network protocols network systems security mort anvari
TRANSCRIPT
![Page 1: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/1.jpg)
Network Protocols Network Systems Security
Mort Anvari
![Page 2: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/2.jpg)
8/26/2004 2
Network Protocols Abstractions of communication between
two processes over a network Define message formats Define legitimate sequence of messages
Take care of physical details of different network hardware and machines
Separate tasks in complex communication networks For example, FTP and ARP
![Page 3: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/3.jpg)
8/26/2004 3
Protocol Layering
Many problems need to be solved in a communication network
These problems can be divided into smaller sets and different protocols are designed for each set of problem
Protocols can be organized into layers to keep them easy to manage
![Page 4: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/4.jpg)
8/26/2004 4
Properties of Protocol Layer
Functions of each layer are independent of functions of other layers Thus each layer is like a module and can
be developed independently Each layer builds on services provided
by lower layers Thus no need to worry about details of
lower layers -- transparent to this layer
![Page 5: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/5.jpg)
8/26/2004 5
Protocol Stack: OSI Model
Application
Presentation
Session
Transport
Network
Data link
Physical
![Page 6: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/6.jpg)
8/26/2004 6
Communicating End Hosts
Application
Presentation
Session
Transport
Network
Data link
Physical
Application
Presentation
Session
Transport
Network
Data link
Physical
Network
Data link
Physical
Host Host
Router
![Page 7: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/7.jpg)
8/26/2004 7
Verification of Network Protocols
Many complex protocols performs multiple functions with multiple messages
It is desirable to verify that a protocol can correctly perform functions that it was designed for
Particularly important for security protocols
![Page 8: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/8.jpg)
8/26/2004 8
Traditional Ways of Network Protocol Specification
Plain English
Time charts
Programming languages
![Page 9: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/9.jpg)
8/26/2004 9
Shortcomings of Plain English
Ambiguity Different words can have similar meanings
process p sends message m to process qprocess p transmits message m to process qprocess p forwards message m to process qprocess p delivers message m to process q
Same word can have different meanings
process p sends message m to process qprocess p sends file f to process q
![Page 10: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/10.jpg)
8/26/2004 10
Shortcoming of Time Chart
Not scalable Many legitimate sequences of messages Cannot list all possible legitimate sequences
when the number of sequences grows exponentially
![Page 11: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/11.jpg)
8/26/2004 11
Shortcoming of UsingProgramming Language Hard to prove correctness of protocol
specification For example, protocol specified in C
language may involve overlap, and may involve transmission delay
![Page 12: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/12.jpg)
8/26/2004 12
Formal Ways of Network Protocol Specification
BAN logic
Abstract Protocol Notation
![Page 13: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/13.jpg)
8/26/2004 13
BAN Logic
Invented by Burrows, Abadi, and Needham
Use logical constructs and postulates to analyze authentication protocols and uncover various protocol weaknesses
![Page 14: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/14.jpg)
8/26/2004 14
Logical Constructs Assume P and Q are network agents, X is a message,
and K is an encryption key P believes X: P acts as if X is true, and may assert X in
other messages P has jurisdiction over X: P's beliefs about X should
be trusted P said X: At one time, P transmitted (and believed)
message X, although P might no longer believe X P sees X: P receives message X, and can read and
repeat X {X}K: X is encrypted with key K fresh(X): X was sent recently key(K, P<->Q): P and Q may communicate with shared
key K
![Page 15: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/15.jpg)
8/26/2004 15
Examples of Postulates If P believes key(K, P<->Q), and P sees
{X}K, then P believes (Q said X) If P believes (Q said X) and P believes
fresh(X), then P believes (Q believes X) If P believes (Q has jurisdiction over X)
and P believes (Q believes X), then P believes X
If P believes that Q said <X, Y>, the concatenation of X and Y, then P also believes that Q said X, and P also believes that Q said Y
![Page 16: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/16.jpg)
8/26/2004 16
Shortcomings of BAN Logic
High level of abstraction Need for a protocol idealization
step, in which user is required to transform each message in a protocol into formulas
Can only verify a round everytime
![Page 17: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/17.jpg)
8/26/2004 17
Abstract Protocol Notation Presented by Mohamed Gouda in the
book Elements of Network Protocol Design
Formal and scalable Proof of correctness of protocol
specification can be easily done using state transition diagram
![Page 18: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/18.jpg)
8/26/2004 18
Communication Model
A network of processes and two unbounded FIFO channels between every two processes
process p
…
process q
…- - - - - - -
Set of messages
![Page 19: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/19.jpg)
8/26/2004 19
Process Specification Each process in a protocol is specified as
followsprocess pxinp <name of input> : <type of input>
…<name of input> : <type of input>
var <name of variable> : <type of variable>…<name of variable> : <type of variable>
begin<action>
[] <action>…[] <action>end
![Page 20: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/20.jpg)
8/26/2004 20
Action Execution Specified as <guard> -> <statement> Satisfy three conditions
Atomic: actions in the whole protocol are executed one at a time; one action cannot start while another action execution is in progress
Non-deterministic: an action is executed only when its guard is true
Fair: if guard of an action is continuously true, then the action is eventually executed
![Page 21: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/21.jpg)
8/26/2004 21
State Transition Diagram
Define semantic of a protocol State is defined by a value for each
variable in protocol and by a message set for each channel in protocol
Transition is movement from current state to next state triggered by an action execution
![Page 22: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/22.jpg)
8/26/2004 22
Adversary Model
Adversary can change contents of protocol channels by executing the following actions a finite number of times
Message loss: lose an original message Message modification: modify the field of an
original message to cause a modified message Message replay: replace an original message by
another original message to cause a replayed message
Message insertion: add to a channel a finite number of arbitrary messages
![Page 23: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/23.jpg)
8/26/2004 23
Prove Correctness of Secure Protocol
Execution of adversary actions may lead the protocol to a bad state
Protocol is said to be correct if it converges to its good cycle in a finite number of steps after adversary finishes executing its actions
![Page 24: Network Protocols Network Systems Security Mort Anvari](https://reader035.vdocuments.us/reader035/viewer/2022081515/5697bf781a28abf838c81e6d/html5/thumbnails/24.jpg)
8/26/2004 24
Next Class
Network security tools to counter the effects of adversary actions
Cryptography backgrounds of network security tools