Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Reasoning about Concurrency for Security Tunnels Alwyn E. Goodloe University of Pennsylvania Carl A. Gunter University of Illinois Urbana-Champaign.

Published byNancy McBride Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Reasoning about Concurrency for Security Tunnels Alwyn E. Goodloe University of Pennsylvania Carl A. Gunter University of Illinois Urbana-Champaign."— Presentation transcript:

1 1 Reasoning about Concurrency for Security Tunnels Alwyn E. Goodloe University of Pennsylvania Carl A. Gunter University of Illinois Urbana-Champaign

2 2 Security Tunnels A technique in which a pair of nodes share state that enables them to apply transformations to messages to ensure their security.  SSL, IPsec.  Our work assumes network layer tunnels, but not a specific technology. Key-establishment protocols are employed to create a shared key.  Internet Key Exchange Protocol (IKE).  Secrecy and integrity of shared crypto information is typically the focus of formal analysis. Not our focus.

3 3 Road Warrior Example

4 4 Hierarchy of Gateways

5 5 Gateways + Tunnels Tunnels and gateways can ensure that traffic is authenticated and authorized as satisfying some policy.  Firewalls do authorization, but not authentication of packets.  We assume VPN gtateways. The tunnels form a virtual topology where traffic flow governed by the gateway’s high-level policy. Tunnel complex configuration typically requires manual activity.  Discovery protocols that discover gateways and set up tunnels automate this task.  Establishment is a component of such protocols.

6 6 Authenticated Traversal Ingress traffic to a gateway’s administrative domain must be authenticated and authorized  Want to control what traffic is on your networks.  Protection against denial of service. Egress traffic from an administrative domain must be authenticated and authorized  Wireless gateways that are billing for services.  Protection against exfiltration.

7 7 Modeling Tunnels A secure tunnel can be viewed “type- theoretically”as a rule for applying a constructor at the source and a destructor at the destination. Security Association – the constructor destructor pair.  Security association database (SAD). Security Parameter Index (SPI) – uniquely identifies association. Security Mechanism - directs traffic into the proper association.  Security mechanism database (SMD). IPsec SPD.

8 8 Tunnel Example G AB A  B:[In(A,ί 1 )] P(A,G,S(ί 1,P(A,B,S(ί 3,P(A,B,y))))) A  B:[Out(B,ί 2 )] A  B:[In(A,ί, 3 )In(G,ί 2 )] P(G,B,S(ί 2,P(A,B,S(ί 3,P(A,B,y)) P(A,B,S(ί 3,P(A,B,y))) P(A,B,y) ί1ί1 ί2 ί2 ί3ί3 A  B:[Out(B,ί 3 ) Out(G,ί 1 )]

9 9 Establishment A B P(A,B, X(Req(S, D, ί A, K))) In(A,ί B ) S  D:[in(A, ί B )] Out(A,ί A ) D  S:[Out(A, ί A )] P(B,A, X(Rep(S, D, ί A ί B, K’))) P(B,A, X(Rep(S, D, ί A, ί B, K’))) Out(B,ί B ) S  D:[Out(B, ί B )] In(B,ί A ) D  S:[In(B, ί A )]

10 10 Friendly Fire A B P(A,B,X(Req)) P(A,B,X(Req)) B  A:[ί A ] A  B:[ί B ] P(B,A,X(Rep)) P(A,B,X(Rep))

11 11 Preventing Deadlock Each protocol session is assigned a unique session identifier. The packet filter includes the session identifier.  Session identifiers are similar to protocol identifiers.  Session identifiers included in messages. Session matching property. Packets match filters installed for a particular session. Security associations may be shared among different sessions.

12 12 With SolutionA B P(A,B,X(Req(v 2 ))) P(A,B,X(Req(v 1 ))) B  A:v 1 :[ί A ] A  B:v 2 :[ί B ] P(B,A,X(Rep(v 2 ))) P(A,B,X(Rep(v 1 )))

13 13 Objective II Want a formal proof that state installed in session u does not interfere with the messages of session v. Introduce the tunnel calculus. Noninterference theorem. Progress theorem.

