首页
网站开发
桌面应用
管理软件
微信开发
App开发
嵌入式软件
工具软件
数据采集与分析
其他
首页
>
> 详细
讲解留学生Processing|辅导Web开发|解析Java程序|辅导Web开发
项目预算:
开发周期:
发布时间:
要求地区:
Coursework for ECMM462
Submission date: Wednesday, November 11th, 2020
For your continuous assessment you will analyse a protocol for security weaknesses.
The assessment contain three types of tasks and you can get up to 100
marks in total:
Informal (marked as I): up to 40 marks
Specification (marked as S): up to 40 marks
Verification (marked as V ): up to 20 marks
For the specification and verification tasks you will need to use the proof assistant
Isabelle which can be downloaded from http://isabelle.in.tum.de/.
The assessment is worth 30% of the overall module mark. You need to submit
a PDF with your answers and any Isabelle theories via the electronic submission
system E-BART (https://bart.exeter.ac.uk/).
1
A Simple Protocol to Exchange a Secret Nonce
The Message Sequence Chart depicted in Fig. 1 describes a simple protocol for the
exchange of a secret nonce N between two agents A and B The initial knowledge
of agent A and agent B is given in set notation and shown in the corresponding
boxes:
Agent A knows her own public and private keys PU A and PRA as well as agent B’s
public key PU B.
Agent B knows his own public and private keys PU B and PRB as well as agent A’s
public key PU A.
Agent A initiates the protocol by sending a message containing her identity IDA
to agent B (1). Upon reception of the message, agent B generates a new random
nonce N and encrypts N with agent A’s public key. Finally, agent B creates a
new message which contains the encrypted nonce E(PU A, N) and sends it back to
agent A (2).
Agent A {PU A,PRA,PU B} Agent B {PU B,PRB,PU A}
(1) IDA
(2) E(PU A, N)
Figure 1: Simple protocol to exchange a secret nonce.
2
1. Create a Model of the Protocol
10 marks
Your first task is to model the protocol in Isabelle:
First, create a new theory Exchange.thy which imports theory Event.thy
discussed in the lecture (S: 2 marks).
Then, define a set exchange::event list set, which contains all event sequences
satisfying the protocol specification from Fig. 1 (S: 8 marks).
Note that the nonce created by agent B needs to be a fresh one, i.e. one which was
not used so far.
2. Describe a Valid Execution Trace
10 marks
Your next task is to describe an execution which contains at least two events and
satisfies the protocol:
First, describe the sequence of events informally using a Message Sequence
Chart (I: 5 marks).
Next, define the execution in Isabelle as a list of events1
(S: 3 marks).
Finally, verify in Isabelle that the defined execution is indeed an element of
the set exchange (V: 2 marks).
Hint: For the last question you may need the lemma used.used Cons from theory
Event.thy and the lemmas generated by Isabelle from the definition of set
exchange.
3. Describe an Impossible Execution Trace
10 marks
For this task you need to describe an execution which contains at least two events
and violates the protocol:
First, describe the sequence of events informally using a Message Sequence
Chart and explain where it violates the protocol specification (I: 5 marks).
Next, define the execution in Isabelle as a list of events (S: 3 marks).
Finally, verify in Isabelle that the defined execution is indeed not an element
of the set exchange (V: 2 marks).
Hint: For the last question you may need to use the proof method rule notI and
derive a contradiction from the assumption that the execution is an element of the
set exchange.
1For the definition of example executions you can also abbreviations instead of a definitions.
3
4. Describe a Potential Attack Trace
10 marks
Assuming there is a passive spy who can intercept and read all messages sent
between agents but which cannot modify messages.
This task requires you to show that the spy can obtain the encrypted 2 nonce.
To this end you need to describe a possible execution in which the spy learns a
message containing the encrypted nonce:
First, describe the sequence of events informally using a Message Sequence
Chart and explain how the knowledge of the spy changes with every event
(I: 5 marks).
Then, define the execution in Isabelle as a list of events and verify in Isabelle
that the spy can learn the encrypted message from this execution, i.e. that the
spy can analyse it from the knowledge he/she acquires during the execution
(S+V: 5 marks).
5. Show that the Attack is not Successful
10 marks
For this task you need to verify that the spy cannot learn the nonce from the
execution developed for the previous task:
First, refer to the Message Sequence Chart developed for the task described in
Sect.4, to explain informally why the spy cannot learn the nonce (I: 5 marks).
Then, verify in Isabelle that the spy cannot learn the message from the execution
defined in Isabelle for the task described in Sect. 4 (S+V: 5 marks).
6. Show that the Protocol is Secure
15 marks
This task requires you to verify that the protocol is secure against eavesdropping:
First, explain informally how the protocol ensures that the spy can never
obtain nonce N (I: 5 marks).
Then, specify this security requirement as a theorem in Isabelle (S: 5 marks).
Finally, verify the requirement in Isabelle by proving the theorem (V: 5 marks).
Hint: The proof is done using rule induction ((induction rule: exchange.induct)).
Moreover you may need to use lemma prikey provided in Appendix A.
2Note that the spy only needs to learn the encrypted message containing the nonce and not the
nonce itself.
