COSC 6397 Information Assurance - PowerPoint PPT Presentation

About This Presentation
Title:

COSC 6397 Information Assurance

Description:

... are cryptographic use cryptography for preventing eavesdropping, cheating, etc. ... Detects cheating rather than preventing. ... – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0

less

Transcript and Presenter's Notes

Title: COSC 6397 Information Assurance


1
COSC 6397 Information Assurance
  • Module M2 Protocol Specification and
    Verification
  • University of Houston
  • Rakesh Verma
  • Lecture 1 of M2
  • (This work is supported in part by NSF)

2
Contents of M2
  • Cryptographic basics
  • Types of Protocols
  • Security properties
  • Taxonomy of Flaws and Attacks
  • Specification of Protocols
  • Specification of properties
  • Protocol analysis

3
Cryptographic Basics
  • General principles
  • Sender, receiver, plaintext, ciphertext,
    encryption, decryption, etc.
  • Symmetric key (or secret key) cryptography
  • Public key (or asymmetric) cryptography
  • One-way hash algorithms
  • All of these were covered in module M1
  • ?

4
Cryptographic Basics (contd.)
  • Sender one who sends
  • Receiver one who receives
  • Plaintext message to be sent,
  • Notation P or M
  • Ciphertext encoding of P or M,
  • Notation C

5
Cryptographic Basics (Contd.)
  • Encryption the process of disguising a message
    to hide its contents
  • Notation E(M) C
  • Decryption the process of decoding C to recover
    M
  • Notation D(C) M
  • Basic Identity D(E(M)) M

6
Cryptographic Basics (contd.)
  • Cryptography the art and science of keeping
    messages secure
  • Cryptographic algorithm function used for
    encryption and decryption.
  • Restricted (secret) or Unrestricted (published)
    our focus
  • Unrestricted based on a key K. EK and DK. The
    key for encryption and decryption can be
    different.

7
Cryptographic Basics (contd.)
  • Symmetric key cryptography encryption key can
    be computed from the decryption key or vice
    versa.
  • Special case the two keys are the same.
  • Key(s) must be kept secret!
  • Public key cryptography encryption key is
    public the decryption key is not.
  • Decryption key should be hard to compute from the
    encryption key!

8
Cryptographic Basics (contd.)
  • One-way functions functions that are easy to
    compute but hard to invert
  • Computing f(x), given x, is easy
  • Computing x, given f(x), is hard
  • This sounds easy, but we have no proof that such
    functions exist! We will pretend they do.
  • Trapdoor one-way functions one-way functions
    such that
  • Computing x, given f(x) and some y, is easy

9
Cryptographic Basics (contd.)
  • Notation 1-way for one-way
  • 1-way hash functions A hash function that is
    also a 1-way function.
  • A good 1-way hash function is also
    collision-free.
  • Security of a 1-way hash function is its
    1-wayness.

10
protocol Pronunc () n.
  • 1.
  • The forms of ceremony and etiquette observed by
    diplomats and heads of state.
  • A code of correct conduct safety protocols
    academic protocol.
  • 2. The first copy of a treaty or other such
    document before its ratification.
  • 3. A preliminary draft or record of a
    transaction.
  • 4. The plan for a course of medical treatment or
    for a scientific experiment.
  • 5. Computer Science. A standard procedure for
    regulating data transmission between computers.

11
Protocols
  • Protocol a series of steps involving two or
    more parties to accomplish a task.
  • Must be unambiguous
  • Must be complete in some sense (specified action
    for lots of possible situations).
  • Each step is either a computation or a message
  • Parties may distrust each other

12
Types of Protocols
  • Our protocols are cryptographic use
    cryptography for preventing eavesdropping,
    cheating, etc.
  • Goal of the protocol is beyond secrecy.
  • Examples simultaneously sign a contract,
    convince one another of their identity, etc.
  • Protocols can be classified in many ways
  • According to parties involved, the purpose, the
    environment, etc.

13
Classification by Parties
  • Arbitrated protocols
  • Adjudicated protocols
  • Self-enforcing protocols

14
Arbitrated Protocols
  • Arbitrated protocols have an arbitrator, a
    disinterested third party trusted to complete a
    protocol.
  • Easier if parties are face to face.
  • Over computer networks this results in delay and
    overheads.
  • Arbitrator becomes a bottleneck.
  • Scaling issues.
  • Arbitrator is vulnerable.

15
Adjudicated Protocols
  • Adjudicated protocols A two stage protocol
    with
  • A nonarbitrated subprotocol
  • An arbitrated subprotocol executed only in
    exceptional circumstances a dispute.
  • This kind of arbitrator is called adjudicator
  • Adjudicator only called in to judge fair
    execution of protocol. Detects cheating rather
    than preventing.
  • Good adjudicated protocol adjudicator should be
    able to determine cheaters identity

16
Self-enforcing Protocols
  • Self-enforcing protocols protocol itself
    guarantees fairness.
  • No arbitrator or adjudicator if one party
    cheats, the others detect the cheating.
  • Best type of protocol.
  • Do not exist for every situation.
  • Exercise Find a situation for which there are no
    self-enforcing protocols.

