MECHANIZED NETWORK ORIGIN AND
PATH AUTHENTICITY PROOFS
•
•
•
Analyzing network protocols is more complex then
analyzing cryptographic protocols
Must consider arbitrary network topologies
Protocol programs and properties tend to be
recursive and may be bounded by the network
size
7/28/2017
NETWORK ORIGIN AND AUTHENTICITY
PROOFS
•
•
Proofs of general security properties constructed
manually so that they are independent of network
topology
Several different proof systems for reasoning about
protocols including PLC which is a program logic
that provides support for reasoning about
protocols providing compositional reasoning
principals for protocols
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY PROOFS
•
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY PROOFS
•
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY PROOFS
•
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY PROOFS
•
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY PROOFS
•
•
A thread makes a transition step if the program
makes a transition step and the system makes a
transition step if one of the threads makes a
transition
Trace : a sequence of transitions of the system
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY PROTOCOLS
•
•
Behavior of systems are modelled as the set of
traces that are generated from an initial
configuration
Properties of a system are modelled as properties
of its traces
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY
•
•
•
•
Predicates specify actions of threads e.g. sending
messages and take a time point to indicate when
the action occurs.
Safety principals are specified using predicates
Trusted principals modelled as threads running
programs that correspond to prescribed protocols
Adversaries are modelled as threads running
arbitrary code
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY
•
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY
• Analysis done for extended OPT where source and
destination do not necessarily trust each other
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY : ATTACKER MODEL
•
•
•
•
Variant of Dolev-Yao Model:
Attackers can send and receive messages
intended for them
Can compute cryptographic functions using the
keys that they have
Can decompose and construct messages based
on the messages and keys they know
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY: ATTACKER MODEL
• Attacker cannot intercept messages not meant for
them
• Attacker cannot inject messages into a section of
the network they are not directly connected to
• Attackers represent malicious network nodes
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY: THEOREMS
•
•
Secrecy and Authenticity of the DRKey Protocol:
Theorem 1: when a destination D is done validating
the keys with respect to the path and the session
key then the list of keys it accepts is generated by
intermediate routers if they are honest and each
key is known only to the destination and the router
who generated it if router is honest
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY : THEOREMS
• Theorem 1(cont.): the current session is identical to
the session that the destination has shared with the
source
• a similar theorem holds for the source
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY: THEOREMS
• Theorem 7: if a router accepts a packet then the
payload of the packet originates from S and has
traversed all the honest nodes on the path
intended by S, up to the router in the correct order.
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY: DEFENDING
AGAINST ATTACKS
•
Source and data Spoofing: Source authenticity
property of extended OPT which is shown using
Theorem 7 ensures that successful verification of
the path validation field implies that there can be
no source or data spoofing attacks to Ri as long as
the source is trusted
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY: DEFENDING
AGAINST ATTACKS
• Path Deviation Attacks: The Path authenticity
property of extended OPT ensures that successful
verification of Ri or the destination implies that the
packet Ri(or the destination ) received has
traversed all the honest nodes in the source
intended path in the correct order assuming that
the source is honest. Malicious routers cannot skip
honest nodes or cause the packet to traverse
honest nodes in an incorrect order
7/28/2017
NETWORK ORIGIN AND PATH
AUTHENTICITY: COLLUSION
• Source and Path authenticity are proven based on
whether a router is honest. If all the routers are
honest then once the origin path validation field of
a router knows the packet originates from the
source then all the links in the intended path before
the router are traversed in the right order and no
other routers have received the packet if the links
are secure. However, this does not hold when there
are multiple adjacent malicious nodes
7/28/2017