Download presentation

Presentation is loading. Please wait.

Published byAllan Humphries Modified over 3 years ago

1
Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI

2
Today What you can’t do with protocol: global consensus Activities that require global consensus Global consensus using probability or Trusted Third Party. BREAK Some commonly used protocol Extracting a protocol from a RFC

3
Skills not Memorisation What you have learn on this course (hopefully) are skill to design and analyse all (including future) protocols. Not what protocols people are using at the moment...but here are some anyway

4
Common Encryption AES: –Symmetric encryption RSA: –Public key encryption scheme OpenPGP –Public key encryption package

5
Diffie-Hellman Cross between a protocol and Crypto method. Common base for many protocols

6
Common Protocols Kerberos –Which you should know well SSL/TLS –Secure web-browsing IPsec –Encrypted Internet packets (VPNs) SSH –Remote secure login PKI –Public Key Distribution without a central TTP

7
Real Life Protocols Real Life Protocols include a lot of implementation details: –Negotiation of encryption schemes. –Versions numbers. –Data format. –Header layout. –Transmission speed.

8
IPsec A “suite” of protocols for secure Internet traffic. –IKEv2 protocol used for key establishment. It assumes that both parties have the public key of the other. Mostly used for Virtual Private Networks (logging into work from your laptop)

9
RFCs RFC are Requests For Comments. They define the Internet. For engineers and hackers, not computer scientists. Extracting a protocol from an RFC is a skill.

10
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b )

11
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

12
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

13
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

14
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

15
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

16
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K 4. B A : {Sign K (B,Sign B (M1,M2), g d mod p, N b2 ) } K First session key = f(g cd mod p, N a2, N b2 )

17
SSH Remote Secure Log in.

18
Course Summary The whole point of the course: –YOU don’t design a bad protocol –and YOU don’t use/accept a bad protocol

19
Course Summary The whole point of the course: –YOU don’t design a bad protocol –and YOU don’t use/accept a bad protocol Analysis of Protocols is a Science: –Attacker Model –Protocol Goals –Protocol Assumptions

20
Tools You have tools to help you analysis BAN logic: –Always think about the rules ProVerif: –If you designing a protocol use it (or something like it) Model Checking: –Very useful, not just for protocols.

21
Today What you can’t do with protocol: global consensus Activities that require global consensus Global consensus using probability or Trusted Third Party. BREAK Some commonly used protocol Extracting a protocol from a RFC

22
Presentations E-mail me ASAP.

Similar presentations

OK

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

© 2018 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google