Network Protocols Network Systems Security Mort Anvari.

Slides:



Advertisements
Similar presentations
1 Data Link Protocols By Erik Reeber. 2 Goals Use SPIN to model-check successively more complex protocols Using the protocols in Tannenbaums 3 rd Edition.
Advertisements

Click to continue Network Protocols. Click to continue Networking Protocols A protocol defines the rules of procedures, which computers must obey when.
Automatic Verification Book: Chapter 6. What is verification? Traditionally, verification means proof of correctness automatic: model checking deductive:
PROTOCOL VERIFICATION & PROTOCOL VALIDATION. Protocol Verification Communication Protocols should be checked for correctness, robustness and performance,
OSI Model OSI MODEL.
Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.
28.2 Functionality Application Software Provides Applications supply the high-level services that user access, and determine how users perceive the capabilities.
15-1 Last time Internet Application Security and Privacy Public-key encryption Integrity.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
Algorithms and Problem Solving-1 Algorithms and Problem Solving.
Confidentiality using Symmetric Encryption traditionally symmetric encryption is used to provide message confidentiality consider typical scenario –workstations.
Protocols and the TCP/IP Suite Chapter 4 (Stallings Book)
Protocols and the TCP/IP Suite
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.
Software Engineering, COMP201 Slide 1 Protocol Engineering Protocol Specification using CFSM model Lecture 30.
1 Review of Important Networking Concepts Introductory material. This module uses the example from the previous module to review important networking concepts:
Information Security of Embedded Systems : BAN-Logic Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
TCP: Software for Reliable Communication. Spring 2002Computer Networks Applications Internet: a Collection of Disparate Networks Different goals: Speed,
Networking. Protocol Stack Generally speaking, sending an message is equivalent to copying a file from sender to receiver.
Chapter 2 Network Models.
CSCE 515: Computer Network Programming Chin-Tser Huang University of South Carolina.
The OSI Model A layered framework for the design of network systems that allows communication across all types of computer systems regardless of their.
 The Open Systems Interconnection model (OSI model) is a product of the Open Systems Interconnection effort at the International Organization for Standardization.
OIS Model TCP/IP Model.
Presentation on Osi & TCP/IP MODEL
What is a Protocol A set of definitions and rules defining the method by which data is transferred between two or more entities or systems. The key elements.
Cryptography and Network Security
Protocol Layering Chapter 10. Looked at: Architectural foundations of internetworking Architectural foundations of internetworking Forwarding of datagrams.
Protocol Architectures. Simple Protocol Architecture Not an actual architecture, but a model for how they work Similar to “pseudocode,” used for teaching.
Internet Addresses. Universal Identifiers Universal Communication Service - Communication system which allows any host to communicate with any other host.
Formal Analysis of Security Protocols Dr. Changyu Dong
BAN LOGIC Amit Chetal Monica Desai November 14, 2001
Chapter Ten The Application and Presentation Layers.
TCOM 509 – Internet Protocols (TCP/IP) Lecture 03_b Protocol Layering Instructor: Dr. Li-Chuan Chen Date: 09/15/2003 Based in part upon slides of Prof.
MODULE I NETWORKING CONCEPTS.
The design of a tutorial to illustrate the Kerberos protocol Lindy Carter Supervisors : Prof Wentworth John Ebden.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Security Workshops Networking 101. Reasons To Know Networking In Regard to Computer Security To understand the flow of information on the Internet.
CS3505: DATA LINK LAYER. data link layer  phys. layer subject to errors; not reliable; and only moves information as bits, which alone are not meaningful.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Prepared by Engr.Jawad Ali BSc(Hons)Computer Systems Engineering University of Engineering and Technology Peshawar.
Digital Cash Protocols: A Formal Presentation Delwin F. Lee & Mohamed G.Gouda The University of Texas at Austin Presented by Savitha Krishnamoorthy CIS.
Finite State Machines (FSM) OR Finite State Automation (FSA) - are models of the behaviors of a system or a complex object, with a limited number of defined.
Lecture # 02 Network Models Course Instructor: Engr. Sana Ziafat.
Key Management Network Systems Security Mort Anvari.
The OSI Model A Framework for Communications David A. Abarca July 19, 2005.
OSI Model. Open Systems Interconnection (OSI) is a set of internationally recognized, non proprietary standards for networking and for operating system.
Introduction to Network Systems Security Mort Anvari.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Agenda  Quick Review  Finish Introduction  Java Threads.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
1 Maximality Properties Dr. Mikhail Nesterenko Presented By Ibrahim Motiwala.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
The OSI Model. History of OSI Model ISO began developing the OSI model in It is widely accepted as a model for understanding network communication.
Computer Engineering and Networks, College of Engineering, Majmaah University Protocols OSI reference MODEL TCp /ip model Mohammed Saleem Bhat
BASICS Gabriella Paolini (GARR) 27/05/11 - ICCU Roma 1 How INTERNET works !
OSI Model OSI MODEL. Communication Architecture Strategy for connecting host computers and other communicating equipment. Defines necessary elements for.
OSI Model OSI MODEL.
Protocols and the TCP/IP Suite
THE OSI MODEL By: Omari Dasent.
Understanding the OSI Reference Model
Protocols and the TCP/IP Suite
Analyzing Key Distribution and Authentication Protocols
Logic for Computer Security Protocols
CSCE 715: Network Systems Security
OSI Model OSI MODEL.
Protocols and the TCP/IP Suite
CSCE 715: Network Systems Security
Presentation transcript:

