modelling and analysing of security protocol: lecture 14 some real life protocols tom chothia cwi
Post on 14-Dec-2015
213 Views
Preview:
TRANSCRIPT
Today
• What you can’t do with protocol: global consensus
• Activities that require global consensus• Global consensus using probability or
Trusted Third Party.BREAK• Some commonly used protocol• Extracting a protocol from a RFC
Skills not Memorisation
• What you have learn on this course (hopefully) are skill to design and analyse all (including future) protocols.
• Not what protocols people are using at the moment...but here are some anyway
Common Encryption
• AES:– Symmetric encryption
• RSA:– Public key encryption scheme
• OpenPGP– Public key encryption package
Common Protocols
• Kerberos– Which you should know well
• SSL/TLS– Secure web-browsing
• IPsec– Encrypted Internet packets (VPNs)
• SSH– Remote secure login
• PKI– Public Key Distribution without a central TTP
Real Life Protocols
• Real Life Protocols include a lot of implementation details:– Negotiation of encryption schemes.– Versions numbers.– Data format.– Header layout.– Transmission speed.
IPsec
• A “suite” of protocols for secure Internet traffic.– IKEv2 protocol used for key establishment.
• It assumes that both parties have the public key of the other.
• Mostly used for Virtual Private Networks (logging into work from your laptop)
RFCs
• RFC are Requests For Comments.
• They define the Internet.
• For engineers and hackers, not computer scientists.
• Extracting a protocol from an RFC is a skill.
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
4. B A : {SignK(B,SignB(M1,M2), gd mod p, Nb2) }K
First session key = f(gcd mod p, Na2, Nb2)
Course Summary
• The whole point of the course:– YOU don’t design a bad protocol– and YOU don’t use/accept a bad protocol
Course Summary
• The whole point of the course:– YOU don’t design a bad protocol– and YOU don’t use/accept a bad protocol
• Analysis of Protocols is a Science:– Attacker Model– Protocol Goals– Protocol Assumptions
Tools
• You have tools to help you analysis
• BAN logic:– Always think about the rules
• ProVerif:– If you designing a protocol use it (or something
like it)
• Model Checking: – Very useful, not just for protocols.
Today
• What you can’t do with protocol: global consensus
• Activities that require global consensus• Global consensus using probability or
Trusted Third Party.BREAK• Some commonly used protocol• Extracting a protocol from a RFC
top related