Title: Team Automata for Security Analysis of Multicast/Broadcast Communication
1Team Automata for Security Analysis of
Multicast/Broadcast Communication
- Maurice ter Beek, Gabriele Lenzini, Marinella
Petrocchi - Istituto di Scienza e Tecnologia
dellInformazione - Istituto di Informatica e Telematica
- CNR - Pisa - Italy
- WISP 2003
- 1st Workshop on Issues in Security and Petri nets
- Eindhoven, 23 June 2003
2Outline
- multicast/broadcast technology and EMSS protocol
- Team Automata
- informal definition
- example showing multicast/broadcast communication
- relation to Petri nets
- (in paper instance of EMSS modelled by TA)
- formulate GNDC schema for security analysis in
terms of TA - conclusions and future work
3Multicast/Broadcast technology
Unicast sending a message through a
point-to-point connection Broadcast flooding
a message to all the connected recipients
using a single local transmit operation (e.g.
ordinary TV) Multicast sending a message to a
set of designated recipients using a single
local transmit operation (e.g. pay-per-view
TV) M/B technology was born with the intent of
saving resources (e.g. bandwidth CPU time)
w.r.t. unicast
4Stream signature protocols
- send digital streams, i.e. long (potentially
infinite) sequences of bits, as packets - guarantee authenticity and integrity
- aim at minimizing the computational cost of
signing and verifying packets
a sender broadcasts a
continuous stream to a possibly
unbounded number of receivers Features
receivers use information retrieved in
earlier packets to authenticate later packets
(or v.v.)
5Tolerating packet loss
- digital streams are usually sent over the User
Data Protocol, an unreliable transport protocol - this may cause packet loss, i.e. the stream may
be received incomplete by (a part of) the
recipients - a stream signature protocol tolerates packet loss
if it still allows a recipient to verify all
packets that are not lost
6The EMSS family of protocols
- Efficient Multi-chained Stream Signature family
of protocols to sign digital streams (Perrig et
al., IEEE SP 2000) - basic idea a hash of packet Pi is appended to
packet Pi-1 (whose hash is in turn appended to
packet Pi-2 , etc.) - signature packet Psign at the end of the stream
- each packet contains multiple hashes of previous
packets and the signature packet contains hashes
of multiple packets - multiple copies of the signature packet are sent
7The (1,2) deterministic EMSS
Packet Pi
Packet Pi1
Packet Pi-1
Mi Hash(Pi-1) Hash(Pi-2)
Mi-1 Hash(Pi-2) Hash(Pi-3)
Mi1 Hash(Pi) Hash(Pi-1)
. . .
Time / Number of packets
EMSS achieves (some) robustness against packet
loss
8Team Automata
- model logical architecture of a design
- abstract from concrete data and actions
- describe behaviour in terms of
- state-action diagram (automaton)
- role of actions (input, output, internal)
- synchronizations (simultaneous execution of
actions) - crux automata composition
- (Ellis, GROUP97 ter Beek et al., ECSCW99 gt
CSCW 2003)
9Multicast/broadcast communication in TA
broadcast TA S,R1,,Ri,,Rn
10Team Automata vs. Petri nets
- extension of I/O automata (Lynch Tuttle, 1987)
- to visualize potential concurrency in TA switch
to vector TA - VTA related to vector-labelled Petri nets, e.g.
translation to Individual Token Net Controllers
(Keesmaat et al., 1990) a particular type of
state-machine decomposable nets - more details in paper and its references
11The insecure communication scenario
private send/receive
TR
TR
TS
TR
public send
public receive
TIC
TP
TI
eavesdrop
inject
(Lynch, CSFW99)
12Generalized Non-Deducibility on Compositions
- P ? GNDC iff ?X ? (P X) \C
?(P) - A system specification P satisfies GNDC if the
behaviour of P, - despite the presence of a hostile environment
, - appears to be the same (w.r.t. a behavioural
relation ) - as the expected (correct) behaviour of
P - (Focardi-Martinelli, FM99 Focardi et al.,
ICALP00) - D( ) bounded knowledge, communication
channels, composition, hiding
?
?
?
?
?(P)
C
\
?
13GNDC schema in terms of TA
- Hostile environments
- ?C (Q, (?out, ?inp, ?int), ?, I) ?inp ? C ,
?out ? C - ?C X ? ?C Id?out (X) ? (D(?))
- Id?out (X) ? ? BT ? ? (?out)
- Observational behaviour
preserve symbols ?ext-?com - OT Id (pres (BT))
- ?com communicating actions
- GNDC in terms of TA
hide actions C unobservable - T ? GNDC? iff ?X ? ?C O
? OT
?
C
?extC
?ext-?com
?
C
C
C
hideC (T,X)
14Conclusions
- TA naturally suited to model multicast/broadcast
communication -
- GNDC schema reformulated in terms of TA
Future work
- use this new setting for the formal verification
of security properties for stream signature
protocols