Modelling and Analysing of Security Protocol: Lecture 14 Some Real Life Protocols Tom Chothia CWI

Today What you can’t do with protocol: global consensus Activities that require global consensus Global consensus using probability or Trusted Third Party. BREAK Some commonly used protocol Extracting a protocol from a RFC

Skills not Memorisation What you have learn on this course (hopefully) are skill to design and analyse all (including future) protocols. Not what protocols people are using at the moment...but here are some anyway

Common Encryption AES: –Symmetric encryption RSA: –Public key encryption scheme OpenPGP –Public key encryption package

Diffie-Hellman Cross between a protocol and Crypto method. Common base for many protocols

Common Protocols Kerberos –Which you should know well SSL/TLS –Secure web-browsing IPsec –Encrypted Internet packets (VPNs) SSH –Remote secure login PKI –Public Key Distribution without a central TTP

Real Life Protocols Real Life Protocols include a lot of implementation details: –Negotiation of encryption schemes. –Versions numbers. –Data format. –Header layout. –Transmission speed.

IPsec A “suite” of protocols for secure Internet traffic. –IKEv2 protocol used for key establishment. It assumes that both parties have the public key of the other. Mostly used for Virtual Private Networks (logging into work from your laptop)

RFCs RFC are Requests For Comments. They define the Internet. For engineers and hackers, not computer scientists. Extracting a protocol from an RFC is a skill.

IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b )

IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K

IKEv2 Key establishment for IPsec, RFC A  B : (g a mod p, N a ) 2.B  A : (g b mod p, N b ) K = f(g ab mod p, N a, N b ) 3. A  B : {Sign K (A,Sign A (M1,M2), g c mod p, N a2 ) } K 4. B  A : {Sign K (B,Sign B (M1,M2), g d mod p, N b2 ) } K First session key = f(g cd mod p, N a2, N b2 )

SSH Remote Secure Log in.

Course Summary The whole point of the course: –YOU don’t design a bad protocol –and YOU don’t use/accept a bad protocol

Course Summary The whole point of the course: –YOU don’t design a bad protocol –and YOU don’t use/accept a bad protocol Analysis of Protocols is a Science: –Attacker Model –Protocol Goals –Protocol Assumptions

Tools You have tools to help you analysis BAN logic: –Always think about the rules ProVerif: –If you designing a protocol use it (or something like it) Model Checking: –Very useful, not just for protocols.

Today What you can’t do with protocol: global consensus Activities that require global consensus Global consensus using probability or Trusted Third Party. BREAK Some commonly used protocol Extracting a protocol from a RFC

Presentations me ASAP.