ietf security tutorial
play

IETF Security Tutorial Radia Perlman March, 2007 - PowerPoint PPT Presentation

Nov 13, 2022 •319 likes •1.29k views

IETF Security Tutorial Radia Perlman March, 2007 (radia.perlman@sun.com) 1 Why an IETF Security Tutorial? Security is important in all protocols; not just protocols in the security area IETF specs mandated to have a security

  1. IETF Security Tutorial Radia Perlman March, 2007 (radia.perlman@sun.com) 1

  2. Why an IETF Security Tutorial? • Security is important in all protocols; not just protocols in the security area • IETF specs mandated to have a “security considerations” section • There is no magic security pixie dust where you can ignore security and then plug in a security considerations section 2

  3. Know the tools… • If your protocol runs over TCP, you (mostly) don’t need to worry about message retransmission and congestion control • If your protocol runs over IP, you (mostly) don’t need to worry about routing • Isn’t there something similar for security? 3

  4. Sometimes • If your protocol runs over SSL/TLS, or IPSEC, and it’s reasonable to expect both ends will have appropriate credentials, you might not have to worry about security • You’re unlikely to be this lucky – Appropriate credentials – A lot of interesting protocols run at layer 3 or below (and IPsec depends on layer 3 and below) 4

  5. What’s hard about credentials? • Security infrastructure rollout is late. You will probably need something lightweight as an optional alternative. • Using the credentials from SSL and IPsec is not always easy or appropriate. 5

  6. Purpose of this tutorial • A quick intro into a somewhat scary field • A description of what you need to know vs. what you can trust others to do • An overview of the security WGs • Cross-fertilization: there’s no cookbook for any area, and different areas need to learn from each other 6

  7. A plea for cross-fertilization • The best way to get advice, say from a security expert, is to make it easy for them to come up to speed on your protocol • Summarizing, explaining things at conceptual levels, is not a waste of time, even for those that (think they) understand the protocol 7

  8. Agenda • Introduction to Security • Introduction to Cryptography • Authenticating People • Security mechanisms to reference rather than invent – Public Key / Secret Key infrastructures – Formats • Security Considerations Considerations • Security Working Groups 8

  9. The Problem • Internet evolved in a world w/out predators. DOS was viewed as illogical and undamaging. • The world today is hostile. Only takes a tiny percentage to do a lot of damage. • Must connect mutually distrustful organizations and people with no central management. • And society is getting to depend on it for reliability, not just “traditional” security concerns. 9

  10. Security means different things to different people • Limit data disclosure to intended set • Monitor communications to catch terrorists • Keep data from being corrupted • Make sure nobody can access my stuff without paying for it • Destroy computers with pirated content • Track down bad guys • Communicate anonymously 10

  11. Insecurity The Internet isn’t insecure. It may be unsecure. Insecurity is mental state. The users of the Internet may be insecure, and perhaps rightfully so……Simson Garfinkel 11

  12. Intruders: What Can They Do? • Eavesdrop--(compromise routers, links, routing algorithms, or DNS) • Send arbitrary messages (including IP hdr) • Replay recorded messages • Modify messages in transit • Write malicious code and trick people into running it • Exploit bugs in software to ‘take over’ machines and use them as a base for future attacks 12

  13. Some basic terms • Authentication: “Who are you?” • Authorization: “Should you be doing that?” • DOS: denial of service • Integrity protection: a checksum on the data that requires knowledge of a secret to generate (and maybe to verify) 13

  14. Some Examples to Motivate the Problems • Sharing files between users – File store must authenticate users – File store must know who is authorized to read and/or update the files – Information must be protected from disclosure and modification on the wire – Users must know it’s the genuine file store (so as not to give away secrets or read bad data) – Users may want to know who posted the data in the file store 14

  15. Examples cont’d • Electronic Mail – Send private messages – Know who sent a message (and that it hasn’t been modified) – Non-repudiation - ability to forward in a way that the new recipient can know the original sender – Anonymity – Virus Scanning – Anti-spam 15

  16. Examples cont’d • Electronic Commerce – Pay for things without giving away my credit card number • to an eavesdropper • or phony merchant – Buy anonymously – Merchant wants to be able to prove I placed the order 16

  17. Examples, cont’d • Routing protocol – Handshake with neighbor • Is the message from a valid router? (replay?) • How do we recognize a valid router? (autoconfiguration incompatible with security) – Routing messages • Even valid routers might lie (become subverted) – Forwarding (which can also be DDOS’d) 17

  18. Sometimes goals conflict • privacy vs. company (or govt) wants to be able to see what you’re doing • losing data vs. disclosure (copies of keys) • denial of service vs. preventing intrusion • privacy vs. virus scanning 18

