtained, and never will be obtained But not both Bob may be adversarial, misbehaving to try to get both v and refuse({ v } K ) TPM used to achieve protocol goal DD & JDG ( WPI ) Envelope BiSS 4 / 23

The Envelope Protocol Alice deposits an encrypted secret { v } K s.t. Bob can obtain v Or Bob can certify v was never obtained, and never will be obtained But not both Bob may be adversarial, misbehaving to try to get both v and refuse({ v } K ) TPM used to achieve protocol goal DD & JDG ( WPI ) Envelope BiSS 4 / 23

Envelope Protocol: Security Goal This diagram never occurs within any execution: A { v } K v refuse({ v } K ) where v is fresh and unguessable DD & JDG ( WPI ) Envelope BiSS 5 / 23

Envelope Protocol: Security Goal This diagram never occurs within any execution: A { v } K v refuse({ v } K ) where v is fresh and unguessable DD & JDG ( WPI ) Envelope BiSS 5 / 23

Implementation Idea Using a TPM 1 Use one TPM platform configuration register 2 Put it in a state u 1 Suppose: Just one TPM with just one PCR 3 Allow decryption if extended to Hash(u 1,obtain) 4 Generate refusal cert if extended to Hash(u 1,refuse) 5 Ensure u 1 can never again be value of PCR regardless of this choice DD & JDG ( WPI ) Envelope BiSS 6 / 23

Implementation Idea Using a TPM 1 Use one TPM platform configuration register 2 Put it in a state u 1 Suppose: Just one TPM with just one PCR 3 Allow decryption if extended to Hash(u 1,obtain) 4 Generate refusal cert if extended to Hash(u 1,refuse) 5 Ensure u 1 can never again be value of PCR regardless of this choice DD & JDG ( WPI ) Envelope BiSS 6 / 23

Implementation Idea Using a TPM 1 Use one TPM platform configuration register 2 Put it in a state u 1 Suppose: Just one TPM with just one PCR 3 Allow decryption if extended to Hash(u 1,obtain) 4 Generate refusal cert if extended to Hash(u 1,refuse) 5 Ensure u 1 can never again be value of PCR regardless of this choice DD & JDG ( WPI ) Envelope BiSS 6 / 23

Implementation Idea Using a TPM 1 Use one TPM platform configuration register 2 Put it in a state u 1 Suppose: Just one TPM with just one PCR 3 Allow decryption if extended to Hash(u 1,obtain) 4 Generate refusal cert if extended to Hash(u 1,refuse) 5 Ensure u 1 can never again be value of PCR regardless of this choice DD & JDG ( WPI ) Envelope BiSS 6 / 23

Implementation Idea Using a TPM 1 Use one TPM platform configuration register 2 Put it in a state u 1 Suppose: Just one TPM with just one PCR 3 Allow decryption if extended to Hash(u 1,obtain) 4 Generate refusal cert if extended to Hash(u 1,refuse) 5 Ensure u 1 can never again be value of PCR regardless of this choice DD & JDG ( WPI ) Envelope BiSS 6 / 23

Analyzing the Envelope Protocol Delaune-Kremer-Ryan-Steel: verify it via ProVerif Under some restrictions: Bounded number of reboots Anchored at initial, post-boot state Monolithic Our contributions: 1 Lift the restrictions above using explicit model of distributed system behavior 2 Proof method tailored to protocol refinement steps 3 Ensure disjoint encryption properties DD & JDG ( WPI ) Envelope BiSS 7 / 23

Analyzing the Envelope Protocol Delaune-Kremer-Ryan-Steel: verify it via ProVerif Under some restrictions: Bounded number of reboots Anchored at initial, post-boot state Monolithic Our contributions: 1 Lift the restrictions above using explicit model of distributed system behavior 2 Proof method tailored to protocol refinement steps 3 Ensure disjoint encryption properties DD & JDG ( WPI ) Envelope BiSS 7 / 23

Analyzing the Envelope Protocol Delaune-Kremer-Ryan-Steel: verify it via ProVerif Under some restrictions: Bounded number of reboots Anchored at initial, post-boot state Monolithic Our contributions: 1 Lift the restrictions above using explicit model of distributed system behavior 2 Proof method tailored to protocol refinement steps 3 Ensure disjoint encryption properties DD & JDG ( WPI ) Envelope BiSS 7 / 23

