Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute.

Published byKelly Stewart Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute."— Presentation transcript:

1 1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute

2 2 Claim Security Engineering is a part of Software Engineering

3 3 Claim it is helpful to analyze: protocols in context of architectures security as a part of of high assurance malicious attackers on connectors together with unspecified environments of components both SE and SE are concerned with distributed, multi-layered, heterogenous complex systems…

4 4 Outline Mobile proposals: –IPv4 vs IPv6 Problem: –remote redirection (traffic hijacking) Adding authentication: –espec transformation Variations and ongoing work

5 5 Papers Authentication for Mobile IPv6 –with A. Datta, J. Mitchell and F. Muller Composition and refinement of behavioral specifications –with D. Smith Guarded transitions in evolving specifications –with D. Smith http://www.kestrel.edu/users/pavlovic/

6 6 Mobile IPv4 HA MN FA CN initial architecture

7 7 Mobile IPv4 HAMN FA CN

8 8 Mobile IPv4 HA MNFA CN

9 9 Mobile IPv4 HA MNFA CN

10 10 Mobile IPv4 HA MNFA CN

11 11 Mobile IPv4 HA MNFA CN triangle routing!

12 12 Mobile IPv4 HA MN FA CN session architecture

13 13 Mobile IPv6 avoid triangle routing: –use IPv6 Routing Header and tunneling minimize –network partitioning –computational load on: »routers »nodes: no expensive encryptions or decryptions –number of messages –need for infrastructure: no global PKI maximize –performance and availability: no DoS –end-to-end security: authenticate location information

14 14 Mobile IPv6 home address –the node is always addressed by the same IP number care-of addresses (one or more) –bind dynamically to different subnet IP numbers »all packets containing the binding information must be authenticated »authentication relies upon previously established security associations Binding Update/Acknowledgement –realized through Destination Options Headers –Binding Cache integrated with Destination Cache

15 15 Mobile IPv6 proposal HA MN CN initial architecture

16 16 HAMN CN

17 17 Mobile IPv6 HA MN CN g y k = g xy g x g y {BU} k

18 18 Mobile IPv6 HA MN CN

19 19 Mobile IPv6 HA MN CN

20 20 Mobile IPv6 proposal MN CN session architecture

21 21 E E E E E E Mobile IPv6 proposal HA MN CN E E actual initial architecture

22 22 Mobile IPv6 HA MN CN g x g v g v E k = g uy EC k = g ME xv g u g y

23 23 Mobile IPv6 proposal MN E E CN possible session architecture

24 24 Task Use especs to add authentication!

25 25 Task Assess tradeoff between maximizing strength of authentication minimizing need for infrastructure

26 26 MN’s view  (u) (u x /k )  g x  (u)  u x /k  ( x)  g x  (u)  u x /k  espec MN

27 27 CN’s view   g y  (w y /k) ( y)  g y  (w y /k) (w) ( y)  g y  (w y /k) espec CN

28 28 BU architecture espec CN espec MN espec HA espec Netespec BU

29 29 (aspects of especs) genericity –all agents are instances of cord espec automated –composition of agents –trace generation support for formal analysis –model checking –theorem proving –invariant generation

30 30 BU architecture espec CN espec MN espec HA espec Netespec BU

31 31 BU architecture espec CN espec MN espec HA espec Net diag BU

32 32 (aspects of especs) adjustable abstraction level stratification: –agents: process calculus –protocols: especs –architectures: diagrams »network connectors and components »infrastructure and chain of trust »information flow »…

33 33 BU architecture diag BU

34 34 BU refinement diag BU diag AuthKeyExch diag KeyExch diag AuthBU Lib

35 35 (aspects of especs) development (programming, generation) –top-down: refinement »morphisms: inheritance, genericity –bottom-up: composition »pushouts »emergent and vanishing properties »game theory, linear logic (strategies) –program transformation »authentication compiler (Bellare-Canetti-Krawczyk) »optimization –adaptation »specification-carrying software

36 36 BU refinement diag BU diag AuthKeyExch diag KeyExch diag AuthBU Lib

37 37 AuthBU architecture espec AuthCN espec AuthMN espec HACN espec Net espec HAMN diag AuthBU

38 38  g x  (u,v) (v/{g x,u} hm ) (u x /k) (u,v) (v/{g x,u} hm ) (u x /k) (v/{g x,u} hm ) (u x /k)  ( x)  g x  (u,v) (v/{g x,u} hm ) (u x /k) espec AuthMN AuthMN’s view

39 39 E E E E E E Authenticated MIPv6 HA MN CN E E HA initial architecture

40 40 MNCN k = g xy HA MN HA CN g x g, {g, g } xy hc xy g, {g, g } xy sg xy g, {g, g } xy hm y

41 41 MNCN HA MN HA CN { i MN, g y, s } hc s {i CN, i MN, g y, s} pk {i CN, i MN, g y, s} sg s = {i CN, i MN, g x, g y } k { i MN, g y, s } hm k = g xy g x

42 42 MNCN HA MN HA CN { i MN, g y, s } hc s {i CN, i MN, g y, s, {i CN, i MN, g y, s} sg } pk s = {i CN, i MN, g x, g y } k { s, g y, i MN } hm k = g xy g x

43 43 Authenticated MIPv6 MN CN assured session architecture

44 44 Variations weaker authentications: –one-way: no PKI, just certificates, or AAA - no anonymity –first time unauthenticated (like SSH), then chained hashing stronger authentications: –privacy –anonymity, non-repudiation dynamic infrastructure –no shared secret: databases of “fingerprints” –authenticating by non-forgeable capability –authenticating by divided secret

45 45 (aspects of especs) additional aspects: –information flow –information hiding –cryptography –…

46 46 Ongoing work IMPLEMENT the tool!