  19. Agenda • Introduction to Security • Introduction to Cryptography • Authenticating People • Security mechanisms to reference rather than invent – Public Key / Secret Key infrastructures – Formats • Security Considerations Considerations • Security Working Groups 19

  20. Cryptography • It’s not as scary as people make it out to be • You don’t need to know much about it to understand what it can and can’t do for you 20

  21. Features • Main features – Encryption – Integrity protection – Authentication • More things – Denial of service defense – Nonrepudiation – Perfect forward secrecy 21

  22. Cryptography • Three kinds of cryptographic algorithms you need to understand – secret key – public key – cryptographic hashes • Used for – authentication, integrity protection, encryption 22

  23. Secret Key Crypto • Two operations (“encrypt”, “decrypt”) which are inverses of each other. Like multiplication/division • One parameter (“the key”) • Even the person who designed the algorithm can’t break it without the key (unless they diabolically designed it with a trap door) • Ideally, a different key for each pair of 23 users

  24. Secret key crypto, Alice and Bob share secret S • encrypt=f(S, plaintext)=ciphertext • decrypt=f(S, ciphertext)=plaintext • authentication: send f(S, challenge) • integrity check: f(S, msg)=X • verify integrity check: f(S, X, msg) 24

  25. A Cute Observation • Security depends on limited computation resources of the bad guys • (Can brute-force search the keys) – assuming the computer can recognize plausible plaintext • A good crypto algo is linear for “good guys” and exponential for “bad guys” • Faster computers work to the benefit of the good guys! 25

  26. Public Key Crypto • Two keys per user, keys are inverses of each other (as if nobody ever invented division) – public key “e” you tell to the world – private key “d” you keep private • Yes it’s magic. Why can’t you derive “d” from “e”? • and if it’s hard, where did (e,d) come from? 26

  27. Digital Signatures • One of the best features of public key • An integrity check – calculated as f(priv key, data) – verified as f(public key, data, signature) • Verifiers don’t need to know secret • vs. secret key, where integrity check is generated and verified with same key, so verifiers can forge data 27

  28. Cryptographic Hashes • Invented because public key is slow • Slow to sign a huge msg using a private key • Cryptographic hash – fixed size (e.g., 160 bits) – But no collisions! (at least we’ll never find one) • So sign the hash, not the actual msg • If you sign a msg, you’re signing all msgs with that hash! 28

  29. Popular Secret Key Algorithms • DES (old standard, 56-bit key, slow, insecure) • 3DES: fix key size but 3 times as slow • RC4: variable length key, “stream cipher” (generate stream from key, XOR with data), really fast, stream sometimes awkward • AES: replacement for DES 29

  30. Popular Public Key Algorithms • RSA: nice feature: public key operations can be made very fast, but private key operations will be slow. Patent expired. • DSS: Digital Signature Standard – pushed by U.S. government • ECC (elliptic curve crypto): smaller keys, so faster than RSA (but not for public key ops). Some worried about patents 30

  31. Popular Hashes • Most popular hash today SHA-1 (secure hash algorithm) • Starting to roll out: SHA-256 • Older ones (MD2, MD4, MD5) still around • Popular secret-key integrity check: hash together key and data • One popular standard for that within IETF: HMAC 31

  32. Hash function security controversy • Security of a hash function defined in terms of collision resistance • In most uses, a much lower standard of security is required • For use in HMAC, lowest of all • MD2, MD4, MD5 “broken”. SHA-1 has “weaknesses”. • Beware the New York Times attack! • Make your protocols “crypto-agile”. 32

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

IETF Security Tutorial Radia Perlman November 2006 (radia.perlman@sun.com) 1 Why an IETF

IETF Security Tutorial Radia Perlman November 2006 (radia.perlman@sun.com) 1 Why an IETF

IETF Security Tutorial Radia Perlman November 2006 (radia.perlman@sun.com) 1 Why an IETF Security Tutorial? Security is important in all protocols; not just protocols in the security area IETF specs mandated to have a security

1.1k views • 80 slides
Wednesday's slides TUTORIAL (n) Security (2): The security considerations for ECRIT are put

Wednesday's slides TUTORIAL (n) Security (2): The security considerations for ECRIT are put

Wednesday's slides TUTORIAL (n) Security (2): The security considerations for ECRIT are put forth in IETF RFC-5069 There are a few problems which seem to be intractable in a wireless environment with unauthenticated users.

133 views • 9 slides
WG Leadership Tutorial IETF 86: Orlando March 10, 2012 Margaret Wasserman

WG Leadership Tutorial IETF 86: Orlando March 10, 2012 Margaret Wasserman

WG Leadership Tutorial IETF 86: Orlando March 10, 2012 Margaret Wasserman mrw@painless-security.com Agenda 1. Introduction 2. Getting a WG started 3. Making WGs work for everyone 4. Steps in the WG process 5. Complex Situations 6.

