The Agent Based Crypto Protocol The ABC-Protocol by Jordan Hind MSE Presentation 3.

Slides:

Advertisements

Similar presentations

JQuery MessageBoard. Lets use jQuery and AJAX in combination with a database to update and retrieve information without refreshing the page. Here we will.

Advertisements

Resolving Common halFILE Issues. Effective July 11, 2006, Windows 98, Windows 98 Second Edition, and Windows Me (and their related components) will transition.

TIE Extensions for Cryptographic Acceleration Charles-Henri Gros Alan Keefer Ankur Singla.

Coding and Debugging. Requirements and Specification Recall the four steps of problem solving: Orient, Plan, Execute, Test Before you start the implementation.

Cosc 5/4765 Protecting against ssh attacks And is this secure?

Creating a Program In today’s lesson we will look at: what programming is different types of programs how we create a program installing an IDE to get.

Embedded Network Controller with Web Interface Bradley University Department of Electrical & Computer Engineering By: Ed Siok Advisor: Dr. Malinowski.

Incremental Network Programming for Wireless Sensors NEST Retreat June 3 rd, 2004 Jaein Jeong UC Berkeley, EECS Introduction Background – Mechanisms of.

CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.

CS 300 – Lecture 22 Intro to Computer Architecture / Assembly Language Virtual Memory.

Swami NatarajanJuly 14, 2015 RIT Software Engineering Reliability: Introduction.

SM3121 Software Technology Mark Green School of Creative Media.

Maintenance = Software Evolution Any changes after the client has accepted the product is considered maintenance. n Any Changes? n What might these be?

Language Issues Misunderstimated? Sublimable? Hopefuller? "I know how hard it is for you to put food on your family.” "I know the human being and fish.

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

1 Introduction to Tool chains. 2 Tool chain for the Sitara Family (but it is true for other ARM based devices as well) A tool chain is a collection of.

Dr. Pedro Mejia Alvarez Software Testing Slide 1 Software Testing: Building Test Cases.

Unit Testing & Defensive Programming. F-22 Raptor Fighter.

CS-EE 481 Spring Founders Day, 2005 University of Portland School of Engineering Project Pocket Gopher Conversational Learning Agent Team Josh Jones.

JavaScript & jQuery the missing manual Chapter 11

1 Topics for this Lecture Software maintenance in general Source control systems (intro to svn)

CSS Sprites. What are sprites? In the early days of video games, memory for graphics was very low. So to make things load quickly and make graphics look.

Level 2 IT Users Qualification – Unit 1 Improving Productivity Jordan Girling.

E X P E R I E N C E Y O U R A M E R I C A Natural Resource Monitoring Database Development Using SQL Server A Comparison Between Visual Basic/ADO.Net and.

Lesson 19. JavaScript errors Since JavaScript is an interpreted language, syntax errors will usually cause the script to fail. Both browsers will provide.

Program Development Life Cycle (PDLC)

PORTING A NETWORK CRYPTOGRAPHIC SERVICE TO THE RMC2000 : A CASE STUDY IN EMBEDDED SOFTWARE DEVELOPMENT.

CS 444 Introduction to Operating Systems

Mark Aslett Microsoft Introduction to Application Compatibility.

CSC 230: C and Software Tools Rudra Dutta Computer Science Department Course Introduction.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

ASP/ASP.NET: Tricks and Tips How to get Microsoft’s Programming Language to work for you By Wade Tripp Park University

Lecture Topics: 11/17 Page tables TLBs Virtual memory flat page tables

CRT State Stuff Dana Robinson The HDF Group. In the next slide, I show a single executable linked to three dlls. Two dlls and the executable were built.

Lecture 11 Page 1 Advanced Network Security Cryptography and Networks: IPSec and SSL/TLS Advanced Network Security Peter Reiher August, 2014.

Level 2 IT Users Qualification – Unit 1 Improving Productivity Cory Street.

DEBUGGING. BUG A software bug is an error, flaw, failure, or fault in a computer program or system that causes it to produce an incorrect or unexpected.

Replay Compilation: Improving Debuggability of a Just-in Time Complier Presenter: Jun Tao.

O. Music Classrooms and Teaching Spaces: These are used for teachers and children. They can be used for music practical and music theory.

© SKY Computers, Inc. All Rights Reserved 9/25/02 Slide 1 VSIPL, from API to Product Sharon M. Sacco.

1 Chapter Six - Errors, Error Detection, and Error Control Chapter Six.

Model View Controller A Pattern that Many People Think They Understand, But Has A Couple Meanings.

Renesas Technology America Inc. 1 M16C Seminars Lab 3 Creating Projects Using HEW4 14 March 2005 M16C Seminars Lab 3 Creating Projects Using HEW4 Last.

WATERFALL DEVELOPMENT MODEL. Waterfall model is LINEAR development lifecycle. This means each phase must be completed before moving onto the next!!! WHAT.

Lecture 5 Page 1 CS 236 Online Key Management Choosing long, random keys doesn’t do you any good if your clerk is selling them for $10 a pop at the back.

T Iteration Demo Team DTT Project planning (PP) Iteration

Protocols Monil Adhikari. Agenda Introduction Port Numbers Non Secure Protocols FTP HTTP Telnet POP3, SMTP Secure Protocols HTTPS.

TRUSTED FLOW: Why, How and Where??? Moti Yung Columbia University.

Slide title In CAPITALS 50 pt Slide subtitle 32 pt RTSP draft-ietf-mmusic-rfc2396bis-10 Magnus Westerlund Co-auhtors: Henning Schulzrinne, Rob Lanphier,

Project Deliverables CIS 4328 – Senior Project 2 And CEN Engineering of Software 2.

