Network Protocols Network Systems Security Mort Anvari

8/26/20042 Network Protocols Abstractions of communication between two processes over a network Define message formats Define legitimate sequence of messages Take care of physical details of different network hardware and machines Separate tasks in complex communication networks For example, FTP and ARP

8/26/20043 Protocol Layering Many problems need to be solved in a communication network These problems can be divided into smaller sets and different protocols are designed for each set of problem Protocols can be organized into layers to keep them easy to manage

8/26/20044 Properties of Protocol Layer Functions of each layer are independent of functions of other layers Thus each layer is like a module and can be developed independently Each layer builds on services provided by lower layers Thus no need to worry about details of lower layers -- transparent to this layer

8/26/20045 Protocol Stack: OSI Model Application Presentation Session Transport Network Data link Physical

8/26/20046 Communicating End Hosts Application Presentation Session Transport Network Data link Physical Application Presentation Session Transport Network Data link Physical Network Data link Physical Host Router

8/26/20047 Verification of Network Protocols Many complex protocols performs multiple functions with multiple messages It is desirable to verify that a protocol can correctly perform functions that it was designed for Particularly important for security protocols

8/26/20048 Traditional Ways of Network Protocol Specification Plain English Time charts Programming languages

8/26/20049 Shortcomings of Plain English Ambiguity Different words can have similar meanings process p sends message m to process q process p transmits message m to process q process p forwards message m to process q process p delivers message m to process q Same word can have different meanings process p sends message m to process q process p sends file f to process q

8/26/ Shortcoming of Time Chart Not scalable Many legitimate sequences of messages Cannot list all possible legitimate sequences when the number of sequences grows exponentially

8/26/ Shortcoming of Using Programming Language Hard to prove correctness of protocol specification For example, protocol specified in C language may involve overlap, and may involve transmission delay

8/26/ Formal Ways of Network Protocol Specification BAN logic Abstract Protocol Notation

8/26/ BAN Logic Invented by Burrows, Abadi, and Needham Use logical constructs and postulates to analyze authentication protocols and uncover various protocol weaknesses

8/26/ Logical Constructs Assume P and Q are network agents, X is a message, and K is an encryption key P believes X: P acts as if X is true, and may assert X in other messages P has jurisdiction over X: P's beliefs about X should be trusted P said X: At one time, P transmitted (and believed) message X, although P might no longer believe X P sees X: P receives message X, and can read and repeat X {X} K : X is encrypted with key K fresh(X): X was sent recently key(K, P Q): P and Q may communicate with shared key K

8/26/ Examples of Postulates If P believes key(K, P Q), and P sees {X} K, then P believes (Q said X) If P believes (Q said X) and P believes fresh(X), then P believes (Q believes X) If P believes (Q has jurisdiction over X) and P believes (Q believes X), then P believes X If P believes that Q said, the concatenation of X and Y, then P also believes that Q said X, and P also believes that Q said Y

8/26/ Shortcomings of BAN Logic High level of abstraction Need for a protocol idealization step, in which user is required to transform each message in a protocol into formulas Can only verify a round everytime

8/26/ Abstract Protocol Notation Presented by Mohamed Gouda in the book Elements of Network Protocol Design Formal and scalable Proof of correctness of protocol specification can be easily done using state transition diagram

8/26/ Communication Model A network of processes and two unbounded FIFO channels between every two processes process p … process q … Set of messages

8/26/ Process Specification Each process in a protocol is specified as follows process px inp : … : var : … : begin [] … [] end

8/26/ Action Execution Specified as -> Satisfy three conditions Atomic: actions in the whole protocol are executed one at a time; one action cannot start while another action execution is in progress Non-deterministic: an action is executed only when its guard is true Fair: if guard of an action is continuously true, then the action is eventually executed

8/26/ State Transition Diagram Define semantic of a protocol State is defined by a value for each variable in protocol and by a message set for each channel in protocol Transition is movement from current state to next state triggered by an action execution

8/26/ Adversary Model Adversary can change contents of protocol channels by executing the following actions a finite number of times Message loss: lose an original message Message modification: modify the field of an original message to cause a modified message Message replay: replace an original message by another original message to cause a replayed message Message insertion: add to a channel a finite number of arbitrary messages

8/26/ Prove Correctness of Secure Protocol Execution of adversary actions may lead the protocol to a bad state Protocol is said to be correct if it converges to its good cycle in a finite number of steps after adversary finishes executing its actions

8/26/ Next Class Network security tools to counter the effects of adversary actions Cryptography backgrounds of network security tools