1.1k views • 55 slides
DNS (Domain Name System) Tutorial @ IETF-70 (DNS for protocol designers) lafur Gumundsson

DNS (Domain Name System) Tutorial @ IETF-70 (DNS for protocol designers) lafur Gumundsson

DNS (Domain Name System) Tutorial @ IETF-70 (DNS for protocol designers) lafur Gumundsson OGUD consulting Peter Koch DENIC eG 2007-12-02 DNS Tutorial @ IETF-70 1 ogud@ogud.com & pk@denic.de Tutorial Overview Goal: Give

736 views • 54 slides
DNS Tutorial @ IETF-63 lafur Gudmundsson OGUD consulting Peter Koch DENIC 1 2005/07/31 DNS

DNS Tutorial @ IETF-63 lafur Gudmundsson OGUD consulting Peter Koch DENIC 1 2005/07/31 DNS

DNS Tutorial @ IETF-63 lafur Gudmundsson OGUD consulting Peter Koch DENIC 1 2005/07/31 DNS Tutorial @ IETF-63 ogud@ogud.com & pk@denic.de Tutorial Overview Goal: Give the audience basic understanding of DNS to be able to

653 views • 47 slides
TLS Everywhere? Eric Rescorla ekr@rtfm.com IETF 83 IETF 83 Eric Rescorla 1 Web security

TLS Everywhere? Eric Rescorla ekr@rtfm.com IETF 83 IETF 83 Eric Rescorla 1 Web security

How do we get to TLS Everywhere? Eric Rescorla ekr@rtfm.com IETF 83 IETF 83 Eric Rescorla 1 Web security depends on communications security Most of the Web threat model just assumes traffic confidentiality and integrity Which means

303 views • 16 slides
Proposed WebRTC Security Architecture IETF 82 Eric Rescorla ekr@rtfm.com IETF 82 WebRTC

Proposed WebRTC Security Architecture IETF 82 Eric Rescorla ekr@rtfm.com IETF 82 WebRTC

Proposed WebRTC Security Architecture IETF 82 Eric Rescorla ekr@rtfm.com IETF 82 WebRTC Security Architecture 1 Trust Model Browser acts as the Trusted Computing Base (TCB) Only piece of the system user can really trust Job is to

465 views • 25 slides
Security and DRM Joseph Chou Texas Instruments IETF 60 PERM BOF 1 Security and DRM DRM is

Security and DRM Joseph Chou Texas Instruments IETF 60 PERM BOF 1 Security and DRM DRM is

Security and DRM Joseph Chou Texas Instruments IETF 60 PERM BOF 1 Security and DRM DRM is Based on Security Principals Authentication (device, user, service) Key management, data encryption and signature for data confidentiality

204 views • 6 slides
NETCONF and YANG Status, Tutorial, Demo J urgen Sch onw alder 75th IETF 2009,

NETCONF and YANG Status, Tutorial, Demo J urgen Sch onw alder 75th IETF 2009,

NETCONF and YANG Status, Tutorial, Demo J urgen Sch onw alder 75th IETF 2009, Stockholm, 2009-07-30 This tutorial was supported in part by the EC IST-EMANICS Network of Excellence (#26854). 1 / 40 What is NETCONF? NETCONF is a

1.06k views • 40 slides
TLS 1.3 Tutorial IETF 100 - Singapore 20171112 Sean Turner | sn3rd Joe Salowey | Tableau

TLS 1.3 Tutorial IETF 100 - Singapore 20171112 Sean Turner | sn3rd Joe Salowey | Tableau

TLS 1.3 Tutorial IETF 100 - Singapore 20171112 Sean Turner | sn3rd Joe Salowey | Tableau software Whats Will address TLS 1.3s: Wheres Hows 2 Not too Technical We promise: Lots o Links Lame Nerd Humor 3 Whence does it come? 4

305 views • 26 slides
SDES Eric Rescorla ekr@rtfm.com IETF 87 August 1, 2013 IETF 87 August 1, 2013 1 Overview

SDES Eric Rescorla ekr@rtfm.com IETF 87 August 1, 2013 IETF 87 August 1, 2013 1 Overview

SDES Eric Rescorla ekr@rtfm.com IETF 87 August 1, 2013 IETF 87 August 1, 2013 1 Overview Comparison of security properties DTLS and backward compatibility The bigger picture IETF 87 August 1, 2013 2 Security Properties wrt

