Formally modeling security protocols
| Sponsors |
Wenke
Lee
wenke@cc.gatech.edu
CCB 222
|
Pete Manolios
manolios@cc.gatech.edu
CCB 149
|
|
|
Please contact one of the project sponsors before you start.
|
| Areas |
Formal Methods/Security |
Problem
The problem is to develop a formal model of a security protocol using
the ACL2
theorem proving system.
The protocol we have in mind is the Needham-Schroeder Public-Key
protocol. It is a very simple security protocol that consists of the
following three messages.
- Message 1: a -> b : {a.na}PKb
- Message 2: b -> a : {na.nb}PKa
- Message 3: a -> b : {nb}PKb
We will give you a more detailed description
if you choose to work on the project.
In order to make explicit our assumptions about the actions an
adversary can perform and to increase our confidence in the
correctness of the protocol under those assumptions, we use formal
techniques. This includes the following steps.
- Modeling the problem formally. This means using a system
with an unambiguous semantics and a proof theory. The system we will use is ACL2. ACL2
consists of a programming language based on applicative Common Lisp,
a logic, and a theorem prover. The model will be executable and you
will therefore be able to simulate various scenarios.
- Defining what it means for the protocol to be correct. For
example, someone can guess a private key, but the chances of that
happening are low. How do we model this? We will give you
informal requirements.
- Proving that the protocol satisfies its specification or
exhibiting a counterexample. You can choose to give informal, but
rigorous, arguments or you can use ACL2 to give formal, mechanically
checked arguments.
Background
To undertake this project, it would help if one has some understanding
of security and has some experience with Lisp. Here are some
relevant pointers.
Deliverables
- Protocol model.
- Short report documenting the work, including the proof of correctness.
Evaluation
Evaluation is based on the quality of the model and report.