Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Properties Straw Polls

Published byTheodora Bates Modified over 5 years ago

Similar presentations

Presentation on theme: "Security Properties Straw Polls"— Presentation transcript:

1 Security Properties Straw Polls
November 2011 doc.: IEEE /1572r1 November 2011 Security Properties Straw Polls Date: Authors: Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks

2 November 2011 doc.: IEEE /1572r1 November 2011 Abstract This presentation describes some security properties and offers some straw polls on them. Many thanks to Rene Struik for document 11-11/1408r3 which this submission borrows from heavily. Dan Harkins, Aruba Networks Dan Harkins, Aruba Networks

3 We’re getting ahead of ourselves…
November 2011 We’re getting ahead of ourselves… Proposals are being made for FILS authentication and security We have not decided what properties we want from a FILS authentication and security protocol though! Alice proposes protocol with property FOO Bob proposes protocol that does not have FOO Bob and his proponents now discount the desirability of FOO because his protocol doesn’t have it Alice and her proponents now state the importance of FOO because her protocol has it This is backwards! We should agree on properties and then evaluate proposals on how they meet those properties Dan Harkins, Aruba Networks

4 November 2011 A Modest Proposal Discuss common security properties that typical key exchange and authentication protocols have Have a series of straw polls to gauge what the group feels is important and what isn’t. With respect: Suggest that these not be makers or breakers of a proposed protocol Also, if 75% of the people value FOO then it doesn’t mean that Bob’s protocol (that doesn’t have FOO) is undesirable. And vice versa. Suggest using these straw poll results to evaluate proposals. Suggest we set expectations appropriately: we might not get everything we desire. Dan Harkins, Aruba Networks

5 What are we talking about?
November 2011 What are we talking about? We have 2 parties in a hostile environment that wish to communicate securely. These parties are not equals: One is a gatekeeper who protects a valuable resource– the network The other is one who would like to obtain access to that valuable resource We need to provide some level of identity assurance– we need authentication We need to provide a way for these 2 parties to communicate securely after the authentication step– we need key establishment We need an authentication and key exchange protocol! Dan Harkins, Aruba Networks

6 What are we talking about?
November 2011 What are we talking about? Authentication requires a credential– an identity and a way to prove that identity Secret keys can be independent and unique for each session, or secret keys for many sessions can share a common secret ancestor In addition to knowing that the other party really is who the other party claims to be, a proof of “liveness” is also needed; similarly, replaying an old message exchange should cause the protocol to fail A successful attack is not just finding out the secret key! The severity of a weakness does not depend on our ability to describe how it can be successfully exploited! Dan Harkins, Aruba Networks

7 November 2011 Some Basic Security Properties of Authentication and Key Exchange Protocols Key establishment/derivation A shared secret becomes available to two parties, or is derived by the two parties, for subsequent cryptographic use Key transport/distribution A shared secret is generated for two parties and provided to them for subsequent cryptographic use Key Confirmation Assurance that other (possibly unknown) party has possession of a particular key… a proof of possession of the secret key Dan Harkins, Aruba Networks

8 November 2011 Some More Esoteric Properties of Authentication and Key Exchange Protocols Unknown key share resilience Upon conclusion of the protocol, Alice is assured that she shares a key with Bob (and not Carl), and vice versa Forward Secrecy Loss of security of a long-term secret does not provide an attacker an advantage in determining past session keys Session Key Independence Compromise of one session key does not provide an attacker an advantage in determining another session key Identity Protection The identity (of Alice) cannot be ascertained by a passive observer of the exchange Dan Harkins, Aruba Networks

9 November 2011 Some More Esoteric Properties of Authentication and Key Exchange Protocols Mutual authentication Alice proves to Bob that she really is Alice, and Bob proves to Alice that he really is Bob Non-mutual authentication Alice proves to Bob that she really is Alice, but Bob doesn’t prove anything to Alice about who he really is Deniability Ability to deny ever participating in a particular protocol exchange Protection against Distributed Denial of Service Attacks Crypto-agility Ability to swap in/out different cryptographic primitives (like hash functions or ciphers) Dan Harkins, Aruba Networks

10 References 11-11/1408r3, “Notes On TGai Security Properties”
November 2011 References 11-11/1408r3, “Notes On TGai Security Properties” Dan Harkins, Aruba Networks

