Automated Validation of Internet Security Protocols and Applications Shared cost RTD (FET open) project IST-2001-39252 Analysis of Industrial Protocols.

Slides:

Advertisements

Similar presentations

U M T S F o r u m © UMTS 2002 UMTS Security aspects UMTS Forum ICTG Chair Bosco Fernandes Siemens AG

Advertisements

Internet Protocol Security (IP Sec)

Automated Validation of Internet Security Protocols and Applications Shared cost RTD (FET open) project IST The AVISPA Project: Automated Validation.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Cryptography and Network Security

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

CHAPTER 8: SECURITY IN COMPUTER NETWORKS Encryption Encryption Authentication Authentication Security Security Secure Sockets Layer Secure.

Research Seminar on Telecommunications Business IPSEC BUSINESS Henri Ossi.

1 © 2004, Cisco Systems, Inc. All rights reserved IP Telephony Security Cisco Systems.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

1 Network Architecture and Design Advanced Issues in Internet Protocol (IP) IPv4 Network Address Translation (NAT) IPV6 IP Security (IPsec) Mobile IP IP.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

Lecture 22 Internet Security Protocols and Standards

T Computer Networks II Introduction Adj. Prof. Sasu Tarkoma.

1 A Course-End Conclusions and Future Studies Dr. Rocky K. C. Chang 28 November 2005.

Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.

Michal Rapco 05, 2005 Security issues in Wireless LANs.

Who am I? Mats Ohlin Swedish Defence Materiel Administration (FMV) IT Security area –International Standardisation: ISO/IEC JTC 1/SC 27/WG 3 (Security.

Wireless and Security CSCI 5857: Encoding and Encryption.

Network Protocols. Why Protocols?  Rules and procedures to govern communication Some for transferring data Some for transferring data Some for route.

NSIS Authentication, Authorization and Accounting Issues (draft-tschofenig-nsis-aaa-issues-00.txt) Authors: Hannes Tschofenig Henning Schulzrinne Maarten.

CSI315 Web Development Technologies Continued. Communication Layer information needs to get from one place to another –Computer- Computer –Software- Software.

Internet Security - Farkas1 CSCE 813 Midterm Topics Overview.

I-D: draft-rahman-mipshop-mih-transport-01.txt Transport of Media Independent Handover Messages Over IP 67 th IETF Annual Meeting MIPSHOP Working Group.

1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.

1 EAP Usage Issues Feb 05 Jari Arkko. 2 Typical EAP Usage PPP authentication Wireless LAN authentication –802.1x and i IKEv2 EAP authentication.

1 Section 10.9 Internet Security Association and Key Management Protocol ISAKMP.

Cosc 4765 SSL/TLS and VPN. SSL and TLS We can apply this generally, but also from a prospective of web services. Multi-layered: –S-http (secure http),

1 Network Security Lecture 8 IP Sec Waleed Ejaz

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

Serving society Stimulating innovation Supporting legislation Danny Vandenbroucke & Ann Crabbé KU Leuven (SADL) AAA-architecture for.

2003/12/291 Security Aspects of 3G-WLAN Interworking 組別： 2 組員：陳俊文 , 李奇勇 , 黃弘光 , 林柏均

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

Karlstad University IP security Ge Zhang

EAP Authentication for SIP & HTTP V. Torvinen (Ericsson), J. Arkko (Ericsson), A. Niemi (Nokia),

CHAPTER 10 Voice Security. VoIP Security Requirements: Integrity: The recipient should receive the packets that the originator sends without and change.

Mobile IP Outline Intro to mobile IP Operation Problems with mobility.

Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.

Guidelines for Cryptographic Algorithm Agility Russ Housley IETF 89 - SAAG Session.

EAP Keying Framework Draft-aboba-pppext-key-problem-06.txt EAP WG IETF 56 San Francisco, CA Bernard Aboba.

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

Cryptography and Network Security Chapter 16 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

The Session Initiation Protocol - SIP

RPSEC WG Issues with Routing Protocols security mechanisms Vishwas Manral, SiNett Russ White, Cisco Sue Hares, Next Hop IETF 63, Paris, France.

Advanced Higher Computing Computer Networking Topic 1: Network Protocols and Standards.

K. Salah1 Security Protocols in the Internet IPSec.

Chapter 7 : Web Security Lecture #1-Week 12 Dr.Khalid Dr. Mohannad Information Security CIT 460 Information Security Dr.Khalid Dr. Mohannad 1.

Securing Access to Data Using IPsec Josh Jones Cosc352.

@Yuan Xue CS 285 Network Security Placement of Security Function and Security Service Yuan Xue Fall 2013.

2: Transport Layer 11 Transport Layer 1. 2: Transport Layer 12 Part 2: Transport Layer Chapter goals: r understand principles behind transport layer services:

Lecture 7 (Chapter 17) Wireless Network Security Prepared by Dr. Lamiaa M. Elshenawy 1.

Postech DP&NM Lab Session Initiation Protocol (SIP) Date: Seongcheol Hong DP&NM Lab., Dept. of CSE, POSTECH Date: Seongcheol.

