Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 914 - Michigan State University Extensions of BAN by Heather Goldsby Michelle Pirtle.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "CSE 914 - Michigan State University Extensions of BAN by Heather Goldsby Michelle Pirtle."— Presentation transcript:

1 CSE 914 - Michigan State University Extensions of BAN by Heather Goldsby Michelle Pirtle

2 CSE 914 - Michigan State University Overview BAN Logic – Burrows, Abadi, and Needham GNY – Gong, Needham, Yahalom RV AT – Abadi and Tuttle VO – van Oorschot SVO – Syverson and van Oorschot Wenbo Mao – “Mao” Comparison Conclusion

3 CSE 914 - Michigan State University BAN Logic – 1989 Goal: Offer a formalization of the description and analysis of authentication protocols over distributed computer systems –State what is accomplished by the protocol –Allow reasoning about, and comparisons of, protocol assumptions –Draw attention to unnecessary actions that can be removed from a protocol –Highlight any encrypted messages that could be sent in clear text Tool: SPEAR –Model analyzer for BAN Logic and GNY –Developed for security protocols

4 CSE 914 - Michigan State University BAN (cont.) Advantages –Introduced a simple and powerful notation –Logic postulates (ie. Nonce-verification rule) are straight forward to apply for deriving BAN beliefs Disadvantages –Idealization step can cause analysis problems –No formal syntax or semantics –Does not account for improper encryption –A principal’s beliefs cannot be changed at later stages of the protocol –Logic limited to analyze authentication protocols –Honesty and trust in other principals is not addressed

5 Foundation of Each Logic BANGNYGSATVOSVOMaoRV BAN GNYX GSX ATX VOXXXX SVOXXXXX MaoXXXXXX RVX Read across - States which logic(s) were used to design the new logic Read down - States which logic(s) extended from the logic Logics listed in increasing year of publication

6 CSE 914 - Michigan State University GNY - 1990 Goal: Gain ability to analyze more protocols in a more consistent manner Extends and reformulates BAN –Notions are expanded –New rules and constructs –Eliminate some of BAN’s universal assumptions Tools: –SPEAR Model analyzer for BAN Logic and GNY Developed for security protocols –Pattern scanner used as a parser for “not-originated-here” notion

7 CSE 914 - Michigan State University GNY (cont.) Advantages –Multiple levels of trust can be used in reasoning –More protocols can be analyzed –Making some BAN assumptions explicit allows for generality Disadvantages –R6 is unsound –Combining rules can result in unsound conclusions –The set of rules is incomplete –Some rules have redundant premises E.g. I2

8 CSE 914 - Michigan State University RV – 1996 Goal: Provide a logic of belief, based on BAN for use with a theory generator Extension of BAN –Explicit interpretation Idealization step –Fails to consider other interpretations –Hidden assumptions about safety of message –Responsibility Account for principal’s irresponsible behavior Tool: RVChecker –Theory Generator

9 CSE 914 - Michigan State University RV (cont.) Advantages –Maintains the original simplicity of BAN –Has tool support –Addresses principal responsibility and the idealization step Disadvantages –No formal syntax or semantics –Unable to specify full range of protocols

10 CSE 914 - Michigan State University AT – 1991 Goal: Find a natural semantic model for BAN Extensions: –Provides formal syntax and semantics –Simplifies existing BAN inference rules –Reformulates inference rules as axioms –Removes need for honesty

11 CSE 914 - Michigan State University AT (cont.) Advantages –Formal syntax and semantics –Addresses question of principal honesty –More elegant proof system owing to rules of BAN being rewritten as axioms Disadvantages –No tool support –Assumes perfect encryption –Does not address idealization step

12 CSE 914 - Michigan State University VO – 1993 Goal: Extend BAN family of logics in a manner that allows authenticated key agreement protocols to be analyzed, and to better examine goals and beliefs in the protocols. Extensions –Refine the BAN construct “shares the good crypto key” –Define new key confirmation primitive –Define new postulates for use with reasoning about “jointly established” keys

13 CSE 914 - Michigan State University VO (cont.) Advantages –Accomplishes analysis of a new set of protocols –Allows for a closer analysis of the goals and beliefs of the new set of protocols Disadvantages –Time is ignored –Message ordering is not addressed

14 CSE 914 - Michigan State University SVO – 1994 Goal: Unification of BAN, GNY, AT, & VO Extensions: –Include public keys –New functions –Message comprehensibility

15 CSE 914 - Michigan State University SVO (cont.) Advantages –Proved to be sound Disadvantages –Not suited for tool support SVD revamped SVO: developed to be compatible with Isabelle theorem prover

16 CSE 914 - Michigan State University Mao – 1995 Goal: Formalize the idealization step Extension: –Rule-based idealization technique –Remove need for perfect encryption assumption

17 CSE 914 - Michigan State University Mao (cont.) Advantages –Formalization of idealization technique –Eliminates assumption of perfect cryptography Disadvantages –No tool support –No proof of soundness for idealization rules

18 CSE 914 - Michigan State University Comparison Table Part 1

19 CSE 914 - Michigan State University Comparison Table Part 2

20 CSE 914 - Michigan State University Conclusions BAN gave a very good foundation to expand upon BAN-like logics do not need to be limited to authentication protocols No one logic can or will cover all aspects of protocol analysis More tool support is needed

21 CSE 914 - Michigan State University Possible Future Work Possible extensions to our work: –Include other BAN-like logics Gaarder Snekkenes - GS Sigrid Gurgens – SG Mao and Boyd SVD – An extension of SVO –Design and develop tool support