338 views • 21 slides
lafur Gu mundsson Shinkuro, Inc. Peter Koch DENIC eG 1 DNS Tutorial @ IETF-80

lafur Gu mundsson Shinkuro, Inc. Peter Koch DENIC eG 1 DNS Tutorial @ IETF-80

lafur Gu mundsson Shinkuro, Inc. Peter Koch DENIC eG 1 DNS Tutorial @ IETF-80 ogud@ogud.com & pk@denic.de 2011-03-27 Goal: Give the audience basic understanding of DNS to be able to facilitate new uses of DNS and take

921 views • 50 slides
DNS Privacy EDU Tutorial dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com IETF 99

DNS Privacy EDU Tutorial dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com IETF 99

DNS Privacy EDU Tutorial dnsprivacy.org Sara Dickinson Sinodun sara@sinodun.com IETF 99 Prague, July 2017 Overview The problem: Why Internet privacy and DNS Privacy are important (DNS

916 views • 89 slides
EMU IETF 74 Note Well Any submission to the IETF intended by the Contributor for publication as

EMU IETF 74 Note Well Any submission to the IETF intended by the Contributor for publication as

EMU IETF 74 Note Well Any submission to the IETF intended by the Contributor for publication as all or part of an IETF Internet-Draft or RFC and any statement made within the context of an IETF activity is considered an "IETF

940 views • 7 slides
Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet Security Tobias Engelbrecht Agenda Introduction Requirements of a GKMP Design of the GKMA Rekey Protocol Group Security Association

892 views • 29 slides
TEEP BOF Problem Statement draft-liu-opentrustprotocol-usecase IETF 100 th , Singapore IETF 100

TEEP BOF Problem Statement draft-liu-opentrustprotocol-usecase IETF 100 th , Singapore IETF 100

TEEP BOF Problem Statement draft-liu-opentrustprotocol-usecase IETF 100 th , Singapore IETF 100 - TEEP BoF 1 Background Hardware based security is desirable Todays processor technology supports various isolation concepts. Well

344 views • 18 slides
S-Box Decompositions and some Applications L eo Perrin January 28, 2019, Nancy My Area of

S-Box Decompositions and some Applications L eo Perrin January 28, 2019, Nancy My Area of

S-Box Decompositions and some Applications L eo Perrin January 28, 2019, Nancy My Area of Research: Symmetric Cryptography From Russia With Love Cryptanalysis of a Theorem Conclusion Curriculum Currently : post-doc at SECRET in Inria Paris

1.39k views • 99 slides
On Assumptions and the Limits of Cryptography Nils Fleischhacker Bochum, January 24, 2018 2 2

On Assumptions and the Limits of Cryptography Nils Fleischhacker Bochum, January 24, 2018 2 2

On Assumptions and the Limits of Cryptography Nils Fleischhacker Bochum, January 24, 2018 2 2 2 So, how do we know all of this is secure? 2 The sad truth is: We dont! Not really. So, how do we know all of this is secure? 2 The

1.56k views • 70 slides
Lecture 9: Secret Sharing, Threshold Cryptography, MPC Helger Lipmaa Helsinki University of

Lecture 9: Secret Sharing, Threshold Cryptography, MPC Helger Lipmaa Helsinki University of

T-79.159 Cryptography and Data Security Lecture 9: Secret Sharing, Threshold Cryptography, MPC Helger Lipmaa Helsinki University of Technology helger@tcs.hut.fi T-79.159 Cryptography and Data Security, 24.03.2004 Lecture 9: Secret Sharing,

1.45k views • 33 slides
Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink

Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink

Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink July 1st, 2019 July 1st, 2019 1 / 27 Lattice-based cryptography II In this talk: Introduction to (ring-)LWE Lattice-based key-exchange and

1.44k views • 80 slides
Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University

Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University

Multivariate Public Key Cryptography Jintai Ding University of Cincinnati Technical University of Darmstadt 1 1. General Introduction 2. Multivariate public key cryptosystems 3. Challenges 2 1 General Introduction In June 2006, in Belgium,

1.06k views • 68 slides
More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher

More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Lecture 4 Page 1 CS 236 Online Outline Desirable characteristics of ciphers Stream and block ciphers Cryptographic modes Uses of

475 views • 29 slides
Block Ciphers - The Basics Lars R. Knudsen Spring 2011 L.R. Knudsen Block Ciphers - The Basics

Block Ciphers - The Basics Lars R. Knudsen Spring 2011 L.R. Knudsen Block Ciphers - The Basics

Intro Attack on iterated ciphers Differential cryptanalysis Linear cryptanalysis Block Ciphers - The Basics Lars R. Knudsen Spring 2011 L.R. Knudsen Block Ciphers - The Basics Intro Attack on iterated ciphers Differential cryptanalysis

1.27k views • 77 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides

More recommend