Carrying Location Objects in RADIUS

Discussions on FILS Authentication

Ch. 11 – Cipher Techniques Dr. Wayne Summers

Authors: Hannes Tschofenig Henning Schulzrinne Maarten Buechli

Presentation transcript:

Automated Validation of Internet Security Protocols and Applications Shared cost RTD (FET open) project IST Analysis of Industrial Protocols Cuellar, Tschofenig Siemens

1 AVISPAIETF - saagSeoul, March, 2004 Context: Standardisation Committees for Internet Protocols W3C IETF 3GPP IP TCPUDP htmlxml HTTP GSM OMA They are all doing a good job, but.... IEEE

2 AVISPAIETF - saagSeoul, March, 2004 They need help Even using perfect cryptographic algorithms –they may be used in insecure ways... Errors in security are very costly: –Updates are costing hundreds of millions, e.g. WLAN/WEP –Other protocols are delayed by years, e.g. Mobile-IP, Geopriv –Eroding confidence in Internet Security and e-commerce Security protocol design is very difficult, needs –abundance of caution, –experienced cryptographers and security protocol designers –and fast, scalable, and usable protocol analysis tools! This is where AVISPA is making the difference

3 AVISPAIETF - saagSeoul, March, 2004 Project Objectives 1.Develop a rich specification language for formalising industrial strength security protocols and their properties. 2.Advance state-of-the-art analysis techniques to scale up to this complexity. 3.Develop the AVISPA tool based on these techniques. 4.Tune and assess the AVISPA tool on a large collection of practically relevant, industrial protocols. 5.Migrate this technology to developers and standardisation organisations.

4 AVISPAIETF - saagSeoul, March, 2004 Coverage of the AVISPA Protocol Candidates The IETF, IEEE, 3GPP, OMA etc. need tools that cover a wide range of protocols and security properties: 11 different areas (in 33 groups) 5 layers 20+ security goals (as understood at IETF, 3GPP, OMA, etc)

5 AVISPAIETF - saagSeoul, March, 2004 Areas Infrastructure (DHCP, DNS, BGP, stime) Network Access (WLAN, Pana) Mobility (Mobile IP, HIP, Seamoby) VoIP, messaging, presence (SIP, ITU-T H530, impp, simple) Internet Security (IKE, IKEv2, UMTS-AKA, TLS, Kerberos, EAP & EAP Methoden, OTP, Sacred, ssh, telnet,...) Privacy (pseudonym agreement protocols) AAA, Identity Management, Single Sign On (Liberty Alliance) Security for QoS and NAT/FW signaling, etc. (NSIS) Broadcast/Multicast Authentication (TESLA) E-Commerce (Payment) Perhaps: Secure Download, Content protection (DRM)

6 AVISPAIETF - saagSeoul, March, 2004 Layers Access Point, Gateway or Host SIP / http tcp / udp ip Ethernet SIP / http tcp / udp ip Ethernet Host Middleware Transport Layer Network Layer Data Link Layer Physical Layer impp WLAN-Wep IPsec-IKE TLS Kerberos SET Application

7 AVISPAIETF - saagSeoul, March, 2004 Security Goals Authentication + Secrecy (unicast + multicast) –Peer Entity, Data Origin, Implicit Destination Authn, Replay Protection Key Agreement Properties –Key authentication (implicit key authentication) –Key confirmation (Key Proof of Possession) –Fresh Key Derivation (key freshness) “Anonymity” (aka passive user identity confidentiality) –Identity Protection against Eavesdroppers Non-repudiation –Proof of Origin –Proof of Delivery All of them reduce to classical authentication + secrecy properties

8 AVISPAIETF - saagSeoul, March, 2004 Security Goals Authentication + Secrecy (unicast + multicast) Authorisation (by a Trusted Third Party) Key Agreement Properties –Perfect Forward Secrecy (PFS) –Secure capabilities negotiation (Resistance against Downgrading and Negotiation Attacks) “Anonymity” –Identity Protection against Peer Non-repudiation –Proof of Origin –Proof of Delivery –“Accountability” Limited DoS Resistance Sender Invariance Safety Temporal Property In some cases they reduce to classical authentication + secrecy properties, but other properties may also be necessary.

9 AVISPAIETF - saagSeoul, March, 2004 Security Goals Authentication + Secrecy (unicast + multicast) Authorisation (by a Trusted Third Party) Key Agreement Properties –Perfect Forward Secrecy (PFS) –Secure capabilities negotiation (Resistance against Downgrading and Negotiation Attacks) “Anonymity” –Identity Protection against Peer Non-repudiation –Proof of Origin –Proof of Delivery –“Accountability” Limited DoS Resistance Sender Invariance Safety Temporal Property Session Formation Consistent View (synchronization) Key naming

10 AVISPAIETF - saagSeoul, March, 2004 Coverage of established IETF Security Specifications AVISPA covers 86% (24 of the 28) of the Security Protocols listed in RFC 2316,RFC 3631, Auth-mech (plus very current ones) Total of more than 90 protocols

11 AVISPAIETF - saagSeoul, March, 2004 New Problems offer new Challenges Internet offers agent many identities –user, ip, mac, tcp port,... What is “A”, “ID_A”? Location of adversaries –over the air –“safer” routes Many types of DoS attacks –flodding, bombing, starving, disrupting New types of security goals –DoS –key control, perfect forward secrecy,... –layered properties if attacker then guarantee

12 AVISPAIETF - saagSeoul, March, 2004 Conclusions The standardisation organisations need us: –Avoid delays in the standardisation process –Avoid errors in deployed standards Help to restore the trust on e-commerce, privacy Automatic tools are needed –Fast evaluation of alternatives Our candidates cover: –all 5 IP layers –most (11) IP Areas –almost all security goals –86% of the “recommended” IETF security Protocols –further information on We still have many challenges ahead of us!

13 AVISPAIETF - saagSeoul, March, 2004 Verification has been used already in Standardization H.530 MS SNHE ADR ADS(AV 1,.. AV n ) UAR(chall) UAS(resp) LUR SynchronFailure UMTS-AKA