Log Shipping, Mirroring, Replication and Clustering Which should I use? That depends on a few questions we must ask the user. We will go over these questions.

Jython Environment For Students (JES) Final Presentation Team 3 David Raines Claire Bailey Jason Ergle Josh Sklare July 16,

Some of the utilities associated with the development of programs. These program development tools allow users to write and construct programs that the.

A Fragmented Approach by Tim Micheletto. It is a way of having multiple cache servers handling data to perform a sort of load balancing It is also referred.

Lecture 1 Page 1 CS 111 Summer 2013 Important OS Properties For real operating systems built and used by real people Differs depending on who you are talking.

1 Advanced Computer Programming Project Management: Basics Copyright © Texas Education Agency, 2013.

Topic 2: Hardware and Software

MASS Java Documentation, Verification, and Testing

Tiny http client and server

Secure Programming Dr. X

Distributed File Systems

Chapter 2: System Structures

CSE451 I/O Systems and the Full I/O Path Autumn 2002

Optimize Your Java Code By Tools

Introduction to Computer Systems

System calls….. C-program->POSIX call

Outline System architecture Current work Experiments Next Steps

The Heartbleed Bug and Attack

Presentation transcript:

The Agent Based Crypto Protocol The ABC-Protocol by Jordan Hind MSE Presentation 3

Agenda ● Introduction ● The Good News ● Component Design ● Development Notes ● What’s Missing? ● The Bug Epidemic of 2006  The Conflicting requirements (non-software bug)  The Serpent Bug (software bug) ● Testing ● The code reviews. ● Thanks! ● Demo

Introduction ● The ABC protocol was an application protocol to deliver highly secure data connections while fulfilling a few requirements that are specific to agents.

The Good News ● Its done and it works well! ● All requirements in the Vision document were fully met. ● All the required documents are on the abcprotocol.org website, with a few extra things.

Component Design ● The final design was very close to the planned design. ● 2 UML models ● One is in the component design document, its from the updated/redone USE/OCL. ● The other is on the website and is auto generated from Rational Rose (shown in the next slide)

Rational Generated UML

Development Notes ● I went to great efforts to avoid using dynamic memory in this implementation. This includes obvious things like malloc as well as less obvious things like how the objects are instantiated. It is my understanding that the only part of the project to take place in the heap is the dynamically loaded DLL used in the Windows implementation. ● At this time, I don’t believe there are any remote arbitrary code exploits in the library. All data is handled based on hard limits with no user defined limits.

Development Notes Cont. ● The problem I encountered with using Curve25519 on a Windows XP sp2 machine is that its written in assembly that should be compiled with gcc and my code is C++ that needs to be compiled with g++ version ● I tried EVERYTHING, and the only thing I got to work was to create another DLL using C code and the Curve25519 assembly. Dynamically load this DLL at runtime into the ABCP DLL and call the needed ECC functions.

Whats Missing? ● In the Design document I stated that I would like to have AES AND Serpent cryptographic ciphers. ● After working with them, I found that the Serpent was all I needed. ● It isn't as slow as I was told (see testing results), and the NIST Rijndael isn't public domain. ● Oh, and a web page on my experience with provably secure protocols. Every time I started writing one, I could only come up with “Its a good idea, but the tools are immature.”

Bring on the Bug! ● Bug 0, the conflicting requirements. ● In the vision document I stated that packet size should be variable. This is a bad requirement for an application level protocol, TCP will give you an optimal packet size. The actual Design was built around this requirement. ● In the design document I stated that EAX mode would be use. EAX mode is tightly coupled to ACTUAL packet size by including a hash of the packet. I did NOT correctly build this into the design. ● In the end, I found a compromise that would work... interpret “packet” size as “transmission” size, follow the original design and made a slight modification to EAX.

The Software Bug! ● The Serpent key initialization function expects a bad key, then builds a good one from the key its given. ● Not fully understanding this, I sent my “strong” key through the function. ● This seg-faulted occasionally when tested in bulk runs, but worked in the debugger every time. ● This was the bug that prevented me from presenting on time. ● Fixed New Years morning 2007 at 2AM.

Testing ● Added to the phase 2 testing document now located in the Updates section of Phase3. ● Added another test group that tests the protocol decisions (out of sync packets, invalid packets, etc).

Testing, Pleasantly surprising! ● All test passed (after some debugging on a few of them). ● Head to head against SSH/SCP the DLL did much better than expected. ● K files  SSH/SCP.83 seconds each  ABCP.038 seconds each ● kbyte files  SSH/SCP.82 second each  ABCP.039 seconds each ● MB file  SSH/SCP 1 second  ABCP 2 seconds ● 16 – 1.5 MB files  SSH/SCP seconds each  ABCP seconds each ● But Wait...

Testing Flaw? ● A few days after those tests, I realized that I had left the ABCP test code (not the DLL) in an unoptimized state, only sending a smaller amount of data than the set transmission size. ● When the overhead was removed. ● MB files  SSH/SCP 20 seconds  ABCP 20 seconds ● Its competitive again.

Code Reviews ● I asked two Senior developers to review my project and give me their feedback.  Dr. Steve Brooks  Tim Freund ● Both of them really put a lot into it, giving me a great amount of feedback. ● Both positive and negative.

Lessons Learned ● Provable security might exist! ● I learned a TON about cryptography. ● I learned the difficulty of debugging an application with multiple random fields. ● Most importantly, I learned whats involved in implementing a complex topic you are NOT an expert on.

Time Spent (Minus some of Dec +.5 of Jan) ●

Before I forget, Thanks! ● Without this project I wouldn't have been able to study cryptography and provable security very much in my graduate education.

Demo ●