版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、1,Chapter 1: Intro To Security Protocols,汪楚娇 ,2,Protocol,A protocol is a series of steps, involving two or more parties, designed to accomplish a task Characteristics of a protocol All parties must know the protocol All parties must agree to follow it Must be unambiguous Must be complete,3,Security
2、Protocol,A security protocol (cryptographic protocol) is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods A cryptographic protocol is a protocol that uses cryptography to prevent or detect eavesdropping and cheating,4,Protocol hell be guard
3、ing Alice and Bob in some protocols Peggy: Prover Victor: Verifier,7,Participants in Security Protocols,Alice,Bob,Carol,David,8,And the Bad Guys,Eve,Who only listens passively,Who is actively malicious,Mallory,And sometimes Alice or Bob might cheat,9,Trusted Arbitrator,Trent,A disinterested third pa
4、rty trusted by all legitimate participants,Arbitrators often simplify protocols, but add overhead,10,Types of Security Protocols,Arbitrated protocols Involving a trusted third party Adjudicated protocols Trusted third party, after the fact Self-enforcing protocols No trusted third party,11,Arbitrate
5、d Protocols,Arbitrator A disinterested third party trusted to complete a protocol Ex: lawyer, banker, notary public Protocol example with lawyer Alice gives title to lawyer Bob gives check to Alice Alice deposits check Lawyer gives title to Bob if check gets cleared within a specific time; otherwise
6、 lawyer returns title back to Alice,12,Problems with Computer Arbitrators,Two parties are likely to be suspicious of a faceless arbitrator Computer network must bear the cost of maintaining an arbitrator Delay inherent in any arbitrated protocol Arbitrator becomes a vulnerable point for attackers,Al
7、ice,Bob,Trent,Arbitrator,13,Adjudicated Protocols,Arbitrated protocols are costly Arbitrated protocols can be subdivided into two lower-level subprotocols Non-arbitrated subprotocol Arbitrated subprotocol Executed only in exceptional cases when there is a dispute. Special arbitrator called adjudicat
8、or,14,Adjudicated Protocols (contd),Non-arbitrated subprotocol (executed every time) Alice and Bob negotiate the terms of the contract Alice signs the contract Bob signs the contract Adjudicated subprotocol (executed only in case of a dispute): Alice and Bob appear before a judge Alice presents her
9、evidence Bob presents his evidence The judge rules on the evidence,15,Adjudicated Computer Protocols,Rely on parties to be honest A body of data exists so that a trusted third party could determine if someone cheated Cheaters identity can be detected Inevitability of detection acts as a preventive a
10、nd discourages cheating,16,Self-Enforcing Protocols,No arbitrator required Protocol itself guarantees fairness A party can detect whether other party is trying to cheat and therefore, can stop immediately Unfortunately, there is not a self-enforcing protocol for every situation,17,Cryptographic prot
11、ocols,Key agreement or establishment protocols Entity authentication protocols Electronic commerce protocols Secure Multiparty Computation,18,Security Properties,Confidentiality: Data is available only to those authorized to obtain it. Integrity: Data has not been altered by unauthorised entities. A
12、uthentication: Data has indeed originated from the purported sender. Non-repudiation: Entities cannot deny sending data they have committed to. Freshness: Nonces are unguessable, and never re-used.,19,Security Requirements in Protocols,Confidentiality Integrity Authentication Non-repudiation Correct
13、ness Verifiability Fairness Anonymity Privacy Robustness Efficiency Etc,Combinations of these requirements according to applications,20,Attacks Against Protocols,Cryptographic attacks Attacks against cryptographic algorithms used in protocols Attacks against cryptographic techniques used to implemen
14、t the algorithms and protocols Attacks against the protocols themselves Passive attacks Eavesdrop on some or all of the protocol Active attacks Introduce new messages, delete messages, interrupt, alter, reply Passive cheaters Follow protocol, but try to obtain more info Active cheaters Disrupt proto
15、col in progress in an attempt to cheat,21,Dolev-Yao threat model,For distributed systems and networks, we often should assume that there are adversaries Everywhere in the network Adversary may: eavesdrop, manipulate, inject, alter, duplicate, reroute, etc Adversary may control a large number of netw
16、ork nodes that are geographically separated The Dolev-Yao threat model represents an attacker that can overhear, intercept, and synthesise any message and is only limited by the constraints of the cryptographic methods used.,22,Dolev-Yao threat model,Dolev-Yao Threat Model: Eve, the adversary, can:
17、Obtain any message passing through the network Act as a legitimate user of the network (i.e. can initiate a conversation with any other user) Can become the receiver to any sender Can send messages to any entity by impersonating any other entity,23,Under Dolev-Yao: Any message sent via the network i
