Fall 2012/2013 - Cryptographic protocols - practice

(Kryptografické protokoly - ÚINF/KRP)

  • Main course web page KRP

  • Practice sessions will be given in class SJ2S07 (P/07), Jesenna 5, Kosice

 

Cryptograhpic protocol virtual machine 

  • for VirtulBox (1,1 GB) - Debian
  • Download

 

Cryptographic protocols tools:

  • ProVerif
  • Scyther

 

Instructions:

  • import to VirtualBox
  • change network settings (lan/wifi)
  • login: root, password: student
  • start: startx

 

Practice 1-2

 

Ban logic

 

Needhamov-Schroederov protocol

  1. Needham-Shroeder-I
  2. Needham-Shroeder-II

 

ABLOB (Win)

  • @2005 - RNDr. Marián Novotný, PhD.
  • copy file ABLOBinst.exe and install

 

Download notes - BAN logic - public key (zip)

GNY Logic

 

Practice 3-4

 

SPI calculus

 

ProVerif

  • ProVerif is a tool for automaticallyanalyzing the security of cryptographic protocols.
  • crypto-graphic primitives including: symmetric and asymmetric encryption; digital signatures; hash functions;bit-commitment; and non-interactive zero-knowledge proofs.
  • GNU license

 

Program:

 

Documentation

 

 

'Zoho viewer' is no longer supported because Zoho stops their service. Use 'Google Docs' engine instead of 'Zoho viewer'. 

 
 
 

Practice 5

 

Problem n. 1 - Simple challenge/response protocol

A  --> B  :  A,B,n

B  ---> A  :  B,A, {x,n}_k

 

 

 

Exercise:

  • Write in ProVerif and find out the secrecy x.

 

Problem n. 2 - Simple challenge/response protocol

A -> S : {sk}k_as

S -> B : {sk}k_bs

B -> A : {s}sk

  • k_as,k_bs,sk - shared symmetric keys
  • A,B- clients
  • S-server

 

Exercise:

  • A očakáva, že s bude súkromné. Dokážte to cez ProVerif.

 

Problem n. 3 - Modeling a Key Exchange Protocol

Bruce Schneier’s book “Applied Cryptography":

The protocol assumes that Alice and Bob, users on a network, both share a secret key with the Key Distribution Center (KDC)—represented by Trent in this protocol. These keys must be in place before the start of the protocol.

  • (1) Alice calls Trent and requests a session key to communicate with Bob.
  • (2) Trent generates a random session key. He encrypts two copies of it: one in Alice’s key and the other in Bob’s key. Trent sends both copies to Alice.
  • (3) Alice decrypts her copy of the session key.
  • (4) Alice sends Bob his copy of the session key.
  • (5) Bob decrypts his copy of the session key.
  • (6) Both Alice and Bob use this session key to communicate securely.

 

Exercises:

  • Schématicky zapíšte tento protokol.
  • Zapíšte tento protokol v SPI calcule
  • Zapíšte tento protokol v ProVerife.

 

 

Practice 6

 

Scyther

 

Exercises is from document Scyther Tool Exercise Set (C.J.F. Cremers):

Exercise 1

Once you have started the Scyther tool, close the 'about' window. Go to 'File' and select 'Open file'. Here, choose the following fi le:
protocol0symm.spdl
 
a) Verify the security claims in the protocol using Scyther.
b) Explain the results.

Exercise 2

Once you have started the Scyther tool, close the 'about' window. Go to 'File' and select 'Open file'. Here, choose the following file:
protocol0.spdl
 
a) Verify the security claims in the protocol using Scyther.
b) Explain the di erence between the two claims by using the attack you find.

Exercise 3

Now open the following fi le in Scyther:
protocol1.spdl
 
a) Verify the security claims in the protocol using Scyther. You find several attacks. Explain the attacks: why is the property violated in each case?
b) Copy the protocol le to your own directory, and call it protocol1fixed.spdl. In the fi le, make sure you change 'protocol1' to 'protocol1 fixed'. Improve the protocol
such that the property now holds, and use Scyther to show that your improved protocol indeed meets the requirements.
 
Hint: Examine the first message: fR; nigpk(R) or compare the protocol to the fixed Needham-Schroeder protocol shown in the lecture.

Exercise 4

 

Open the following protocol fi le:
protocol2.spdl
 
This protocol contains a rather large messages and contains many random numbers (nonces) and hash functions. Not all of these elements are necessary to guarantee the correctness of the protocol.
a) Suggest ve eciency improvements (in terms of message size or complexity) for the protocol, and motivate your choice. Test each suggested improvement using Scyther. If any of your suggestions fails, explain why.

Exercise 5