Presentation is loading. Please wait.

Presentation is loading. Please wait.

Analyzing Key Distribution and Authentication Protocols

Published byΔαίμων Νικολαΐδης Modified over 5 years ago

Similar presentations

Presentation on theme: "Analyzing Key Distribution and Authentication Protocols"— Presentation transcript:

1 Analyzing Key Distribution and Authentication Protocols
Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e, by William Stallings, Chapter 14 – “Key Management and Distribution”. © 2015 Richard Newman 1

2 Analysis of Key Distribution Protocols
Ways to break cryptographic controls: The cipher algorithm is broken The keyspace is too small The protocol is broken The implementation is broken The system does not protect the keys adequately Opening quote. 2

3 Analysis of Key Distribution Protocols
The cipher algorithm is broken Use good, tested algorithms The keyspace is too small Use large enough keys Make sure key selection has sufficient entropy Opening quote. 3

4 Analysis of Key Distribution Protocols
The implementation is broken Take care about random numbers Take care about key gen & rotation Take care about leaks The system does not protect the keys adequately Enforce adequate security policies and use good controls in rest of system Opening quote. 4

5 Analysis of Key Distribution Protocols
The protocol is broken Analyze the protocol Prove its properties Determine its assumptions Identify the obligations it places on the environment Make sure requirements are satisfied! Opening quote. 5

6 Analysis of Key Distribution Protocols
If the protocol is broken, no amount of patching will fix it What does it expect/require of underlying cryptographic functions? What does it require of generated variables (e.g., nonces, random numbers) What does it expect of the system Opening quote. 6

7 Analysis of Key Distribution Protocols
If the protocol is broken, no amount of patching will fix it By definition, protocols are used by multiple parties Require parties to use same protocol Protocol change requires all parties using it to change also – how to coordinate? Need to make new protocol (version) Opening quote. 7

8 How do We Analyze Protocols?
Burroughs, Abadi, and Needham introduced BAN Logic Many other logics since then Many other analysis techniques also But BAN logic is relatively simple and suffices to expose much of what we want: assumptions vulnerabilities flaws The topics of cryptographic key management and cryptographic key distribution are complex, involving cryptographic, protocol, and management considerations. The purpose of this chapter is to give the reader a feel for the issues involved and a broad survey of the various aspects of key management and distribution. 8

9 BAN Logic See DES SRC-039 Tech Report Steps:
Transform protocol to idealized protocol State initial assumptions Associate assertions with messages Apply postulates to beliefs and assertions to derive additional beliefs Opening quote. 9

10 BAN Logic Monotonic logic: Only add, never subtract belief
Questions it helps answer: What does this protocol achieve? Does this protocol require more assumptions than another one? Does this protocol do anything unnecessary (e.g., encryption)? Opening quote. 10

11 BAN Logic Notation P, Q, S – Principals X, Y – formulas or statements
Ka – A’s public key Ka-1 – A’s corresponding private key Kab – Symmetric key for A and B {X}K – encryption (or signing) of X with K <X>Y – authentication of X using secret Y P → Q: M – P sends Q message M Opening quote. 11

Download ppt "Analyzing Key Distribution and Authentication Protocols"

Similar presentations

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
BAN Logic A Logic of Authentication Presentation by Heather Goldsby Michelle Pirtle (Mike Burrows, Marin Abadi, Roger Needham) Published 1989, SRC Research.

BAN Logic A Logic of Authentication Presentation by Heather Goldsby Michelle Pirtle (Mike Burrows, Marin Abadi, Roger Needham) Published 1989, SRC Research.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.
Chapter 2 Protocols Controlling communications of principals in systems.

Chapter 2 Protocols Controlling communications of principals in systems.
Secure Authentication Using Biometric Data Andrew Ackerman Professor Ostrovsky.

Secure Authentication Using Biometric Data Andrew Ackerman Professor Ostrovsky.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Information Security of Embedded Systems 10.2.2010: BAN-Logic Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.

Information Security of Embedded Systems : BAN-Logic Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Cryptography and Network Security Chapter 7

Cryptography and Network Security Chapter 7
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Overview & Chapter 1 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester 2008-2009 ITGD 2202 University of Palestine.

Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 11: Message Authentication and Hash Functions Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
BAN LOGIC Amit Chetal Monica Desai November 14, 2001

BAN LOGIC Amit Chetal Monica Desai November 14, 2001
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 2 – Cryptographic.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
CRYPTOGRAPHY. TOPICS OF SEMINAR Introduction & Related Terms Categories and Aspects of cryptography Model of Network Security Encryption Techniques Public.

CRYPTOGRAPHY. TOPICS OF SEMINAR Introduction & Related Terms Categories and Aspects of cryptography Model of Network Security Encryption Techniques Public.
Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 12 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Protocols Network Systems Security Mort Anvari.

Network Protocols Network Systems Security Mort Anvari.
CS555Spring 2012/Topic 31 Cryptography CS 555 Topic 3: One-time Pad and Perfect Secrecy.

CS555Spring 2012/Topic 31 Cryptography CS 555 Topic 3: One-time Pad and Perfect Secrecy.

Similar presentations

Ads by Google