Strands with state synchronization A strand is a linear sequence of 1 transmission nodes t 2 reception nodes t 3 state synchronization nodes φ representing a single local session We view transmissions as receptions as state synchronizations as positive negative neutral DD & JDG ( WPI ) Envelope BiSS 8 / 23

Strands with state synchronization A strand is a linear sequence of 1 transmission nodes t 2 reception nodes t 3 state synchronization nodes φ representing a single local session We view transmissions as receptions as state synchronizations as positive negative neutral DD & JDG ( WPI ) Envelope BiSS 8 / 23

Bundles, executions Definition A bundle B is a finite directed acyclic graph of nodes closed backward on each strand every reception has a unique matching transmission t Definition An execution is a pair B, where B is a bundle and is a partial order extending ( ) such that linearly orders the neutral nodes certain state evolution rules are satisfied n 1 n 2 implies pcr after(n 1 ) = pcr before(n 2 ) or m. Neutral(m) n 1 m n 2 DD & JDG ( WPI ) Envelope BiSS 9 / 23

Bundles, executions Definition A bundle B is a finite directed acyclic graph of nodes closed backward on each strand every reception has a unique matching transmission t Definition An execution is a pair B, where B is a bundle and is a partial order extending ( ) such that linearly orders the neutral nodes certain state evolution rules are satisfied n 1 n 2 implies pcr after(n 1 ) = pcr before(n 2 ) or m. Neutral(m) n 1 m n 2 DD & JDG ( WPI ) Envelope BiSS 9 / 23

Bundles, executions Definition A bundle B is a finite directed acyclic graph of nodes closed backward on each strand every reception has a unique matching transmission t Definition An execution is a pair B, where B is a bundle and is a partial order extending ( ) such that linearly orders the neutral nodes certain state evolution rules are satisfied n 1 n 2 implies pcr after(n 1 ) = pcr before(n 2 ) or m. Neutral(m) n 1 m n 2 DD & JDG ( WPI ) Envelope BiSS 9 / 23

Bundles, executions Definition A bundle B is a finite directed acyclic graph of nodes closed backward on each strand every reception has a unique matching transmission t Definition An execution is a pair B, where B is a bundle and is a partial order extending ( ) such that linearly orders the neutral nodes certain state evolution rules are satisfied n 1 n 2 implies pcr after(n 1 ) = pcr before(n 2 ) or m. Neutral(m) n 1 m n 2 DD & JDG ( WPI ) Envelope BiSS 9 / 23

Bundles, executions Definition A bundle B is a finite directed acyclic graph of nodes closed backward on each strand every reception has a unique matching transmission t Definition An execution is a pair B, where B is a bundle and is a partial order extending ( ) such that linearly orders the neutral nodes certain state evolution rules are satisfied n 1 n 2 implies pcr after(n 1 ) = pcr before(n 2 ) or m. Neutral(m) n 1 m n 2 DD & JDG ( WPI ) Envelope BiSS 9 / 23

I. State Evolution Equations TPM Formalization Boot(n) implies Extend(n, x) implies pcr after(n) = 1 pcr after(n) = Hash(pcr before(n), x) Boot(n) or Extend(n, x) or pcr after(n) = pcr before(n) Will write pcr(n) when pcr after(n) = pcr before(n) DD & JDG ( WPI ) Envelope BiSS 10 / 23

I. State Evolution Equations TPM Formalization Boot(n) implies Extend(n, x) implies pcr after(n) = 1 pcr after(n) = Hash(pcr before(n), x) Boot(n) or Extend(n, x) or pcr after(n) = pcr before(n) Will write pcr(n) when pcr after(n) = pcr before(n) DD & JDG ( WPI ) Envelope BiSS 10 / 23

II. Prefix/Boot TPM Formalization Definition Prefix(x, y) iff, recursively, x = y or z, w. y = Hash(z, w) and Prefix(x, z) Lemma n 0 n 2 implies either Prefix(pcr before(n 0 ), pcr after(n 2 )) or n 1. n 0 n 1 n 2 and Boot(n 1 ) DD & JDG ( WPI ) Envelope BiSS 11 / 23