11 Suggested Security Considerations
November 2011 Suggested Security Considerations Protocols should list what properties apply to them Key Establishment or Key Derivation Key Confirmation Identity Protection Forward Secrecy Session Key Independence Mutual Authentication or Non-mutual Authentication Deniability Crypto-agility Resistance to DDOS attacks Dan Harkins, Aruba Networks

12 For reference November 2011 RSN Key Establishment or Key Derivation
Both Key Confirmation Yes Identity Protection Optional Forward Secrecy Session Key Independence Mutual Authentication or Non-mutual Authentication Deniability Crypto-agility No Resistance to DOS attacks somewhat Dan Harkins, Aruba Networks

13 November 2011 Straw Poll #1 This is an important security property for a FILS authentication protocol to have Key Establishment: Key Delivery/Transport: Don’t know/Don’t care: RETRACTED Dan Harkins, Aruba Networks

14 November 2011 Straw Poll #2 Key Confirmation is an important security property for a FILS authentication protocol to have Yes: No: Don’t know/Don’t care: RETRACTED Dan Harkins, Aruba Networks

15 November 2011 Straw Poll #3 Identity Protection is an important security property for a FILS authentication protocol to have Yes:14 No:5 Don’t know/Don’t care:9 Dan Harkins, Aruba Networks

16 November 2011 Straw Poll #4 Forward Secrecy is an important security property for a FILS authentication protocol to have Yes:13 No:4 Don’t know/Don’t care:14 Dan Harkins, Aruba Networks

17 November 2011 Straw Poll #5 Session key independence is an important security property for a FILS authentication protocol to have Yes:14 No:0 Don’t know/Don’t care:13 Dan Harkins, Aruba Networks

18 November 2011 Straw Poll #6 Mutual authentication is an important security property for a FILS authentication protocol to have Yes:18 No:1 Don’t know/Don’t care:10 Dan Harkins, Aruba Networks

19 November 2011 Straw Poll #7 Non-mutual authentication (server authenticates client only) is an important security property for a FILS authentication protocol to have Yes: 11 No: 3 Don’t know/Don’t care: 8 Dan Harkins, Aruba Networks

20 November 2011 Straw Poll #8 Deniability is an important security property for a FILS authentication protocol to have Yes:6 No:2 Don’t know/Don’t care:19 Dan Harkins, Aruba Networks

21 November 2011 Straw Poll #9 Resistance to DOS attacks is an important security property for a FILS authentication protocol to have Yes:7 No:9 Don’t know/Don’t care:13 Dan Harkins, Aruba Networks

Download ppt "Security Properties Straw Polls"

Similar presentations

Doc.: IEEE 802.11-09/1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: 2009-09-15 Authors:

Doc.: IEEE /1012r0 Submission September 2009 Dan Harkins, Aruba NetworksSlide 1 Suite-B Compliance for a Mesh Network Date: Authors:
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Doc.: IEEE 802.11-03/095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.

Doc.: IEEE /095r0 Submission January 2003 Dan Harkins, Trapeze Networks.Slide 1 Fast Re-authentication Dan Harkins.
Doc.: IEEE 802.11-02/689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.

Doc.: IEEE /689r0 Submission November 2002 Dan Harkins, Trapeze Networks.Slide 1 Re-authentication when Roaming Dan Harkins.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.
Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: 2012-10-30 Authors:

Submission doc.: IEEE 11-12/1253r1 November 2012 Dan Harkins, Aruba NetworksSlide 1 Why Use SIV for 11ai? Date: Authors:
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.

Key Management and Distribution. YSLInformation Security – Mutual Trust2 Major Issues Involved in Symmetric Key Distribution For symmetric encryption.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like e-mail)

1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.

ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
Cryptography and Network Security (CS435) Part Eight (Key Management)

Cryptography and Network Security (CS435) Part Eight (Key Management)
Doc.: IEEE 802.11-11/1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: 2012-01-09 Authors:

Doc.: IEEE /1429r2 Submission January 2012 Dan Harkins, Aruba NetworksSlide 1 A Protocol for FILS Authentication Date: Authors:
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

Similar presentations

Ads by Google