Download Lecture14

Modelling and Analysing of
Security Protocol: Lecture 14
Some Real Life Protocols
Tom Chothia
CWI
Today
• What you can’t do with protocol: global
consensus
• Activities that require global consensus
• Global consensus using probability or
Trusted Third Party.
BREAK
• Some commonly used protocol
• Extracting a protocol from a RFC
Skills not Memorisation
• What you have learn on this course
(hopefully) are skill to design and
analyse all (including future) protocols.
• Not what protocols people are using at
the moment...but here are some anyway
Common Encryption
• AES:
– Symmetric encryption
• RSA:
– Public key encryption scheme
• OpenPGP
– Public key encryption package
Diffie-Hellman
• Cross between a protocol and Crypto
method.
• Common base for many protocols
Common Protocols
• Kerberos
– Which you should know well
• SSL/TLS
– Secure web-browsing
• IPsec
– Encrypted Internet packets (VPNs)
• SSH
– Remote secure login
• PKI
– Public Key Distribution without a central TTP
Real Life Protocols
• Real Life Protocols include a lot of
implementation details:
– Negotiation of encryption schemes.
– Versions numbers.
– Data format.
– Header layout.
– Transmission speed.
IPsec
• A “suite” of protocols for secure Internet
traffic.
– IKEv2 protocol used for key establishment.
• It assumes that both parties have the public
key of the other.
• Mostly used for Virtual Private Networks
(logging into work from your laptop)
RFCs
• RFC are Requests For Comments.
• They define the Internet.
• For engineers and hackers, not computer
scientists.
• Extracting a protocol from an RFC is a skill.
IKEv2
•
Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
IKEv2
•
Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
•
Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
•
Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
•
Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
•
Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2
•
Key establishment for IPsec, RFC 4306
1. A B : (ga mod p, Na)
2. B A : (gb mod p, Nb)
K = f(gab mod p, Na, Nb)
3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
4. B A : {SignK(B,SignB(M1,M2), gd mod p, Nb2) }K
First session key = f(gcd mod p, Na2, Nb2)
SSH
• Remote Secure Log in.
Course Summary
• The whole point of the course:
– YOU don’t design a bad protocol
– and YOU don’t use/accept a bad protocol
Course Summary
• The whole point of the course:
– YOU don’t design a bad protocol
– and YOU don’t use/accept a bad protocol
• Analysis of Protocols is a Science:
– Attacker Model
– Protocol Goals
– Protocol Assumptions
Tools
• You have tools to help you analysis
• BAN logic:
– Always think about the rules
• ProVerif:
– If you designing a protocol use it (or something
like it)
• Model Checking:
– Very useful, not just for protocols.
Today
• What you can’t do with protocol: global
consensus
• Activities that require global consensus
• Global consensus using probability or
Trusted Third Party.
BREAK
• Some commonly used protocol
• Extracting a protocol from a RFC
Presentations
• E-mail me ASAP.