Modelling and Analysing of Security Protocol: Lecture 14

Some Real Life Protocols

Tom Chothia

CWI

Today

• What you can’t do with protocol: global consensus

• Activities that require global consensus• Global consensus using probability or

Trusted Third Party.BREAK• Some commonly used protocol• Extracting a protocol from a RFC

Skills not Memorisation

• What you have learn on this course (hopefully) are skill to design and analyse all (including future) protocols.

• Not what protocols people are using at the moment...but here are some anyway

Common Encryption

• AES:– Symmetric encryption

• RSA:– Public key encryption scheme

• OpenPGP– Public key encryption package

Diffie-Hellman

• Cross between a protocol and Crypto method.

• Common base for many protocols

Common Protocols

• Kerberos– Which you should know well

• SSL/TLS– Secure web-browsing

• IPsec– Encrypted Internet packets (VPNs)

• SSH– Remote secure login

• PKI– Public Key Distribution without a central TTP

Real Life Protocols

• Real Life Protocols include a lot of implementation details:– Negotiation of encryption schemes.– Versions numbers.– Data format.– Header layout.– Transmission speed.

IPsec

• A “suite” of protocols for secure Internet traffic.– IKEv2 protocol used for key establishment.

• It assumes that both parties have the public key of the other.

• Mostly used for Virtual Private Networks (logging into work from your laptop)

RFCs

• RFC are Requests For Comments.

• They define the Internet.

• For engineers and hackers, not computer scientists.

• Extracting a protocol from an RFC is a skill.

IKEv2

• Key establishment for IPsec, RFC 4306

1. A B : (ga mod p, Na)

2. B A : (gb mod p, Nb)

K = f(gab mod p, Na, Nb)

IKEv2

• Key establishment for IPsec, RFC 4306

1. A B : (ga mod p, Na)

2. B A : (gb mod p, Nb)

K = f(gab mod p, Na, Nb)

3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K

IKEv2

• Key establishment for IPsec, RFC 4306

1. A B : (ga mod p, Na)

2. B A : (gb mod p, Nb)

K = f(gab mod p, Na, Nb)

3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K

IKEv2

• Key establishment for IPsec, RFC 4306

1. A B : (ga mod p, Na)

2. B A : (gb mod p, Nb)

K = f(gab mod p, Na, Nb)

3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K

IKEv2

• Key establishment for IPsec, RFC 4306

1. A B : (ga mod p, Na)

2. B A : (gb mod p, Nb)

K = f(gab mod p, Na, Nb)

3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K

IKEv2

• Key establishment for IPsec, RFC 4306

1. A B : (ga mod p, Na)

2. B A : (gb mod p, Nb)

K = f(gab mod p, Na, Nb)

3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K

IKEv2

• Key establishment for IPsec, RFC 4306

1. A B : (ga mod p, Na)

2. B A : (gb mod p, Nb)

K = f(gab mod p, Na, Nb)

3. A B : {SignK(A,SignA(M1,M2), gc mod p, Na2) }K

4. B A : {SignK(B,SignB(M1,M2), gd mod p, Nb2) }K

First session key = f(gcd mod p, Na2, Nb2)

SSH

• Remote Secure Log in.

Course Summary

• The whole point of the course:– YOU don’t design a bad protocol– and YOU don’t use/accept a bad protocol

Course Summary

• The whole point of the course:– YOU don’t design a bad protocol– and YOU don’t use/accept a bad protocol

• Analysis of Protocols is a Science:– Attacker Model– Protocol Goals– Protocol Assumptions

Tools

• You have tools to help you analysis

• BAN logic:– Always think about the rules

• ProVerif:– If you designing a protocol use it (or something

like it)

• Model Checking: – Very useful, not just for protocols.

Today

• What you can’t do with protocol: global consensus

• Activities that require global consensus• Global consensus using probability or

Trusted Third Party.BREAK• Some commonly used protocol• Extracting a protocol from a RFC

Presentations

• E-mail me ASAP.