70 likes | 197 Views
Ceremonies (in 3 minutes). Carl M. Ellison Microsoft 16 August 2005. Network Protocol. A. B. C. D. Alice. Bob. Carol. Ceremony. A. B. C. D. HTTPS MITM Protocol. Legitimate. MITM. User. HTTP(S). HTTP(S). PC. Channel Setup. a. b. c. d. HTTPS MITM Ceremony. Legitimate.
E N D
Ceremonies(in 3 minutes) Carl M. Ellison Microsoft 16 August 2005
Network Protocol A B C D
Alice Bob Carol Ceremony A B C D
HTTPS MITM Protocol Legitimate MITM User HTTP(S) HTTP(S) PC Channel Setup a b c d
HTTPS MITM Ceremony Legitimate MITM User HTTP(S) HTTP(S) PC a b Channel Setup c d e f g
Conclusion • Design a great protocol, prove it secure; add a user, it’s insecure • Design a great protocol, prove it secure; embed it in a larger protocol, it’s insecure • These two observations aren’t just similar • …with Ceremonies, they are the same statement.
Alice Bob Carol Think Ceremonies A B C D