Presentation is loading. Please wait.

Presentation is loading. Please wait.

Outline Designing secure protocols Basic protocols Key exchange

Published byLieven de Graaf Modified over 5 years ago

Similar presentations

Presentation on theme: "Outline Designing secure protocols Basic protocols Key exchange"— Presentation transcript:

1 Security Protocols CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

2 Outline Designing secure protocols Basic protocols Key exchange
Common security problems in protocols

3 Basics of Security Protocols
Work from the assumption (usually) that your encryption is sufficiently strong Given that, how do you design a message exchange to achieve a given result securely? Not nearly as easy as you probably think

4 Security Protocols A series of steps involving two or more parties designed to accomplish a task with suitable security Sequence is important Cryptographic protocols use cryptography Different protocols assume different levels of trust between participants

5 Types of Security Protocols
Arbitrated protocols Involving a trusted third party Adjudicated protocols Trusted third party, after the fact Self-enforcing protocols No trusted third party

6 Participants in Security Protocols
Alice Bob Carol David

7 And the Bad Guys Eve Mallory And sometimes Alice or Bob might cheat
Who only listens passively Who is actively malicious

8 Trusted Arbitrator Trent
A disinterested third party trusted by all legitimate participants Arbitrators often simplify protocols, but add overhead

9 Key Exchange Protocols
Often we want a different encryption key for each communication session How do we get those keys to the participants? Securely Quickly Even if they’ve never communicated before

10 Key Exchange With Symmetric Encryption and an Arbitrator
Alice and Bob want to talk securely with a new key They both trust Trent Assume Alice & Bob each share a key with Trent How do Alice and Bob get a shared key?

11 Who knows what at this point?
Step One KA KB Alice Bob Alice Requests Session Key for Bob Who knows what at this point? Trent

12 Who knows what at this point?
Step Two KA KB Alice Bob EKA(KS), EKB(KS) Who knows what at this point? EKA(KS), EKB(KS) Trent KS

13 Who knows what at this point?
Step Three KS KS EKB(KS) KA KB Alice Bob EKA(KS), EKB(KS) Who knows what at this point? Trent KS

14 What Has the Protocol Achieved?
Alice and Bob both have a new session key The session key was transmitted using keys known only to Alice and Bob Both Alice and Bob know that Trent participated But there are vulnerabilities

15 Problems With the Protocol
What if the initial request was grabbed by Mallory? Could he do something bad that ends up causing us problems? Yes!

16 The Man-in-the-Middle Attack
A class of attacks where an active attacker interposes himself secretly in a protocol Allowing alteration of the effects of the protocol Without necessarily attacking the encryption

17 Applying the Man-in-the-Middle Attack
KA Mallory KB KM Alice Bob Alice Requests Session Key for Mallory More precisely, what do they think they know? Alice Requests Session Key for Bob Who knows what at this point? Trent

18 Trent Does His Job KA Mallory KB KM Alice Bob EKA(KS), EKM(KS) Trent

19 Alice Gets Ready to Talk to Bob
EKM(KS) KS KA Mallory KB KM Alice Bob KS EKM(KS) Mallory can now masquerade as Bob EKM(KS) Trent

20 Really Getting in the Middle
KA Mallory KB KM Alice KS1 Bob KS EKM(KS1), EKB(KS1) KS EKB(KS1) KS1 Mallory can also ask Trent for a key to talk to Bob Trent

21 Mallory Plays Man-in-the-Middle
Alice KS1 Bob KS KS Alice’s big secret KS1 EKS(Alice’s big secret) Bob’s big secret Alice’s big secret EKS1(Alice’s big secret) EKS(Alice’s big secret) EKS1(Bob’s big secret) EKS1(Bob’s big secret) EKS(Bob’s big secret) Alice’s big secret Bob’s big secret Bob’s big secret

22 Defeating the Man In the Middle
Problems: 1). Trent doesn’t really know what he’s supposed to do 2). Alice doesn’t verify he did the right thing Minor changes can fix that 1). Encrypt request with KA 2). Include identity of other participant in response - EKA(KS, Bob)

23 Applying the First Fix KB KA KM Alice Bob Mallory
Mallory can’t read the request EKA(Alice Requests Session Key for Bob) And Mallory can’t forge or alter Alice’s request Trent KB

24 But There’s Another Problem
A replay attack Replay attacks occur when Mallory copies down a bunch of protocol messages And then plays them again In some cases, this can wreak havoc Why does it here?

