From Computationally-Proved Protocol Specifications to Implementations and Application to SSH
نویسندگان
چکیده
This paper presents a novel technique for obtaining implementations of security protocols, proved secure in the computational model. We formally specify the protocol to prove, we prove this specification using the computationally-sound protocol verifier CryptoVerif, and we automatically translate it into an implementation in OCaml using a new compiler that we have implemented. We applied this approach to the SSH Transport Layer protocol: we proved the authentication of the server and the secrecy of the session keys in this protocol and verified that the generated implementation successfully interacts with OpenSSH. We explain these proofs, as well as an extension of CryptoVerif needed for the proof of secrecy of the session keys. The secrecy of messages sent over the SSH tunnel cannot be proved due to known weaknesses in SSH with CBC-mode encryption.
منابع مشابه
Provable Security in Practice: Analysis of SSH and CBC mode with Padding
This thesis illustrates and examines the gap that exists between theoretical and practical cryptography. Provable security is a useful tool which allows cryptographers to perform formal security analyses within a strict mathematical framework. Unfortunately, the formal modelling of provable security sometimes fails to match how particular schemes or protocols are implemented in real life. We ex...
متن کاملSecurity testing of session initiation protocol implementations
The mechanisms which enable the vast majority of computer attacks are based on design and programming errors in networked applications. The growing use of voice over IP (VOIP) phone technology makes these phone applications potential targets. We present a tool to perform security testing of VOIP applications to identify security vulnerabilities which can be exploited by an attacker. Session Ini...
متن کاملThe Design and Implementation of Protocol-Based Hidden Key Recovery
We show how to add key recovery to existing security protocols such as SSL/TLS and SSH without changing the protocol. Our key recovery designs possess the following novel features: (1) The Key recovery channels are “unfilterable” — the key recovery channels cannot be removed without also breaking correct operation of the protocol. (2) Protocol implementations containing our key recovery designs...
متن کاملHigh Speed Bulk Data Transfer on the Grid Using the SSH Protocol
SSH is a widely used multipurpose application for interactive shells, bulk data transfer, and other network transport needs. However, a design choice in most implementations of SSH reduces its functionality as bulk data transport tool in Grid and other high performance environments. In this paper I will discuss the nature of the design choice, the functional limitations it imposes, a method by ...
متن کاملFormally based semi-automatic implementation of an open security protocol
This paper presents an experiment in which an implementation of the client side of the SSH Transport Layer Protocol (SSH-TLP) was semi-automatically derived according to a model-driven development paradigm that leverages formal methods in order to obtain high correctness assurance. The approach used in the experiment starts with the formalization of the protocol at an abstract level. This model...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- JoWUA
دوره 4 شماره
صفحات -
تاریخ انتشار 2013