Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI.

Similar presentations


Presentation on theme: "Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI."— Presentation transcript:

1 Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI

2 Today What you can’t do with protocol: global consensus Activities that require global consensus Global consensus using probability or Trusted Third Party. BREAK Some commonly used protocol Extracting a protocol from a RFC

3 Skills not Memorisation What you have learn on this course (hopefully) are skill to design and analyse all (including future) protocols. Not what protocols people are using at the moment...but here are some anyway

4 Common Encryption AES: –Symmetric encryption RSA: –Public key encryption scheme OpenPGP –Public key encryption package

5 Diffie-Hellman Cross between a protocol and Crypto method. Common base for many protocols

6 Common Protocols Kerberos –Which you should know well SSL/TLS –Secure web-browsing IPsec –Encrypted Internet packets (VPNs) SSH –Remote secure login PKI –Public Key Distribution without a central TTP

7 Real Life Protocols Real Life Protocols include a lot of implementation details: –Negotiation of encryption schemes. –Versions numbers. –Data format. –Header layout. –Transmission speed.

8 IPsec A “suite” of protocols for secure Internet traffic. –IKEv2 protocol used for key establishment. It assumes that both parties have the public key of the other. Mostly used for Virtual Private Networks (logging into work from your laptop)

9 RFCs RFC are Requests For Comments. They define the Internet. For engineers and hackers, not computer scientists. Extracting a protocol from an RFC is a skill.

10 IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b )

11 IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

12 IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

13 IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

14 IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

15 IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

16 IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K 4. B  A : {Sign K (B,Sign B (M1,M2), g d mod p, N b2 ) } K First session key = f(g cd mod p, N a2, N b2 )

17 SSH Remote Secure Log in.

18 Course Summary The whole point of the course: –YOU don’t design a bad protocol –and YOU don’t use/accept a bad protocol

19 Course Summary The whole point of the course: –YOU don’t design a bad protocol –and YOU don’t use/accept a bad protocol Analysis of Protocols is a Science: –Attacker Model –Protocol Goals –Protocol Assumptions

20 Tools You have tools to help you analysis BAN logic: –Always think about the rules ProVerif: –If you designing a protocol use it (or something like it) Model Checking: –Very useful, not just for protocols.

21 Today What you can’t do with protocol: global consensus Activities that require global consensus Global consensus using probability or Trusted Third Party. BREAK Some commonly used protocol Extracting a protocol from a RFC

22 Presentations me ASAP.


Download ppt "Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI."

Similar presentations


Ads by Google