Resumen: Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA
| bs.conference.acronym | PROLE | |
| bs.conference.name | Jornadas sobre Programación y Lenguajes (PROLE) | |
| bs.edition.date | 2019-09-02 | |
| bs.edition.location | Cáceres | |
| bs.edition.name | XIX Jornadas de Programación y Lenguajes (PROLE 2019) | |
| bs.proceedings.editor | Alpuente, M. | |
| bs.proceedings.editor | Sapiña, J. | |
| bs.proceedings.editor | Rodríguez Echeverría, R. | |
| bs.proceedings.name | Actas de las XIX Jornadas de Programación y Lenguajes (PROLE 2019) | |
| dc.contributor.affiliation | University of Oslo, Norway | |
| dc.contributor.affiliation | Universitat Politècnica de València, Spain | |
| dc.contributor.affiliation | Universitat Politècnica de València, Spain | |
| dc.contributor.affiliation | NRL, United States | |
| dc.contributor.affiliation | University of Illinois at Urbana-Champaign, United States | |
| dc.contributor.author | Gonzalez-Burgueño, Antonio | |
| dc.contributor.author | Aparicio, Damian | |
| dc.contributor.author | Escobar, Santiago | |
| dc.contributor.author | Meadows, Catherine | |
| dc.contributor.author | Meseguer, Jose | |
| dc.contributor.email | agonzalez@dsic.upv.es | |
| dc.contributor.email | daapsnc@inf.upv.es | |
| dc.contributor.email | sescobar@dsic.upv.es | |
| dc.contributor.email | meadows@itd.nrl.navy.mil | |
| dc.contributor.email | meseguer@cs.uiuc.edu | |
| dc.contributor.signature | Gonzalez-Burgueño, Antonio | |
| dc.contributor.signature | Aparicio, Damian | |
| dc.contributor.signature | Escobar, Santiago | |
| dc.contributor.signature | Meadows, Catherine | |
| dc.contributor.signature | Meseguer, Jose | |
| dc.date.accessioned | 2019-09-02T00:00:00Z | |
| dc.date.available | 2019-09-02T00:00:00Z | |
| dc.date.issued | 2019-09-02 | |
| dc.description.abstract | We perform an automated analysis of two devices developed by Yubico: YubiKey, designed to authenticate a user to network-based services, and YubiHSM, Yubico’s hardware security module. Both are analyzed using the Maude-NPA cryptographic protocol analyzer. Although previous work has been done applying formal tools to these devices, there has not been any completely automated analysis. This is not surprising, because both YubiKey and YubiHSM, which make use of cryptographic APIs, involve a number of complex features: (i) discrete time in the form of Lamport clocks, (ii) a mutable memory for storing previously seen keys or nonces, (iii) event-based properties that require an analysis of sequences of actions, and (iv) reasoning modulo exclusive-or. Maude-NPA has provided support for exclusive-or for years but has not provided support for the other three features, which we show can also be supported by using constraints on natural numbers, protocol composition and reasoning modulo associativity. In this work, we have been able to automatically prove security properties of YubiKey and find the known attacks on the YubiHSM, in both cases beyond the capabilities of previous work using the Tamarin Prover due to the need of auxiliary user-defined lemmas and limited support for exclusive-or. Tamarin has recently been endowed with exclusive-or and we have rewritten the original specification of YubiHSM in Tamarin to use exclusive-or, confirming that both attacks on YubiHSM can be carried out by this recent version of Tamarin. | |
| dc.identifier.citation | Gonzalez-Burgueño, A., Aparicio, D., Escobar, S., Meadows, C., Meseguer, J.: Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA. In: Alpuente, M., Sapiña, J., Rodríguez Echeverría, R. (eds.) Actas de las XIX Jornadas de Programación y Lenguajes (PROLE 2019). Sistedes (2019). https://hdl.handle.net/11705/PROLE/2019/007 | |
| dc.identifier.citation-bibtex | @inproceedings{11705:PROLE:2019:007, title = {{Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA}}, author = {Gonzalez-Burgueño, A. and Aparicio, D. and Escobar, S. and Meadows, C. and Meseguer, J.}, url = {https://hdl.handle.net/11705/PROLE/2019/007}, crossref = {11705:PROLE:2019} } @proceedings{11705:PROLE:2019, title = {{Actas de las XIX Jornadas de Programaci\'{o}n y Lenguajes (PROLE 2019)}}, author = {Alpuente, M. and Sapiña, J. and Rodr\'{i}guez Echeverr\'{i}a, R.}, year = {2019}, publisher = {{Sistedes}}, } | |
| dc.identifier.sistedes | 11705/PROLE/2019/007 | |
| dc.publisher | Sistedes | |
| dc.relation.ispartof | Actas de las XIX Jornadas de Programación y Lenguajes (PROLE 2019) | |
| dc.rights.license | CC BY 4.0 | |
| dc.rights.uri | https://creativecommons.org/licenses/by/4.0/ | |
| dc.subject | Equational Unification | |
| dc.subject | Narrowing | |
| dc.subject | Protocol Analysis | |
| dc.subject | Rewriting Logic | |
| dc.subject | Security | |
| dc.title | Formal verification of the YubiKey and YubiHSM APIs in Maude-NPA | |
| dspace.entity.type | Resumen | |
| relation.isAuthorOfAbstract | 2c7c5ae2-16f8-4255-a03c-3017708143b5 | |
| relation.isAuthorOfAbstract | a1c2132e-098d-4155-b604-09100d2487fe | |
| relation.isAuthorOfAbstract | 5d8162c7-2c54-4bc3-b20d-e0c59449b779 | |
| relation.isAuthorOfAbstract | ea912792-66ca-479a-97bb-f905be5c5ed8 | |
| relation.isAuthorOfAbstract | a8aca467-bcde-44d9-8a61-a904cdc0a630 | |
| relation.isAuthorOfAbstract.latestForDiscovery | 2c7c5ae2-16f8-4255-a03c-3017708143b5 |
Archivos
Bloque original
1 - 1 de 1
Cargando...
- Nombre:
- 11705-PROLE-2019-007.pdf
- Tamaño:
- 89.35 KB
- Formato:
- Adobe Portable Document Format