Analyzing Key Distribution and Authentication Protocols Lecture slides by Lawrie Brown for “Cryptography and Network Security”, 5/e, by William Stallings, Chapter 14 – “Key Management and Distribution”. © 2015 Richard Newman 1

Analysis of Key Distribution Protocols Ways to break cryptographic controls: The cipher algorithm is broken The keyspace is too small The protocol is broken The implementation is broken The system does not protect the keys adequately Opening quote. 2

Analysis of Key Distribution Protocols The cipher algorithm is broken Use good, tested algorithms The keyspace is too small Use large enough keys Make sure key selection has sufficient entropy Opening quote. 3

Analysis of Key Distribution Protocols The implementation is broken Take care about random numbers Take care about key gen & rotation Take care about leaks The system does not protect the keys adequately Enforce adequate security policies and use good controls in rest of system Opening quote. 4

Analysis of Key Distribution Protocols The protocol is broken Analyze the protocol Prove its properties Determine its assumptions Identify the obligations it places on the environment Make sure requirements are satisfied! Opening quote. 5

Analysis of Key Distribution Protocols If the protocol is broken, no amount of patching will fix it What does it expect/require of underlying cryptographic functions? What does it require of generated variables (e.g., nonces, random numbers) What does it expect of the system Opening quote. 6

Analysis of Key Distribution Protocols If the protocol is broken, no amount of patching will fix it By definition, protocols are used by multiple parties Require parties to use same protocol Protocol change requires all parties using it to change also – how to coordinate? Need to make new protocol (version) Opening quote. 7

How do We Analyze Protocols? Burroughs, Abadi, and Needham introduced BAN Logic Many other logics since then Many other analysis techniques also But BAN logic is relatively simple and suffices to expose much of what we want: assumptions vulnerabilities flaws The topics of cryptographic key management and cryptographic key distribution are complex, involving cryptographic, protocol, and management considerations. The purpose of this chapter is to give the reader a feel for the issues involved and a broad survey of the various aspects of key management and distribution. 8

BAN Logic See DES SRC-039 Tech Report Steps: Transform protocol to idealized protocol State initial assumptions Associate assertions with messages Apply postulates to beliefs and assertions to derive additional beliefs Opening quote. 9

BAN Logic Monotonic logic: Only add, never subtract belief Questions it helps answer: What does this protocol achieve? Does this protocol require more assumptions than another one? Does this protocol do anything unnecessary (e.g., encryption)? Opening quote. 10

BAN Logic Notation P, Q, S – Principals X, Y – formulas or statements Ka – A’s public key Ka-1 – A’s corresponding private key Kab – Symmetric key for A and B {X}K – encryption (or signing) of X with K <X>Y – authentication of X using secret Y P → Q: M – P sends Q message M Opening quote. 11