II. Prefix/Boot TPM Formalization Definition Prefix(x, y) iff, recursively, x = y or z, w. y = Hash(z, w) and Prefix(x, z) Lemma n 0 n 2 implies either Prefix(pcr before(n 0 ), pcr after(n 2 )) or n 1. n 0 n 1 n 2 and Boot(n 1 ) DD & JDG ( WPI ) Envelope BiSS 11 / 23

IIIa. Request/reply roles TPM Formalization power on extend x quote x Boot(n) Extend(n) Quote(n, x) up ext ok c c = [[ quote pcr(n), x ]] aik DD & JDG ( WPI ) Envelope BiSS 12 / 23

IIIb. Request/reply roles TPM Formalization bind x unbind { t } K r 2 Bind(n, x) Unbind(n, r 2) r 1 t r 1 = [[ bind K, x ]] aik r 2 = [[ bind K, pcr(n) ]] aik K fresh values K 1 uncompromised, in bind role DD & JDG ( WPI ) Envelope BiSS 13 / 23

Envelope Protocol: Refined Security Goal This diagram never occurs within any execution: A [[ bind K, Hash(u 1,obtain) ]] aik { v } K v refuse(u 1,{ v } K ) refuse(u 1, { v } K ) = [[ quote Hash(u 1, refuse), { v } K ]] aik DD & JDG ( WPI ) Envelope BiSS 14 / 23

Envelope Protocol: Refined Security Goal This diagram never occurs within any execution: A [[ bind K, Hash(u 1,obtain) ]] aik { v } K v refuse(u 1,{ v } K ) refuse(u 1, { v } K ) = [[ quote Hash(u 1, refuse), { v } K ]] aik DD & JDG ( WPI ) Envelope BiSS 14 / 23

Refusal Specification Must traverse Quote-able state { v } K { v } K refuse(u 1,{ v } K ) n 2 refuse(u 1,{ v } K ) Quote(n 2, { v } K ) pcr(n 2 ) = Hash(u 1, refuse) DD & JDG ( WPI ) Envelope BiSS 15 / 23

Refusal Specification Must traverse Quote-able state { v } K { v } K refuse(u 1,{ v } K ) n 2 refuse(u 1,{ v } K ) Quote(n 2, { v } K ) pcr(n 2 ) = Hash(u 1, refuse) DD & JDG ( WPI ) Envelope BiSS 15 / 23

Disclosure Specification Must traverse Unbindable state { v } K { v } K n 0 v v Unbind(n 0, [[ bind K, Hash(u 1, obtain) ]] aik ) so pcr(n 0 ) = Hash(u 1, obtain) DD & JDG ( WPI ) Envelope BiSS 16 / 23

Disclosure Specification Must traverse Unbindable state { v } K { v } K n 0 v v Unbind(n 0, [[ bind K, Hash(u 1, obtain) ]] aik ) so pcr(n 0 ) = Hash(u 1, obtain) DD & JDG ( WPI ) Envelope BiSS 16 / 23

Disclosure Specification Must traverse Unbindable state { v } K { v } K n 0 v v Unbind(n 0, [[ bind K, Hash(u 1, obtain) ]] aik ) so pcr(n 0 ) = Hash(u 1, obtain) DD & JDG ( WPI ) Envelope BiSS 16 / 23

Implementation Idea Using a TPM 1 Use one TPM platform configuration register 2 Put it in a state u 1 3 Allow decryption if extended to Hash(u 1,obtain) 4 Generate refusal cert if extended to Hash(u 1,refuse) 5 Ensure u 1 can never again be value of PCR regardless of this choice DD & JDG ( WPI ) Envelope BiSS 17 / 23

Security Goal, and consequence This diagram never occurs within any execution: { v } K v refuse(u 1,{ v } K ) n 1. Boot(n 1 ) and n 0 n 1 n 2 or n 2 n 1 n 0 by the Prefix/Boot Lemma DD & JDG ( WPI ) Envelope BiSS 18 / 23