47 47 Papers Authentication for Mobile IPv6 –with A. Datta, J. Mitchell and F. Muller Composition and refinement of behavioral specifications –with D. Smith Guarded transitions in evolving specifications –with D. Smith http://www.kestrel.edu/users/pavlovic/

48 48 (cord spaces) (names)N ::= X | A (terms)t ::= x | a | N | t,...,t | {t} N (strands)S ::= aS (cords)C ::= [S]  (actions) a ::=  t  | (x) | ( t/p(x) ) (interaction) [(x)R]  [  t  S]...   [R(t/x)]  [S]... (reaction) [ ( p(t)/p(x) ) R]...   [R(t/x)] ... FV(t) = 

49 49 What are especs? diagrams of specs specification-carrying programs in a development environment supporting –refinement (top-down) –composition (bottom-up) –synthesis of verified code programming language with –guarded commands –logical annotations as first-class citizens (available at runtime) –procedural abstraction and refinement

50 50 What are specs? spec Poset is sort X op Bool ax trans is x x<z ax sym... end-spec spec Semilattice is sort X op V in : X*X -> X cons b : X ax assoc is (xVy)Vz = xV(yVz)… end-spec x<y xVy=y spec BinR spec AsymRspec RefRspec TranR spec BinO spec Commspec Involspec Assoc

51 51 What are especs? espec Basic_Acct is spec … end-spec prog stad Create init[X] is… stad Amount[self] is… … step Depos[self,d]: Amount[self] -> Amount[self,d] cond d>0 balance(self)|-> balance(self)+d end-step end-prog end-espec Create Amount Depos espec Savings_Acct is spec … end-spec prog stad Create init[X] is … stad Accum… step Transfer… … end-step … end-prog end-espec Create Amount Depos Accum

Download ppt "1 Towards evolving specs of security protocols March 7, 2002 Dusko Pavlovic Kestrel Institute."

Similar presentations

Mobile IP.. 45-7028-115-6. How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.

Mobile IP How Mobile IP Works? Agenda What problems does Mobile IP solve? Mobile IP: protocol overview Scope Requirements Design goals.
Security Issues In Mobile IP

Security Issues In Mobile IP
Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.

Keiji Maekawa Graduate School of Informatics, Kyoto University Yasuo Okabe Academic Center for Computing and Media Studies, Kyoto University.
Secure Mobile IP Communication

Secure Mobile IP Communication
ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.

ECOE 560 Design Methodologies and Tools for Software/Hardware Systems Spring 2004 Serdar Taşıran.
1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.

1 Introduction to Mobile IPv6 IIS5711: Mobile Computing Mobile Computing and Broadband Networking Laboratory CIS, NCTU.
Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.

Network Research Lab. Sejong University, Korea Jae-Kwon Seo, Kyung-Geun Lee Sejong University, Korea.
Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.

Mobile IP: enable mobility for IP-based networks CS457 presentation Xiangchuan Chen Nov 6, 2001.
1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.

1Nokia Siemens Networks Presentation / Author / Date University of Twente On the Security of the Mobile IP Protocol Family Ulrike Meyer and Hannes Tschofenig.
Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.

Mobile IPv6 趨勢介紹 1. Mobile IP and its Variants Mobile IPv4 (MIPv4) – MIPv4 – Low-Latency Handover for MIPv4 (FMIPv4) – Regional Registration for MIPv4.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
A Survey of Secure Wireless Ad Hoc Routing

A Survey of Secure Wireless Ad Hoc Routing
1 PERFORMANCE COMPARISON OF VERTICAL HANDOVER STRATEGIES FOR PSDR HETEROGENEOUS NETWORK 學生 : 鄭宗建 學號 :697430023.

1 PERFORMANCE COMPARISON OF VERTICAL HANDOVER STRATEGIES FOR PSDR HETEROGENEOUS NETWORK 學生 : 鄭宗建 學號 :
A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.

A Seamless Handoff Approach of Mobile IP Protocol for Mobile Wireless Data Network. 資研一 黃明祥.
Presented by: Thabet Kacem Spring 2010. Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.

Presented by: Thabet Kacem Spring Outline Contributions Introduction Proposed Approach Related Work Reconception of ADLs XTEAM Tool Chain Discussion.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG

Spring 2004 Mobile IPv6 School of Electronics and Information Kyung Hee University Choong Seon HONG
Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.

Authentication In Mobile Internet Protocol version 6 Liu Ping Supervisor: professor Jorma Jormakka.
NISNet Winter School Finse 2008 1 Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology

NISNet Winter School Finse Internet & Web Security Case Study 2: Mobile IPv6 security Dieter Gollmann Hamburg University of Technology
1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

1 IP Security Outline of the session –IP Security Overview –IP Security Architecture –Key Management Based on slides by Dr. Lawrie Brown of the Australian.

Similar presentations

Ads by Google