outline security protocols
play

Outline Security Protocols Societal issues and cryptography CS - PDF document

Aug 30, 2023 •48 likes •148 views

Outline Security Protocols Societal issues and cryptography CS 239 Key recovery cryptosystems Computer Security Designing secure protocols February 10, 2003 Basic protocols Key exchange Lecture 8 Lecture 8 Page 1 Page

  1. Outline Security Protocols • Societal issues and cryptography CS 239 • Key recovery cryptosystems Computer Security • Designing secure protocols February 10, 2003 • Basic protocols –Key exchange Lecture 8 Lecture 8 Page 1 Page 2 CS 239, Winter 2003 CS 239, Winter 2003 Legal and Political Issues in Societal Implications of Cryptography Cryptography • Cryptography is meant to help keep • Criminals can conceal communications secrets from the police • But should all secrets be kept? • Citizens can conceal taxable income from the government • Many legal and moral issues • Terrorists can conceal their activities from governments trying to stop them Lecture 8 Lecture 8 Page 3 Page 4 CS 239, Winter 2003 CS 239, Winter 2003 Problems With Controlling Governmental Responses to Cryptography Cryptography • Essentially, it’s mostly algorithms • They vary widely • If you know the algorithm, you can • Some nations require government have a working copy easily approval to use cryptography • At which point, you can conceal your • Some nations have no laws governing secrets from anybody it at all –To the strength the algorithm • The US laws less restrictive than they provides used to be Lecture 8 Lecture 8 Page 5 Page 6 CS 239, Winter 2003 CS 239, Winter 2003 1

  2. The US Government Position on US Restrictions on Cryptography Cryptographic Exports • Rules changed in 2000 • All forms of cryptography are legal to use in the US • Greatly liberalizing cryptographic exports • BUT • Almost all cryptography is exportable –Some minor restrictions on exporting • Exception is for government use by a cryptography to other countries handful of countries • The NSA used to try to keep a lid on –Those the US government currently cryptographic research doesn’t like Lecture 8 Lecture 8 Page 7 Page 8 CS 239, Winter 2003 CS 239, Winter 2003 Cryptographic Source Code and Other Nations and Cryptography Free Speech • Generally, most nations have few or no • US government took Phil restrictions on cryptography Zimmermann to court over PGP • A group of treaty signatories have export • Court ruled that he had a free-speech restrictions similar to US’s right to publish PGP source • Some have strong restrictions – China, Russia, Vietnam, a few others • Eventually, appeals courts also found • A few have laws on domestic use of crypto in favor of Zimmermann – E.g., Australia, UK, India have laws that demand decryption with court order Lecture 8 Lecture 8 Page 9 Page 10 CS 239, Winter 2003 CS 239, Winter 2003 Key Recovery Cryptosystems Idea Behind Key Recovery • An attempt to balance: • Use encryption algorithms that are highly – Legitimate societal security needs secure against cryptanalysis • Requiring strong encryption • But with mechanisms that allow legitimate – And legitimate governmental and law law enforcement agency to: enforcement needs – Obtain any key with sufficient legal • Requiring access to data authority • How can you have strong encryption and – Very, very quickly still satisfy governments? – Without the owner knowing Lecture 8 Lecture 8 Page 11 Page 12 CS 239, Winter 2003 CS 239, Winter 2003 2

  3. Proper Use of Data Recovery Methods to Implement Methods Key Recovery • All encrypted transmissions (or saved data) • Key registry method must have key recovery methods applied –Register all keys before use • Basically, the user must cooperate • Data field recovery method – Or his encryption system must force him –Basically, keep key in specially to cooperate encrypted form in each message – Which implies everyone must use this –With special mechanisms to get key form of cryptosystem out of the message Lecture 8 Lecture 8 Page 13 Page 14 CS 239, Winter 2003 CS 239, Winter 2003 Problems With Key The Current Status of Key Recovery Systems Recovery Systems • Requires trusted infrastructures • Pretty much dead • Requires cooperation (forced or voluntary) • US tried to convince everyone to use of all users them • Requires more trust in authorities than –Skipjack algorithm, Clipper chip many people have • Very few agreed • International issues • US is moving on to other approaches • Performance and/or security problems with to dealing with cryptography actual algorithms Lecture 8 Lecture 8 Page 15 Page 16 CS 239, Winter 2003 CS 239, Winter 2003 Basics of Security Protocols Security Protocols • Work from the assumption (usually) that • A series of steps involving two or more your encryption is sufficiently strong parties designed to accomplish a task with • Given that, how do you design the exchange suitable security of messages to securely achieve a given • Sequence is important result? • Cryptographic protocols use cryptography • Not nearly as easy as you probably think • Different protocols assume different levels of trust between participants Lecture 8 Lecture 8 Page 17 Page 18 CS 239, Winter 2003 CS 239, Winter 2003 3

