Static Analyses of Cryptographic Protocols
نویسندگان
چکیده
of “Static Analyses of Cryptographic Protocols” by Jay McCarthy, Ph.D., Brown University, May 2009 Most protocol analyses only address security properties. However, other properties are important and can increase our understanding of protocols, as well as aid in the deployment and compilation of implementations. We investigate such analyses. Unfortunately, existing high-level protocol implementation languages do not accept programs that match the style used by the protocol design community. These languages are designed to implement protocol roles independently, not whole protocols. Therefore, a different program must be written for each role. We define a language, WPPL, that avoids this problem. It avoids the need to create a new tool-chain, however, by compiling protocol descriptions into an existing, standard role-based protocol implementation language. Next, we investigate two families of analyses. The first reveals the implicit design decisions of the protocol designer and enables fault-tolerance in implementations. The second characterizes the infinite space of all messages a protocol role could accept and enables scalability by determining the session state necessary to support concurrency. Our entire work is formalized in a mechanical proof checker, the Coq proof assistant, to ensure its theoretical reliability. Our implementations are automatically extracted from the formal Coq theory, so they are guaranteed to implement the theory. Static Analyses of Cryptographic Protocols by Jay McCarthy B. S., University of Massachusetts at Lowell, 2005 Sc. M., Brown University, 2007 A dissertation submitted in partial fulfillment of the requirements for the Degree of Doctor of Philosophy in the Department of Computer Science at Brown University Providence, Rhode Island May 2009 c © Copyright 2009 by Jay McCarthy This dissertation by Jay McCarthy is accepted in its present form by the Department of Computer Science as satisfying the dissertation requirement for the degree of Doctor of Philosophy. Date Shriram Krishnamurthi, Advisor Recommended to the Graduate Council Date Joshua D. Guttman, Reader (MITRE Corporation) Date John Jannotti, Reader (Brown University) Date Anna Lysyanskaya, Reader (Brown University) Date John D. Ramsdell, Reader (MITRE Corporation) Approved by the Graduate Council Date Sheila Bonde Dean of the Graduate School
منابع مشابه
Static Analyses of Cryptographic
of “Static Analyses of Cryptographic Protocols” by Jay McCarthy, Ph.D., Brown University, May 2009 Most protocol analyses only address security properties. However, other properties are important and can increase our understanding of protocols, as well as aid in the deployment and compilation of implementations. We investigate such analyses. Unfortunately, existing high-level protocol implement...
متن کاملTrading Static for Adaptive Security in Universally Composable Zero-Knowledge
Adaptive security, while more realistic as an adversarial model, is typically much harder to achieve compared to static security in cryptographic protocol design. Universal composition (UC) provides a very attractive framework for the modular design of cryptographic protocols that captures both static and adaptive security formulations. In the UC framework, one can design protocols in hybrid wo...
متن کاملDesign of cybernetic metamodel of cryptographic algorithms and ranking of its supporting components using ELECTRE III method
Nowadays, achieving desirable and stable security in networks with national and organizational scope and even in sensitive information systems, should be based on a systematic and comprehensive method and should be done step by step. Cryptography is the most important mechanism for securing information. a cryptographic system consists of three main components: cryptographic algorithms, cryptogr...
متن کاملA Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols
We present a reduction semantics for the LYSA calculus extended with session information, for modelling cryptographic protocols, and a static analysis for it. If a protocol passes the analysis then it is free of replay attacks and thus preserves freshness. The analysis has been implemented and applied to a number of protocols, including both original and corrected version of Needham-Schroeder p...
متن کاملType-checking Implementations of Protocols Based on Zero-knowledge Proofs – Work in Progress –
We present the first static analysis technique for verifying implementations of cryptographic protocols based on zero-knowledge proofs. Protocols are implemented in RCF∧∨, a core calculus of ML with support for concurrency. Cryptographic primitives are considered as fully reliable building blocks and represented symbolically using a sealing mechanism. Zero-knowledge proofs, in particular, are s...
متن کامل