18、s considered to have been sent by Eve Thus, any message received “might” have been manipulated by Eve Eve can control how things are sent What is not possible: Eve cannot guess a random number which is chosen as part of a security protocol Without knowledge of a key, Eve cannot figure out a plaintex
19、t from a ciphertext, nor can she create ciphertexts from a plaintext. Eve cant solve the private-key pairing of a public key Eve cannot control the “memory” of a computing device of a legitimate user.,24,Some Common Types of Attack,Eavesdropping Modification Replay / Preplay Man-in-the-Middle Reflec
20、tion Denial of Service Typing Attack Cryptanalysis certificate manipulation protocol interaction,25,Eavesdropping,An Eavesdropping attack only passively observe messages. Protocols defend against Eavesdropping attacks by using encryption for confidentiality. The attacker is a passive outsider.,26,Mo
21、dification,A Modification attack alters or replaces some messages. Protocols often define against Modification attacks by using encryption for binding.,27,Replay / Preplay,The attacker sends a message that it has observed as part of the protocol run. Protocols defend against replay attacks by make t
22、he message clear so that it cannot be replayed out of context.,28,Reflection,Reflection attacks are a kind of replay attack that use a protocol against itself. The attacker provides the “proof” of authentication by challenging the challenger.,29,Reflection Attack Example,In this protocol A and B sha
23、re the key K. They want to ensure they both take part in the protocol. A B : Na K B A : Na , Nb K A B : Nb,30,Reflection Attack Example,1. A E(B) : Na1 K 1. E(B) A : Na1 K 2. A E(B) : Na1 , Na2 K 2. E(B) A : Na1 , Na2 K A E(B) : Na2 3. E(B) A : Na2,31,Man-in-the-Middle,In a Man-in-the-Middle attack
24、the attacker gets in the middle of a real run of a protocol.,A,B,32,Man-in-the-Middle,In a Man-in-the-Middle attack the attacker gets in the middle of a real run of a protocol.,A,B,E,33,Example of an attack,1. Alice Hi Bob, its Alice. Give me your key- Mallory Bob 2. Alice Mallory Hi Bob, its Alice.
25、 Give me your key- Bob 3. Alice Mallory Mallory Bob 6. Alice Mallory Meet me in the windowless van at 22nd Ave!encrypted with Bobs key- Bob 7. Bob thinks that this message is a secure communication from Alice.,34,Denial of Service (DoS),Every communication request uses an amount of memory and CPU. A
26、 DoS attack tries to use up all of a severs CPU or memory by making 1,000,000s of requests. All systems can be subject to a DoS attack. . but some protocols can make this better or worse.,35,A Protocol Vulnerable to Denial of Service,A uses its public key Ka to establish a session key Kas A S : A ,
27、Na S A : EKa ( Na , Ns, Kas ) A S : Ns Kas S is particularly vulnerable to a DoS attack because for each connection is has to: generate a nonce and a key, perform a public key encryption. allocate memory for the nonce and the key.,36,A Protocol Resistant to Denial of Service,A uses Ss public key Ks
28、to establish a session key Kas A S : Eks(A, S, SignA(Na,Kas) ) S A : Na Kas Now A has to do the expensive encryption in order to make S do any more than a single decryption. Therefore may more “bots” would be needed for a successful attack.,37,SYN flood DoS Attack,TCP starts a session by: A S : SYN
29、S A : ACK,SYN (add A to the table of connections) A S : ACK ( 3 min. time out ) The “SYN flood” attack sends lots of SYN messages to S and fills its tables, therefore real requests will be ignored.,38,DoS Attack,Password change protocol RFID authentication protocol Email Bombing Auto-Reply Email Loo
30、ping,39,Typing Attack,In a typing attack the attacker passes off one type of message as being another. This kind of attack may not work on a real implementation. . but is also hard to spot.,40,Typing Attack Example,Andrews secure RPC protocol is a handshake, then a key distribution: A B : NA Kab B A
31、 : NA + 1, NB Kab A B : NB + 1Kab B A : Ks , N Kab,41,Typing Attack Example,A B : NA Kab B A : NA + 1, NB Kab A B : NB + 1Kab E(B) A : NA + 1, NB Kab The attacker replays message 2. “A” now uses the wrong key. but the attacker only learns it if NA is predicable.,42,Otway-Rees protocol,1. A B : M, A, B, NA, M, A, B KAS 2. B S : M, A, B, NA, M, A, B KAS , NB, M, A, B KBS 3. S B : M
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 6.2 二倍角公式教学设计中职数学拓展模块一 (下册)高教版(2021·十四五)
- 市政供热管道施工方案及技术措施
- 2025-2026学年刷子李教学设计美术
- 2025-2026学年适的拼音教学设计数学
- 2025-2026学年三弦教学设计与指导
- (2026年)《道德与法治》教研组计划
- 隧道病害整治维修工程施工方案及技术措施
- 2026年高级会计师资格考试真题与答案
- 2025年院感知识考试题及答案
- 2026年核保专业技术职务任职资格考试(核保师-中高级)综合能力测试题附答案
- SH∕T 3237-2025 石油化工建筑物抗爆评估技术标准
- 国电南瑞员工手册
- 小学生女生健康教育课件
- 2023硅铁多元素含量的测定电感耦合等离子体原子发射光谱法
- 三江能源有限公司煤矿矿山地质环境保护与土地复垦方案
- 关于腹腔镜胆囊切除手术的护理配合
- 重体力劳动评估程序(RBA健康安全)
- GB/T 7702.3-1997煤质颗粒活性炭试验方法强度的测定
- GB/T 21380-2008行人反光标识夜间光度性能及测试方法
- 中国药典2005版一部
- 系统工程原理课件
评论
0/150
提交评论