  4. Types of Security Protocols Participants in Security Protocols • Arbitrated protocols –Involving a trusted third party • Adjudicated protocols Alice Bob –Trusted third party, after the fact • Self-enforcing protocols David –No trusted third party Carol Lecture 8 Lecture 8 Page 19 Page 20 CS 239, Winter 2003 CS 239, Winter 2003 And the Bad Guys Trusted Arbitrator And sometimes Trent Alice or Bob A disinterested third party trusted by all Eve might cheat Mallory legitimate participants Who only listens Who is actively Arbitrators often simplify protocols, but add passively malicious overhead Lecture 8 Lecture 8 Page 21 Page 22 CS 239, Winter 2003 CS 239, Winter 2003 Key Exchange With Symmetric Key Exchange Protocols Encryption and a Arbitrator • Often we want a different encryption key • Alice and Bob want to talk securely for each communication session with a new key • How do we get those keys to the • They both trust Trent participants? –Assume Alice & Bob each share a – Securely key with Trent – Quickly • How do Alice and Bob get a shared – Even if they’ve never communicated before key? Lecture 8 Lecture 8 Page 23 Page 24 CS 239, Winter 2003 CS 239, Winter 2003 4

  5. Step One Step Two K A K B K A K B Alice Alice Bob Bob E KA ( K S ), Alice E KB ( K S ) Who knows Who knows Requests what at this what at this Session E KA ( K S ), point? point? Key for E KB ( K S ) Trent Bob Trent K A K B K A K B K S Lecture 8 Lecture 8 Page 25 Page 26 CS 239, Winter 2003 CS 239, Winter 2003 What Has the Protocol Step Three Achieved? K S • Alice and Bob both have a new session E KB ( K S ) K A K B key Alice Bob • The session key was transmitted using E KA ( K S ), keys known only to Alice and Bob K S E KB ( K S ) Who knows • Both Alice and Bob know that Trent what at this participated point? • But there are vulnerabilities Trent K A K B K S Lecture 8 Lecture 8 Page 27 Page 28 CS 239, Winter 2003 CS 239, Winter 2003 Problems With the Protocol The Man-in-the-Middle Attack • A class of attacks where an active • What if the initial request was grabbed attacker interposes himself secretly in a by Mallory? protocol • Could he do something bad that ends • Allowing alteration of the effects of the up causing us problems? protocol • Yes! • Without necessarily attacking the • (And there are also replay problems) encryption Lecture 8 Lecture 8 Page 29 Page 30 CS 239, Winter 2003 CS 239, Winter 2003 5

