Download presentation

Presentation is loading. Please wait.

Published byAllan Humphries Modified over 2 years ago

1
Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI

2
Today What you can’t do with protocol: global consensus Activities that require global consensus Global consensus using probability or Trusted Third Party. BREAK Some commonly used protocol Extracting a protocol from a RFC

3
Skills not Memorisation What you have learn on this course (hopefully) are skill to design and analyse all (including future) protocols. Not what protocols people are using at the moment...but here are some anyway

4
Common Encryption AES: –Symmetric encryption RSA: –Public key encryption scheme OpenPGP –Public key encryption package

5
Diffie-Hellman Cross between a protocol and Crypto method. Common base for many protocols

6
Common Protocols Kerberos –Which you should know well SSL/TLS –Secure web-browsing IPsec –Encrypted Internet packets (VPNs) SSH –Remote secure login PKI –Public Key Distribution without a central TTP

7
Real Life Protocols Real Life Protocols include a lot of implementation details: –Negotiation of encryption schemes. –Versions numbers. –Data format. –Header layout. –Transmission speed.

8
IPsec A “suite” of protocols for secure Internet traffic. –IKEv2 protocol used for key establishment. It assumes that both parties have the public key of the other. Mostly used for Virtual Private Networks (logging into work from your laptop)

9
RFCs RFC are Requests For Comments. They define the Internet. For engineers and hackers, not computer scientists. Extracting a protocol from an RFC is a skill.

10
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b )

11
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

12
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

13
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

14
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

15
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

16
IKEv2 Key establishment for IPsec, RFC 4306 1.A B : (g a mod p, N a ) 2.B A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K 4. B A : {Sign K (B,Sign B (M1,M2), g d mod p, N b2 ) } K First session key = f(g cd mod p, N a2, N b2 )

17
SSH Remote Secure Log in.

18
Course Summary The whole point of the course: –YOU don’t design a bad protocol –and YOU don’t use/accept a bad protocol

19
Course Summary The whole point of the course: –YOU don’t design a bad protocol –and YOU don’t use/accept a bad protocol Analysis of Protocols is a Science: –Attacker Model –Protocol Goals –Protocol Assumptions

20
Tools You have tools to help you analysis BAN logic: –Always think about the rules ProVerif: –If you designing a protocol use it (or something like it) Model Checking: –Very useful, not just for protocols.

21
Today What you can’t do with protocol: global consensus Activities that require global consensus Global consensus using probability or Trusted Third Party. BREAK Some commonly used protocol Extracting a protocol from a RFC

22
Presentations E-mail me ASAP.

Similar presentations

OK

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on ideal gas laws Ppt on microsoft excel 2007 Ppt on poet robert frost Ppt on steps Ppt on different sectors of economy for class 10 Free ppt on mobile number portability vodafone Ppt on nutrition in plants and animals Ppt on india vision 2020 Ppt on word association test Ppt on eid festival food