Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI Today • What you can’t do with protocol: global consensus • Activities that require global consensus • Global consensus using probability or Trusted Third Party. BREAK • Some commonly used protocol • Extracting a protocol from a RFC Skills not Memorisation • What you have learn on this course (hopefully) are skill to design and analyse all (including future) protocols. • Not what protocols people are using at the moment...but here are some anyway Common Encryption • AES: – Symmetric encryption • RSA: – Public key encryption scheme • OpenPGP – Public key encryption package Diffie-Hellman • Cross between a protocol and Crypto method. • Common base for many protocols Common Protocols • Kerberos – Which you should know well • SSL/TLS – Secure web-browsing • IPsec – Encrypted Internet packets (VPNs) • SSH – Remote secure login • PKI – Public Key Distribution without a central TTP Real Life Protocols • Real Life Protocols include a lot of implementation details: – Negotiation of encryption schemes. – Versions numbers. – Data format. – Header layout. – Transmission speed. IPsec • A “suite” of protocols for secure Internet traffic. – IKEv2 protocol used for key establishment. • It assumes that both parties have the public key of the other. • Mostly used for Virtual Private Networks (logging into work from your laptop) RFCs • RFC are Requests For Comments. • They define the Internet. • For engineers and hackers, not computer scientists. • Extracting a protocol from an RFC is a skill. IKEv2 • Key establishment for IPsec, RFC 4306 1. A B : (ga mod p, Na) 2. B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) IKEv2 • Key establishment for IPsec, RFC 4306 1. A B : (ga mod p, Na) 2. B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K IKEv2 • Key establishment for IPsec, RFC 4306 1. A B : (ga mod p, Na) 2. B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K IKEv2 • Key establishment for IPsec, RFC 4306 1. A B : (ga mod p, Na) 2. B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K IKEv2 • Key establishment for IPsec, RFC 4306 1. A B : (ga mod p, Na) 2. B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K IKEv2 • Key establishment for IPsec, RFC 4306 1. A B : (ga mod p, Na) 2. B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K IKEv2 • Key establishment for IPsec, RFC 4306 1. A B : (ga mod p, Na) 2. B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K 4. B A : {SignK(B,SignB(M1,M2), gd mod p, Nb2) }K First session key = f(gcd mod p, Na2, Nb2) SSH • Remote Secure Log in. Course Summary • The whole point of the course: – YOU don’t design a bad protocol – and YOU don’t use/accept a bad protocol Course Summary • The whole point of the course: – YOU don’t design a bad protocol – and YOU don’t use/accept a bad protocol • Analysis of Protocols is a Science: – Attacker Model – Protocol Goals – Protocol Assumptions Tools • You have tools to help you analysis • BAN logic: – Always think about the rules • ProVerif: – If you designing a protocol use it (or something like it) • Model Checking: – Very useful, not just for protocols. Today • What you can’t do with protocol: global consensus • Activities that require global consensus • Global consensus using probability or Trusted Third Party. BREAK • Some commonly used protocol • Extracting a protocol from a RFC Presentations • E-mail me ASAP.