17
Protocol Classification by Aim
  • Key-exchange protocols
  • Authentication protocols
  • Authentication and Key exchange protocols
  • Electronic Commerce protocols

18
Key Exchange Protocols
  • Goal is to distribute keys for secure sessions,
    channels, communication, etc.
  • Classical key exchange protocols
  • TMN
  • Symmetric Needham-Schroeder
  • Denning-Sacco
  • Deployed Protocols
  • Kerberos IV
  • SSL/TLS

19
The TMN Protocol (1990)
  • (Tatebayashi-Matsuzaki-Newman)
  • Suitable for networks, mobile computing.
  • Symmetric. Trusted Server S.
  • Parties dont have long term keys.
  • Randomly chosen keys KA , KB , etc.
  • Standard encryption function E(.), invertible
    only by server.
  • Vernam encryption function V(., .)
  • V(M, V(M, N)) N

20
The TMN Protocol
  • A S A, S, B, E(KA)
  • S B S, B, A
  • B S B, S, A, E(KB)
  • S A S, A, B, V(KA , KB)
  • A extracts KB from message 4.
  • Parties should agree on the session key chosen by
    B.

21
An Implementation of TMN
  • n p.q, p, q are primes
  • E(x) x3 mod n
  • S knows the 2 prime factors of n
  • V(x , y) x exclusive-or y
  • Protocol looks good, but has big flaws!

22
Authentication Protocols
  • Authentication protocols for authentication of
    parties (principals)
  • Authentication assurance of who you are talking
    to
  • Examples of specific aims
  • To make sure that those obtaining a session key
    are who they say they are
  • Make sure that the principal you think has the
    key does have it.

23
Authentication Protocols
  • Passwords or shared keys typically used by system
    administrators
  • Authentication can be a byproduct of a
    key-exchange protocol
  • Some authentication protocols
  • Feige-Fiat-Shamir (1987)
  • Guillou-Quisquater (1988)
  • Schnorr (1989)

24
Guillou-Quisquater Protocol
  • Smart-cards and other applications
  • Alice wants to prove her identity, bit string J,
    to Victor
  • Public information exponent v, and a number n
  • (n p.q, p and q primes)
  • Private key B, with JBv 1 (mod n)

25
Guillou-Quisquater Protocol
  • A V J
  • P wants to prove that this J is hers
  • A V T rv mod n (1 lt r lt n - 1, r random)
  • V A d (0 lt d lt v 1, d random)
  • A V D rBd mod n
  • V computes T DvJd mod n. If T T (mod n),
    authentication succeeds.

26
3 Important Concepts
  • Security
  • Privacy
  • Reliability

27
Security
  • Security the control of information.
  • Ensures that
  • Authorized parties are properly authenticated
  • Their messages are sent through a network
    unaltered.
  • In a secure system the origin, content and
    intended recipients of a message can be ensured.
  • Security is not privacy.

28
Privacy
  • Privacy the subject of information can control
    the information.
  • Privacy requires security, but security is not
    sufficient.
  • Security may preclude privacy! (by assuring that
    the subjects of information have neither control
    nor knowledge of the uses of that information)

29
Reliability
  • Reliability provide certainty in the presence
    of network failures, memory losses and
    adversaries.
  • Reliability and security are interdependent.
  • Reliability is not security. Reliable protocols
    on unsecure servers provide reliable services to
    attackers as well as authentic users.
  • Reliable electronic commerce requires fail-proof
    transactions.

30
Security Properties
  • Authentication receiver of a message should
    be able to ascertain its origin.
  • An intruder should not be able to masquerade as
    someone else.
  • Implemented using shared information or ability
    to prove unique information (PINs and passwords).
  • Secrecy confidentiality. If a message is
    confidential it can be read only by intended
    recipients.
  • Eavesdropping is difficult or useless

31
Security Properties (contd.)
  • Integrity receiver of a message can verify that
    it has not been modified in transit.
  • Integrity alone is not security.
  • Availability a system must be available
  • availability can be compromised by malicious
    hackers, network failures or commercial
    espionage.
  • Nonrepudiation a party cannot reasonably claim
    not to have taken an action.
  • Example sender falsely denies sending a message.

32
Reliability Properties
  • Atomicity indivisibility. An atomic transaction
    either fails completely or succeeds completely.
  • Consistency all relevant parties agree on
    critical facts of the exchange.
  • Isolation result of a set of overlapping
    transactions must be serializable
  • Durability a transaction can recover to its
    last consistent state.

33
Other Properties
  • Other properties may also be needed.
  • For example, in Electronic Commerce
  • Certified Delivery
  • Goods Atomicity
  • Etc.
  • are also required.

34
Primary References
  • Bruce Schneier, Applied Cryptography
  • Linda Jean Camp, Privacy and Reliability in
    Electronic Commerce, PhD dissertation, CMU
Write a Comment
User Comments (0)
About PowerShow.com