Network Protocols Network Systems Security Mort Anvari

8/26/20042 Network Protocols Abstractions of communication between two processes over a network Define message formats Define legitimate sequence of messages Take care of physical details of different network hardware and machines Separate tasks in complex communication networks For example, FTP and ARP

8/26/20043 Protocol Layering Many problems need to be solved in a communication network These problems can be divided into smaller sets and different protocols are designed for each set of problem Protocols can be organized into layers to keep them easy to manage

8/26/20044 Properties of Protocol Layer Functions of each layer are independent of functions of other layers Thus each layer is like a module and can be developed independently Each layer builds on services provided by lower layers Thus no need to worry about details of lower layers -- transparent to this layer

8/26/20045 Protocol Stack: OSI Model Application Presentation Session Transport Network Data link Physical

8/26/20046 Communicating End Hosts Application Presentation Session Transport Network Data link Physical Application Presentation Session Transport Network Data link Physical Network Data link Physical Host Router

8/26/20047 Verification of Network Protocols Many complex protocols performs multiple functions with multiple messages It is desirable to verify that a protocol can correctly perform functions that it was designed for Particularly important for security protocols

8/26/20048 Traditional Ways of Network Protocol Specification Plain English Time charts Programming languages

8/26/20049 Shortcomings of Plain English Ambiguity Different words can have similar meanings process p sends message m to process q process p transmits message m to process q process p forwards message m to process q process p delivers message m to process q Same word can have different meanings process p sends message m to process q process p sends file f to process q

8/26/ Shortcoming of Time Chart Not scalable Many legitimate sequences of messages Cannot list all possible legitimate sequences when the number of sequences grows exponentially

8/26/ Shortcoming of Using Programming Language Hard to prove correctness of protocol specification For example, protocol specified in C language may involve overlap, and may involve transmission delay

8/26/ Formal Ways of Network Protocol Specification BAN logic Abstract Protocol Notation

8/26/ BAN Logic Invented by Burrows, Abadi, and Needham Use logical constructs and postulates to analyze authentication protocols and uncover various protocol weaknesses

8/26/ Logical Constructs Assume P and Q are network agents, X is a message, and K is an encryption key P believes X: P acts as if X is true, and may assert X in other messages P has jurisdiction over X: P's beliefs about X should be trusted P said X: At one time, P transmitted (and believed) message X, although P might no longer believe X P sees X: P receives message X, and can read and repeat X {X} K : X is encrypted with key K fresh(X): X was sent recently key(K, P Q): P and Q may communicate with shared key K

8/26/ Examples of Postulates If P believes key(K, P Q), and P sees {X} K, then P believes (Q said X) If P believes (Q said X) and P believes fresh(X), then P believes (Q believes X) If P believes (Q has jurisdiction over X) and P believes (Q believes X), then P believes X If P believes that Q said, the concatenation of X and Y, then P also believes that Q said X, and P also believes that Q said Y

8/26/ Shortcomings of BAN Logic High level of abstraction Need for a protocol idealization step, in which user is required to transform each message in a protocol into formulas Can only verify a round everytime

8/26/ Abstract Protocol Notation Presented by Mohamed Gouda in the book Elements of Network Protocol Design Formal and scalable Proof of correctness of protocol specification can be easily done using state transition diagram

8/26/ Communication Model A network of processes and two unbounded FIFO channels between every two processes process p … process q … Set of messages

8/26/ Process Specification Each process in a protocol is specified as follows process px inp : … : var : … : begin [] … [] end

8/26/ Action Execution Specified as -> Satisfy three conditions Atomic: actions in the whole protocol are executed one at a time; one action cannot start while another action execution is in progress Non-deterministic: an action is executed only when its guard is true Fair: if guard of an action is continuously true, then the action is eventually executed

8/26/ State Transition Diagram Define semantic of a protocol State is defined by a value for each variable in protocol and by a message set for each channel in protocol Transition is movement from current state to next state triggered by an action execution

8/26/ Adversary Model Adversary can change contents of protocol channels by executing the following actions a finite number of times Message loss: lose an original message Message modification: modify the field of an original message to cause a modified message Message replay: replace an original message by another original message to cause a replayed message Message insertion: add to a channel a finite number of arbitrary messages

8/26/ Prove Correctness of Secure Protocol Execution of adversary actions may lead the protocol to a bad state Protocol is said to be correct if it converges to its good cycle in a finite number of steps after adversary finishes executing its actions

8/26/ Next Class Network security tools to counter the effects of adversary actions Cryptography backgrounds of network security tools