25 Step One KA KB Alice Mallory Bob Alice Requests Session Key for Bob
Trent

26 Step Two KA KB Alice Mallory Bob EKA(KS), EKB(KS) Trent KS Alice
Requests Session Key for Bob Bob EKA(KS), EKB(KS) EKA(KS), EKB(KS) Trent KS

27 What can Mallory do with his saved messages?
Step Three KS KS EKB(KS) KA KB Alice Mallory Alice Requests Session Key for Bob Bob EKA(KS), EKB(KS) EKA(KS), EKB(KS) EKB(KS) What can Mallory do with his saved messages? Trent KS

28 Mallory Waits for His Opportunity
EKA(KS), EKB(KS) KA KB Alice Requests Session Key for Bob Mallory Alice Requests Session Key for Bob EKA(KS), EKB(KS) EKB(KS)

29 What Will Happen Next? KS KS EKB(KS) KA KB Mallory KS
Alice Requests Session Key for Bob KS EKA(KS), EKB(KS) What’s so bad about that? EKB(KS) What if Mallory has cracked KS?

30 Key Exchange With Public Key Cryptography
With no trusted arbitrator Alice sends Bob her public key Bob sends Alice his public key Alice generates a session key and sends it to Bob encrypted with his public key, signed with her private key Bob decrypts Alice’s message with his private key Encrypt session with shared session key

31 Basic Key Exchange Using PK
KEA , KDA KEB , KDB Alice’s PK is KDA Bob’s PK is KDB EKEA(EKDB(KS)) Bob Alice EKDB(KS) KS KS Bob verifies the message came from Alice Bob extracts the key from the message

32 Man-in-the-Middle With Public Keys
KEA , KDA KEM , KDM KEB , KDB Mallory Alice’s PK is KDA Alice’s PK is KDM Alice Bob Now Mallory can pose as Alice to Bob

33 And Bob Sends His Public Key
KEA , KDA KEM , KDM KEB , KDB Mallory Bob’s PK is KDM Bob’s PK is KDB Alice Bob Now Mallory can pose as Bob to Alice

34 Alice Chooses a Session Key
KEA , KDA KEM , KDM KEB , KDB EKEA (EKDM(KS)) Mallory EKEM (EKDB(KS)) KS KS KS Alice Bob Bob and Alice are sharing a session key Unfortunately, they’re also sharing it with Mallory

Download ppt "Outline Designing secure protocols Basic protocols Key exchange"

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.

Netprog: Cryptgraphy1 Cryptography Reference: Network Security PRIVATE Communication in a PUBLIC World. by Kaufman, Perlman & Speciner.
Homework #4 Solutions Brian A. LaMacchia Portions © 2002-2006, Brian A. LaMacchia. This material is provided without.

Homework #4 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
Diffie-Hellman Key Exchange

Diffie-Hellman Key Exchange
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.

Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.

Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
Software Security Seminar - 1 Chapter 5. Advanced Protocols 2002. 7. 24. 조미성 Applied Cryptography.

Software Security Seminar - 1 Chapter 5. Advanced Protocols 조미성 Applied Cryptography.
Week 4 - Wednesday.  What did we talk about last time?  RSA algorithm.

Week 4 - Wednesday.  What did we talk about last time?  RSA algorithm.
1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.

1 Cryptography NOTES. 2 Secret Key Cryptography Single key used to encrypt and decrypt. Key must be known by both parties. Assuming we live in a hostile.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
15-499Page 1 15-499:Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.

15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.
Fall 2006CS 395: Computer Security1 Key Management.

Fall 2006CS 395: Computer Security1 Key Management.
Software Security Seminar - 1 Chapter 2. Protocol Building Blocks 2002. 6. 20. 발표자 : 최두호 Applied Cryptography.

Software Security Seminar - 1 Chapter 2. Protocol Building Blocks 발표자 : 최두호 Applied Cryptography.

Similar presentations

Ads by Google