220 likes | 309 Views
Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols. Tom Chothia CWI. Today. What you can’t do with protocol: global consensus Activities that require global consensus Global consensus using probability or Trusted Third Party. BREAK Some commonly used protocol
E N D
Modelling and Analysing of Security Protocol: Lecture 14Some Real Life Protocols Tom Chothia CWI
Today • What you can’t do with protocol: global consensus • Activities that require global consensus • Global consensus using probability or Trusted Third Party. BREAK • Some commonly used protocol • Extracting a protocol from a RFC
Skills not Memorisation • What you have learn on this course (hopefully) are skill to design and analyse all (including future) protocols. • Not what protocols people are using at the moment...but here are some anyway
Common Encryption • AES: • Symmetric encryption • RSA: • Public key encryption scheme • OpenPGP • Public key encryption package
Diffie-Hellman • Cross between a protocol and Crypto method. • Common base for many protocols
Common Protocols • Kerberos • Which you should know well • SSL/TLS • Secure web-browsing • IPsec • Encrypted Internet packets (VPNs) • SSH • Remote secure login • PKI • Public Key Distribution without a central TTP
Real Life Protocols • Real Life Protocols include a lot of implementation details: • Negotiation of encryption schemes. • Versions numbers. • Data format. • Header layout. • Transmission speed.
IPsec • A “suite” of protocols for secure Internet traffic. • IKEv2 protocol used for key establishment. • It assumes that both parties have the public key of the other. • Mostly used for Virtual Private Networks (logging into work from your laptop)
RFCs • RFC are Requests For Comments. • They define the Internet. • For engineers and hackers, not computer scientists. • Extracting a protocol from an RFC is a skill.
IKEv2 • Key establishment for IPsec, RFC 4306 • A B : (ga mod p, Na) • B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb)
IKEv2 • Key establishment for IPsec, RFC 4306 • A B : (ga mod p, Na) • B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2 • Key establishment for IPsec, RFC 4306 • A B : (ga mod p, Na) • B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2 • Key establishment for IPsec, RFC 4306 • A B : (ga mod p, Na) • B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2 • Key establishment for IPsec, RFC 4306 • A B : (ga mod p, Na) • B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2 • Key establishment for IPsec, RFC 4306 • A B : (ga mod p, Na) • B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K
IKEv2 • Key establishment for IPsec, RFC 4306 • A B : (ga mod p, Na) • B A : (gb mod p, Nb) K = f(gab mod p, Na, Nb) 3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K 4. B A : {SignK(B,SignB(M1,M2), gd mod p, Nb2) }K First session key = f(gcd mod p, Na2, Nb2)
SSH • Remote Secure Log in.
Course Summary • The whole point of the course: • YOU don’t design a bad protocol • and YOU don’t use/accept a bad protocol
Course Summary • The whole point of the course: • YOU don’t design a bad protocol • and YOU don’t use/accept a bad protocol • Analysis of Protocols is a Science: • Attacker Model • Protocol Goals • Protocol Assumptions
Tools • You have tools to help you analysis • BAN logic: • Always think about the rules • ProVerif: • If you designing a protocol use it (or something like it) • Model Checking: • Very useful, not just for protocols.
Today • What you can’t do with protocol: global consensus • Activities that require global consensus • Global consensus using probability or Trusted Third Party. BREAK • Some commonly used protocol • Extracting a protocol from a RFC
Presentations • E-mail me ASAP.