Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols

1
Modelling and Analysing of Security Protocol
Lecture 14Some Real Life Protocols

• Tom Chothia
• CWI

2
Today

• What you cant do with protocol global consensus
• Activities that require global consensus
• Global consensus using probability or Trusted
  Third Party.
• BREAK
• Some commonly used protocol
• Extracting a protocol from a RFC

3
Skills not Memorisation

• What you have learn on this course (hopefully)
  are skill to design and analyse all (including
  future) protocols.
• Not what protocols people are using at the
  moment...but here are some anyway

4
Common Encryption

• AES
• Symmetric encryption
• RSA
• Public key encryption scheme
• OpenPGP
• Public key encryption package

5
Diffie-Hellman

• Cross between a protocol and Crypto method.
• Common base for many protocols

6
Common Protocols

• Kerberos
• Which you should know well
• SSL/TLS
• Secure web-browsing
• IPsec
• Encrypted Internet packets (VPNs)
• SSH
• Remote secure login
• PKI
• Public Key Distribution without a central TTP

7
Real Life Protocols

• Real Life Protocols include a lot of
  implementation details
• Negotiation of encryption schemes.
• Versions numbers.
• Data format.
• Header layout.
• Transmission speed.

8
IPsec

• A suite of protocols for secure Internet
  traffic.
• IKEv2 protocol used for key establishment.
• It assumes that both parties have the public key
  of the other.
• Mostly used for Virtual Private Networks (logging
  into work from your laptop)

9
RFCs

• RFC are Requests For Comments.
• They define the Internet.
• For engineers and hackers, not computer
  scientists.
• Extracting a protocol from an RFC is a skill.

10
IKEv2

• Key establishment for IPsec, RFC 4306
• A ??B (ga mod p, Na)
• B ??A (gb mod p, Nb)
• K f(gab mod p, Na, Nb)

11
IKEv2

• Key establishment for IPsec, RFC 4306
• A ??B (ga mod p, Na)
• B ??A (gb mod p, Nb)
• K f(gab mod p, Na, Nb)
• 3. A ??B SignK(A,SignA(M1,M2), gc mod p, Na2)
  K

12
IKEv2

• Key establishment for IPsec, RFC 4306
• A ??B (ga mod p, Na)
• B ??A (gb mod p, Nb)
• K f(gab mod p, Na, Nb)
• 3. A ??B SignK(A,SignA(M1,M2), gc mod p, Na2)
  K

13
IKEv2

• Key establishment for IPsec, RFC 4306
• A ??B (ga mod p, Na)
• B ??A (gb mod p, Nb)
• K f(gab mod p, Na, Nb)
• 3. A ??B SignK(A,SignA(M1,M2), gc mod p, Na2)
  K

14
IKEv2

• Key establishment for IPsec, RFC 4306
• A ??B (ga mod p, Na)
• B ??A (gb mod p, Nb)
• K f(gab mod p, Na, Nb)
• 3. A ??B SignK(A,SignA(M1,M2), gc mod p, Na2)
  K

15
IKEv2

• Key establishment for IPsec, RFC 4306
• A ??B (ga mod p, Na)
• B ??A (gb mod p, Nb)
• K f(gab mod p, Na, Nb)
• 3. A ??B SignK(A,SignA(M1,M2), gc mod p, Na2)
  K

16
IKEv2

• Key establishment for IPsec, RFC 4306
• A ??B (ga mod p, Na)
• B ??A (gb mod p, Nb)
• K f(gab mod p, Na, Nb)
• 3. A ??B SignK(A,SignA(M1,M2), gc mod p, Na2)
  K
• 4. B ??A SignK(B,SignB(M1,M2), gd mod p, Nb2)
  K
• First session key f(gcd mod p, Na2, Nb2)

17
SSH

• Remote Secure Log in.

18
Course Summary

• The whole point of the course
• YOU dont design a bad protocol
• and YOU dont use/accept a bad protocol

19
Course Summary

• The whole point of the course
• YOU dont design a bad protocol
• and YOU dont use/accept a bad protocol
• Analysis of Protocols is a Science
• Attacker Model
• Protocol Goals
• Protocol Assumptions

20
Tools

• You have tools to help you analysis
• BAN logic
• Always think about the rules
• ProVerif
• If you designing a protocol use it (or something
  like it)
• Model Checking
• Very useful, not just for protocols.

21
Today

• What you cant do with protocol global consensus
• Activities that require global consensus
• Global consensus using probability or Trusted
  Third Party.
• BREAK
• Some commonly used protocol
• Extracting a protocol from a RFC

22
Presentations

• E-mail me ASAP.