22 CSE 914 - Michigan State University References Kindred, "Theory Generation for Security Protocols“. 1999. http://reports- archive.adm.cs.cmu.edu/anon/1999/CMU-CS-99-130.pdf Mao, "An Augmentation of BAN-Like Logics“. 1995. http://www.citeseer.nj.nec.com/mao95augmentation.html Syverson and van Oorschot, "On unifying some cryptographic protocol logics“. 1994. http://www.citeseer.nj.nec.com/syverson94unifying.html M. Abadi and M. Tuttle, "A Semantics for a Logic of Authentication“. http://www.citeseer.nj.nec.com/article/abadi91semantics.html Burrows, Abadi & Needham, “A Logic of Authentication”. 1989. http://citeseer.nj.nec.com/burrows90logic.html Gong, Needham and Yahalom, "Reasoning About Belief in Cryptographic Protocols”. 1990. http://citeseer.nj.nec.com/gong90reasoning.html van Oorschot,”Extending cryptographic logics of belief to key agreement protocols”. 1993. http://doi.acm.org/10.1145/168588.168617

23 CSE 914 - Michigan State University Relationships Among Logics BAN - 1989 GS - 1991 AT - 1991 GNY - 1990 VO - 1993 SVO - 1994 Mao - 1995 RV - 1996 SG - 1996?

Download ppt "CSE 914 - Michigan State University Extensions of BAN by Heather Goldsby Michelle Pirtle."

Similar presentations

25 February 2009Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department.

25 February 2009Instructor: Tasneem Darwish1 University of Palestine Faculty of Applied Engineering and Urban Planning Software Engineering Department.
Non-monotonic Properties for Proving Correctness in a Framework of Compositional Logic Koji Hasebe Mitsuhiro Okada (Dept. of Philosophy, Keio University)

Non-monotonic Properties for Proving Correctness in a Framework of Compositional Logic Koji Hasebe Mitsuhiro Okada (Dept. of Philosophy, Keio University)
Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.

Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.
BAN Logic A Logic of Authentication Presentation by Heather Goldsby Michelle Pirtle (Mike Burrows, Marin Abadi, Roger Needham) Published 1989, SRC Research.

BAN Logic A Logic of Authentication Presentation by Heather Goldsby Michelle Pirtle (Mike Burrows, Marin Abadi, Roger Needham) Published 1989, SRC Research.
Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.

Background information Formal verification methods based on theorem proving techniques and model­checking –to prove the absence of errors (in the formal.
CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.

CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.
Case Study: Using PVS to Analyze Security Protocols Kyle Taylor.

Case Study: Using PVS to Analyze Security Protocols Kyle Taylor.
Formally (?) Deriving Security Protocols Anupam Datta WIP with Ante Derek, John Mitchell, Dusko Pavlovic October 23, 2002.

Formally (?) Deriving Security Protocols Anupam Datta WIP with Ante Derek, John Mitchell, Dusko Pavlovic October 23, 2002.
CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.

CPSC 322, Lecture 23Slide 1 Logic: TD as search, Datalog (variables) Computer Science cpsc322, Lecture 23 (Textbook Chpt 5.2 & some basic concepts from.
Abstraction and Refinement in Protocol Derivation Anupam DattaAnte Derek John C. Mitchell Dusko Pavlovic Stanford University Kestrel Institute CSFW June.

Abstraction and Refinement in Protocol Derivation Anupam DattaAnte Derek John C. Mitchell Dusko Pavlovic Stanford University Kestrel Institute CSFW June.
1 Trust Management and Theory Revision Ji Ma School of Computer and Information Science University of South Australia 24th September 2004, presented at.

1 Trust Management and Theory Revision Ji Ma School of Computer and Information Science University of South Australia 24th September 2004, presented at.
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.
A Logic of Authentication Michael Burrows, Martin Abadi, Roger Needham BAN Logic Presented by : Wenjin Hu.

A Logic of Authentication Michael Burrows, Martin Abadi, Roger Needham BAN Logic Presented by : Wenjin Hu.
C SC 520 Principles of Programming Languages 1 C SC 520: Principles of Programming Languages Peter J. Downey Department of Computer Science Spring 2006.

C SC 520 Principles of Programming Languages 1 C SC 520: Principles of Programming Languages Peter J. Downey Department of Computer Science Spring 2006.
Chapter 2 Protocols Controlling communications of principals in systems.

Chapter 2 Protocols Controlling communications of principals in systems.
Protocol Composition Logic Arnab Roy joint work with A. Datta, A. Derek, N. Durgin, J.C. Mitchell, D. Pavlovic CS259: Security Analysis of Network Protocols,

Protocol Composition Logic Arnab Roy joint work with A. Datta, A. Derek, N. Durgin, J.C. Mitchell, D. Pavlovic CS259: Security Analysis of Network Protocols,
Information Security of Embedded Systems 10.2.2010: BAN-Logic Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : BAN-Logic Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Inductive Verification of Protocols Anupam Datta CMU Fall 2007-08 18739A: Foundations of Security and Privacy.

Inductive Verification of Protocols Anupam Datta CMU Fall A: Foundations of Security and Privacy.
Framework for K-12 Science Education

Framework for K-12 Science Education
Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Formal Methods 1. Software Engineering and Formal Methods  Every software engineering methodology is based on a recommended development process  proceeding.

Similar presentations

Ads by Google