Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking Tom Chothia CWI.

Published byUlises Redshaw Modified over 9 years ago

Similar presentations

Presentation on theme: "Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking Tom Chothia CWI."— Presentation transcript:

1 Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking Tom Chothia CWI

2 Today Model Checking is useful Probabilities can be an important part of a protocol (also next week).

3 The Rest of the Course Today: Model Checking. 26th Oct: When you have to have probability and Fair Exchange protocols (Homework due). 2nd, 9th, 16th, 23rd and 30th Nov Student presentations. E-mail me your presentation idea’s by Friday

4 Today Model Checking for finite systems Specifying properties in CTL Dinning Philosophers BREAK Probabilistic finite systems Specifying probabilistic properties in PCTL Dinning Cryptographers

5 50 BC to 1960s : Not relevant: –Pre-computer: Caesar cipher to Enigma. Keys prearranged by hand 1960s to 1980s : Not considered necessary –ARPAnet, an open network, no or little secret, e.g. telnet. open relays A Quick History of Key Establishment and Authentication

6 1970s to 1990s : First tries –Early Internet, trying for security, e.g. SSL version 1, Needham-sroder. 1980-2000s : Becomes a science –Principles for protocol design, attacker models, Kerberos, TLS, SSH 1990s to present: Automation –Understood well enough to check by machine.

7 Anonymity Protocols upto 1990s : Not relevant: –Little personal information on the Internet upto 2000s : Not considered necessary 1990 to Now: First tries, –Dinning Cryptographers, –anonymous proxies, –Tor.

8 Anonymity Protocols Only now: Becoming a Science Limited automatic checking of automata protocols –Only for finite systems, no dedicated tools

9 Model Checking Idea: –Make a model of your system with has a limited number of states –Check every single state to make sure its OK Problem: making the model finite Problem: “state space explosion” Very effective, many industrial applications

10 Model Checking 1994 Pentium chip was missing a few entries in a table. Almost never used so missed by standard testing. If x=4195835 & y =3145727 then x/y=1.333739068902037589 rather than =1.333820449136241002 But x-(x.y/y)= 256 not 0

11 Result Public relations disaster Jokes: –How many Pentium designers does it take to change a light bulb? –1.99995827903 100 of millions of dollars of replacement costs. Intel now model checks all hardware.

12 PRISM

13 Traffic Lights Example

14 State Space

15 CTL examples

16 CTL

17 CTL Derived Operators.

18 Dinning Philosophers

19 Dinning Philosophers in PRISM

20 Checking the Dinning Philosphers

21 Fixing the Deadlock

22 Today Model Checking for finite systems Specifying properties in CTL Dinning Philosophers example BREAK Probabilistic finite systems Specifying probabilistic properties in PCTL Dinning Cryptographers

Download ppt "Modelling and Analysing of Security Protocol: Lecture 11 Modelling Checking Tom Chothia CWI."

Similar presentations

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Modelling and Analysing of Security Protocol: Lecture 8 Automatically Checking Protocols II Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 8 Automatically Checking Protocols II Tom Chothia CWI.
Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.
Modelling and Analysing of Security Protocol: Lecture 7 Automatically Checking Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 7 Automatically Checking Protocols Tom Chothia CWI.
CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.
Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.

Unifying the conceptual levels of network security through use of patterns Ph.D Dissertation Proposal Candidate: Ajoy Kumar, Advisor: Dr Eduardo B. Fernandez.
Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)

Socket Layer Security. In this Presentation: need for web security SSL/TLS transport layer security protocols HTTPS secure shell (SSH)
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.

Module 5: TLS and SSL 1. Overview Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced.
Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.

Slides by Kent Seamons and Tim van der Horst Last Updated: Nov 8, 2013.
CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),

CSE 461 Section. “Transport Layer Security” protocol Standard protocol for encrypting Internet traffic Previously known as SSL (Secure Sockets Layer),
Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING.

Bradley Cowie, Barry Irwin and Richard Barnett Security and Networks Research Group Department of Computer Science Rhodes University MANAGEMENT, PROCESSING.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.

Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Privacy Terminology draft-hansen-privacy-terminology-03.txt Hannes Tschofenig.

Privacy Terminology draft-hansen-privacy-terminology-03.txt Hannes Tschofenig.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
Information Security Teaching, training, research.

Information Security Teaching, training, research.
Modelling and Analysing of Security Protocol: Lecture 3 Protocol Goals Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 3 Protocol Goals Tom Chothia CWI.
Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.

Cryptography: Keeping Your Information Safe. Information Assurance/Information Systems –What do we do? Keep information Safe Keep computers Safe –What.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

Similar presentations

Ads by Google