4
7. Make the Spy Stronger
10 marks
Assume now that the spy can not only intercept and read messages but also modify
them. For this task you need to adapt the specification of set exchange to include
possible modifications to messages from the spy (S: 10 marks).
8. Show that the Protocol is not Secure
10 marks
Your next task requires you to show that the protocol is not secure against a spy
as described in Sect. 7:
First, use a Message Sequence Chart to informally describe a possible sequence
of events in which the spy obtains the nonce (I: 5 marks).
Then, define the execution in Isabelle as a list of events and verify in Isabelle
that the spy can learn the nonce from this execution, i.e. that the
spy can analyse it from the knowledge he/she acquires during the execution
(S+V: 5 marks).
9. Fix the Protocol
15 marks
Your last task requires you to propose a possible solution for the problem described
in Sect. 8:
First, describe informally how the protocol could be changed to cope with a
spy as introduced in Sect. 7 (I: 10 marks).
Then, implement the change in Isabelle, adapting the specification of set
exchange (S: 2 marks).
Finally, verify that the spy cannot learn the nonce from the execution developed
for the previous task (Sect. 8) any more, i.e. that the spy cannot analyse
it from the knowledge he/she acquires during the execution (V: 3 marks).
5
A. Appendix
lemma p ri k e y :
assumes ”A 6= Spy”
shows ” e v s ∈ exchange =⇒ Key ( priK A) ∈/ a n al z ( knows Spy e v s ) ”
proof ( i n d u c ti o n r u l e : exchange . i n d u c t )
case Nil
then show ?case using assms by simp
next
case (RQ e v s 1 A B)
then show ?case by simp
next
case (RS e v s 2 N B A)
then show ?case by simp
qed
6
软件开发、广告设计客服
QQ:99515681
邮箱:99515681@qq.com
工作时间:8:00-23:00
微信:codinghelp
热点项目
更多
urba6006代写、java/c++编程语...
2024-12-26
代做program、代写python编程语...
2024-12-26
代写dts207tc、sql编程语言代做
2024-12-25
cs209a代做、java程序设计代写
2024-12-25
cs305程序代做、代写python程序...
2024-12-25
代写csc1001、代做python设计程...
2024-12-24
代写practice test preparatio...
2024-12-24
代写bre2031 – environmental...
2024-12-24
代写ece5550: applied kalman ...
2024-12-24
代做conmgnt 7049 – measurem...
2024-12-24
代写ece3700j introduction to...
2024-12-24
代做adad9311 designing the e...
2024-12-24
代做comp5618 - applied cyber...
2024-12-24
热点标签
mktg2509
csci 2600
38170
lng302
csse3010
phas3226
77938
arch1162
engn4536/engn6536
acx5903
comp151101
phl245
cse12
comp9312
stat3016/6016
phas0038
comp2140
6qqmb312
xjco3011
rest0005
ematm0051
5qqmn219
lubs5062m
eee8155
cege0100
eap033
artd1109
mat246
etc3430
ecmm462
mis102
inft6800
ddes9903
comp6521
comp9517
comp3331/9331
comp4337
comp6008
comp9414
bu.231.790.81
man00150m
csb352h
math1041
eengm4100
isys1002
08
6057cem
mktg3504
mthm036
mtrx1701
mth3241
eeee3086
cmp-7038b
cmp-7000a
ints4010
econ2151
infs5710
fins5516
fin3309
fins5510
gsoe9340
math2007
math2036
soee5010
mark3088
infs3605
elec9714
comp2271
ma214
comp2211
infs3604
600426
sit254
acct3091
bbt405
msin0116
com107/com113
mark5826
sit120
comp9021
eco2101
eeen40700
cs253
ece3114
ecmm447
chns3000
math377
itd102
comp9444
comp(2041|9044)
econ0060
econ7230
mgt001371
ecs-323
cs6250
mgdi60012
mdia2012
comm221001
comm5000
ma1008
engl642
econ241
com333
math367
mis201
nbs-7041x
meek16104
econ2003
comm1190
mbas902
comp-1027
dpst1091
comp7315
eppd1033
m06
ee3025
msci231
bb113/bbs1063
fc709
comp3425
comp9417
econ42915
cb9101
math1102e
chme0017
fc307
mkt60104
5522usst
litr1-uc6201.200
ee1102
cosc2803
math39512
omp9727
int2067/int5051
bsb151
mgt253
fc021
babs2202
mis2002s
phya21
18-213
cege0012
mdia1002
math38032
mech5125
07
cisc102
mgx3110
cs240
11175
fin3020s
eco3420
ictten622
comp9727
cpt111
de114102d
mgm320h5s
bafi1019
math21112
efim20036
mn-3503
fins5568
110.807
bcpm000028
info6030
bma0092
bcpm0054
math20212
ce335
cs365
cenv6141
ftec5580
math2010
ec3450
comm1170
ecmt1010
csci-ua.0480-003
econ12-200
ib3960
ectb60h3f
cs247—assignment
tk3163
ics3u
ib3j80
comp20008
comp9334
eppd1063
acct2343
cct109
isys1055/3412
math350-real
math2014
eec180
stat141b
econ2101
msinm014/msing014/msing014b
fit2004
comp643
bu1002
cm2030
联系我们
- QQ: 9951568
© 2021
www.rj363.com
软件定制开发网!