Security Goal, and consequence, 1 This diagram never occurs within any execution: { v } K n 0 n 1 n 2 v refuse(u 1,{ v } K ) n 1. Boot(n 1 ) and n 0 n 1 n 2 or n 2 n 1 n 0 by the Prefix/Boot Lemma DD & JDG ( WPI ) Envelope BiSS 18 / 23

Security Goal, and consequences, 2 This diagram never occurs within any execution: { v } K n 0 n 1 n 2 v refuse(u 1,{ v } K ) n 1. Boot(n 1 ) and n 0 n 1 n 2 or n 2 n 1 n 0 by the Prefix/Boot Lemma DD & JDG ( WPI ) Envelope BiSS 18 / 23

Implementation Idea Using a TPM 1 Use one TPM platform configuration register 2 Put it in a state u 1 3 Allow decryption if extended to Hash(u 1,obtain) 4 Generate refusal cert if extended to Hash(u 1,refuse) 5 Ensure u 1 can never again be value of PCR regardless of this choice Produce u 1 = Hash(u 0, N) by extending some state u 0 with a fresh nonce N DD & JDG ( WPI ) Envelope BiSS 19 / 23

Implementation Idea Using a TPM 1 Use one TPM platform configuration register 2 Put it in a state u 1 3 Allow decryption if extended to Hash(u 1,obtain) 4 Generate refusal cert if extended to Hash(u 1,refuse) 5 Ensure u 1 can never again be value of PCR regardless of this choice Produce u 1 = Hash(u 0, N) by extending some state u 0 with a fresh nonce N DD & JDG ( WPI ) Envelope BiSS 19 / 23

Specification: PCR setup subprotocol, 1 This diagram never occurs within any execution: N freshly chosen at n 0 N must be sent encrypted A n 0...extend N... Extend(n 1, N) Boot(n 2) Extend(n 3, N) pcr after(n 1, Hash(u 0, N)) DD & JDG ( WPI ) Envelope BiSS 20 / 23

Specification: PCR setup subprotocol, 2 This diagram never occurs within any execution: N freshly chosen at n 0 N must be sent encrypted A n 0 {...extend N... } esk Extend(n 1, N) Boot(n 2) Extend(n 3, N) pcr after(n 1, Hash(u 0, N)) DD & JDG ( WPI ) Envelope BiSS 20 / 23

PCR Setup subprotocol Implementation strategies A delivers extend N to TPM in an encrypted session Then either A closes the session before transmitting { v } K or TPM tears down encrypted sessions before reboot DD & JDG ( WPI ) Envelope BiSS 21 / 23

Specification: PCR setup subprotocol, 2 This diagram never occurs within any execution: N freshly chosen at n 0 N must be sent encrypted A n 0 Extend(n 1, N) Boot(n 2) Extend(n 3, N) pcr after(n 1, Hash(u 0, N)) DD & JDG ( WPI ) Envelope BiSS 22 / 23

Diagrams and Logic { v } K { v } K refuse(u 1,{ v } K ) n 2 refuse(u 1,{ v } K ) Each box shows a structure (model) Positive existential formulas summarize structures Diagram says: Executions containing LHS contain RHS Homomorphisms preserve positive existential formulas DD & JDG ( WPI ) Envelope BiSS 23 / 23

Diagrams and Logic { v } K { v } K refuse(u 1,{ v } K ) n 2 refuse(u 1,{ v } K ) Each box shows a structure (model) Positive existential formulas summarize structures Diagram says: Executions containing LHS contain RHS Homomorphisms preserve positive existential formulas DD & JDG ( WPI ) Envelope BiSS 23 / 23

Diagrams and Logic { v } K { v } K refuse(u 1,{ v } K ) n 2 refuse(u 1,{ v } K ) Each box shows a structure (model) Positive existential formulas summarize structures Diagram says: Executions containing LHS contain RHS Homomorphisms preserve positive existential formulas DD & JDG ( WPI ) Envelope BiSS 23 / 23

Diagrams and Logic { v } K { v } K refuse(u 1,{ v } K ) n 2 refuse(u 1,{ v } K ) Each box shows a structure (model) Positive existential formulas summarize structures Diagram says: Executions containing LHS contain RHS Homomorphisms preserve positive existential formulas DD & JDG ( WPI ) Envelope BiSS 23 / 23

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback