Embed Size (px)
Citation preview
Modelling and Analysing of Security Protocol: Lecture 14
Some Real Life Protocols
Tom Chothia
CWI
Today
• What you can’t do with protocol: global consensus
• Activities that require global consensus• Global consensus using probability or
Trusted Third Party.BREAK• Some commonly used protocol• Extracting a protocol from a RFC
Skills not Memorisation
• What you have learn on this course (hopefully) are skill to design and analyse all (including future) protocols.
• Not what protocols people are using at the moment...but here are some anyway
Common Encryption
• AES:– Symmetric encryption
• RSA:– Public key encryption scheme
• OpenPGP– Public key encryption package
Diffie-Hellman
• Cross between a protocol and Crypto method.
• Common base for many protocols
Common Protocols
• Kerberos– Which you should know well
• SSL/TLS– Secure web-browsing
• IPsec– Encrypted Internet packets (VPNs)
• SSH– Remote secure login
• PKI– Public Key Distribution without a central TTP
Real Life Protocols
• Real Life Protocols include a lot of implementation details:– Negotiation of encryption schemes.– Versions numbers.– Data format.– Header layout.– Transmission speed.
IPsec
• A “suite” of protocols for secure Internet traffic.– IKEv2 protocol used for key establishment.
• It assumes that both parties have the public key of the other.
• Mostly used for Virtual Private Networks (logging into work from your laptop)
RFCs
• RFC are Requests For Comments.
• They define the Internet.
• For engineers and hackers, not computer scientists.
• Extracting a protocol from an RFC is a skill.
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
• Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
4. B A : {SignK(B,SignB(M1,M2), gd mod p, Nb2) }K
First session key = f(gcd mod p, Na2, Nb2)
SSH
• Remote Secure Log in.
Course Summary
• The whole point of the course:– YOU don’t design a bad protocol– and YOU don’t use/accept a bad protocol
Course Summary
• The whole point of the course:– YOU don’t design a bad protocol– and YOU don’t use/accept a bad protocol
• Analysis of Protocols is a Science:– Attacker Model– Protocol Goals– Protocol Assumptions
Tools
• You have tools to help you analysis
• BAN logic:– Always think about the rules
• ProVerif:– If you designing a protocol use it (or something
like it)
• Model Checking: – Very useful, not just for protocols.
Today
• What you can’t do with protocol: global consensus
• Activities that require global consensus• Global consensus using probability or
Trusted Third Party.BREAK• Some commonly used protocol• Extracting a protocol from a RFC
Presentations
• E-mail me ASAP.