14 14 Tunnel Calculus Operational semantics for protocol stack.  Provides an abstract foundation for future tunnel protocols in light of their use in tunnel complexes.  A suitable version could be used to model IPsec, but not our current focus. Based on multiset term rewriting modulo equations. Allows one to reason about interactions between state installed at nodes and protocols.

15 15 Tunnel Calculus Layers Packet Forwarding Security Processing Authorization Establishment Discovery

16 16 Grammar Send secure packet Secure message sent Message from the secure layer Pass state from one rule to the next and enforce an order of execution

17 17 Layer Interaction Node a Node b Higher Layer Sec Fwd

18 18 Forwarding Layer Rules

19 19 Secure Layer Find the matching entry in MDB, select bundle, apply the constructors in the bundle, and send the message to forwarding layer

20 20 Trace Semantics

21 21 Observing Messages Given a trace M1, M2, M3 we want to observe only the secure send and receive messages in a session. Q(u) – infinite set of secure send/receive terms of session u.

22 22 Equivalent Traces During each run of the protocol some values are generated by the TC new operator.  SPI, acknowledgement identifiers. t 1 ~t 2 iff they only differ in values generated by new. M 1 ~M 2 T 1 ~T 2

23 23 Simulation Lemma M1M1M1M1 M2M2M2M2 M’ 2 M’ 1 ~ ~

24 24 Observational Commutativity Theorem

25 25 Noninterference Theorem Suppose T= M 1 …M n is a trace in which session v is complete, where v not in Free(M 1 ). Suppose T’ = M’ 1 …M’ m is a trace in which session v is complete, where M 1 ~ M’ 1, Then

26 26 Progress Theorem

27 27 Google Tunnel Calculus

Download ppt "1 Reasoning about Concurrency for Security Tunnels Alwyn E. Goodloe University of Pennsylvania Carl A. Gunter University of Illinois Urbana-Champaign."

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.2: IPsec.
IPSec.

IPSec.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.

IPSec: Authentication Header, Encapsulating Security Payload Protocols CSCI 5931 Web Security Edward Murphy.
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Part 5:Security Network Security (Access Control, Encryption, Firewalls)

Part 5:Security Network Security (Access Control, Encryption, Firewalls)
 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.

 Firewalls and Application Level Gateways (ALGs)  Usually configured to protect from at least two types of attack ▪ Control sites which local users.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 30 Internet Security.
K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.

K. Salah 1 Chapter 31 Security in the Internet. K. Salah 2 Figure 31.5 Position of TLS Transport Layer Security (TLS) was designed to provide security.
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.
Symbolic Simulation of Tunneling Protocols Carl A. Gunter, Matthew Jacobs, Gaurav Shah, Mark-Oliver Stehr (UIUC), and Alwyn Goodloe Alwyn Goodloe HCES.

Symbolic Simulation of Tunneling Protocols Carl A. Gunter, Matthew Jacobs, Gaurav Shah, Mark-Oliver Stehr (UIUC), and Alwyn Goodloe Alwyn Goodloe HCES.
Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.

Configuration of a Site-to-Site IPsec Virtual Private Network Anuradha Kallury CS 580 Special Project August 23, 2005.
Discovery and Traversal of Security Gateways Alwyn E. Goodloe University of Pennsylvania Contessa NS Protocol eXchange June 10, 2005.

Discovery and Traversal of Security Gateways Alwyn E. Goodloe University of Pennsylvania Contessa NS Protocol eXchange June 10, 2005.
IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.

IP Security. IPSEC Objectives n Band-aid for IPv4 u Spoofing a problem u Not designed with security or authentication in mind n IP layer mechanism for.
VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.

VPN – Technologies and Solutions CS158B Network Management April 11, 2005 Alvin Tsang Eyob Solomon Wayne Tsui.
What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

What is in Presentation What is IPsec Why is IPsec Important IPsec Protocols IPsec Architecture How to Implement IPsec in linux.

Similar presentations

Ads by Google