  6. Applying the Man-in-the-Middle Trent Does His Job Attack K A K B K A K B K M K M Alice Alice Bob Bob Mallory Mallory E KA ( K S ), Alice More precisely, Who knows Alice E KM ( K S ) Requests what do they think what at this Requests Session they know? Session point? Key for Key for Mallory Trent Trent K A K B K A K B Bob K M K M Lecture 8 Lecture 8 Page 31 Page 32 CS 239, Winter 2003 CS 239, Winter 2003 Alice Gets Ready to Talk to Bob Really Getting in the Middle E KM ( K S ) K A K B K A K B K M K M Alice Alice K S1 Bob Bob K S K S E KM ( K S1 ), Mallory Mallory K S K S E KB ( K S1 ) E KM ( K S ) Mallory can now E KB ( K S1 ) E KM ( K S ) K S1 masquerade as Mallory can also Bob ask Trent for a key to talk to Trent Trent K A K B K A K B Bob K M K M Lecture 8 Lecture 8 Page 33 Page 34 CS 239, Winter 2003 CS 239, Winter 2003 Mallory Plays Man-in-the- Defeating the Man In the Middle Middle • Problems: 1). Trent doesn’t really know what he’s Alice K S1 Bob supposed to do K S Mallory 2). Alice doesn’t verify he did the right thing K S Alice’s big secret K S1 • Minor changes can fix that Bob’s big secret Alice’s big secret E KS ( Alice’s big secret ) E KS1 ( Alice’s big secret ) 1). Encrypt request with K A E KS ( Alice’s big secret ) E KS1 ( Bob’s big secret ) E KS ( Bob’s big secret ) 2). Include identity of other participant in E KS1 ( Bob’s big secret ) E KS ( Bob’s big secret ) response - E KA ( K S , Bob) Alice’s big secret Bob’s big secret Bob’s big secret Lecture 8 Lecture 8 Page 35 Page 36 CS 239, Winter 2003 CS 239, Winter 2003 6

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security

Outline Preliminaries: Internet protocols, PKI, X.509, Encoding Internet Security Protocols Application layer security (email) PGP, S/MIME Transport layer security Bart Preneel SSL / TLS June 2003 Network layer

571 views • 19 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where it s needed But they are

941 views • 67 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239

Outline More Security Protocols Combining key distribution and authentication CS 239 Verifying security protocols Computer Security February 4, 2004 Lecture 7 Lecture 7 Page 1 Page 2 CS 239, Winter 2004 CS 239, Winter 2004

297 views • 11 slides
Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to

Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to

Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to Computer Security Announcements intermission Day 17: Crypto protocols and S protocols SSH Stephen McCamant University of Minnesota, Computer

338 views • 7 slides
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined

989 views • 73 slides
Outline More crypto protocols CSci 5271 Introduction to Computer Security Announcements

Outline More crypto protocols CSci 5271 Introduction to Computer Security Announcements

Outline More crypto protocols CSci 5271 Introduction to Computer Security Announcements intermission More crypto protocols and failures Stephen McCamant More causes of crypto failure University of Minnesota, Computer Science &

430 views • 4 slides
Outline More crypto protocols CSci 5271 Introduction to Computer Security Announcements

Outline More crypto protocols CSci 5271 Introduction to Computer Security Announcements

Outline More crypto protocols CSci 5271 Introduction to Computer Security Announcements intermission More crypto protocols and failures Stephen McCamant More causes of crypto failure University of Minnesota, Computer Science &

329 views • 5 slides
Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides
Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography

Verifying Security Protocols and their Implementations Information Security and Cryptography Reading Group Presenter: C t lin Hri cu References Verified Interoperable Implementations of Security Protocols. Karthikeyan Bhargavan,

922 views • 70 slides
Security protocols, crypto etc Computer Science Tripos part 2 Steven J. Murdoch Slides

Security protocols, crypto etc Computer Science Tripos part 2 Steven J. Murdoch Slides

Security protocols, crypto etc Computer Science Tripos part 2 Steven J. Murdoch Slides originally by Ross Anderson Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography

1.47k views • 118 slides
Outline Cryptographic protocols, contd More causes of crypto failure CSci 5271 Key

Outline Cryptographic protocols, contd More causes of crypto failure CSci 5271 Key

Outline Cryptographic protocols, contd More causes of crypto failure CSci 5271 Key distribution and PKI Introduction to Computer Security HW1 debrief Day 17: PKI and S protocols Stephen McCamant SSH University of Minnesota,

460 views • 11 slides
Lecture Outline Protocols for detecting manipulation How to think about

Lecture Outline Protocols for detecting manipulation How to think about

Lecture Outline Protocols for detecting manipulation How to think about architecture In general systems terms For security implications Tussles in architectures that affect multiple stakeholders Ethane: the

636 views • 37 slides
Detecting and Resolving Type Flaws in Security Protocols Michael Banks Department of Computer

Detecting and Resolving Type Flaws in Security Protocols Michael Banks Department of Computer

Detecting and Resolving Type Flaws in Security Protocols Michael Banks Department of Computer Science, University of York 26th February 2009 Outline 1 Security Protocols 2 Type Flaws: Attacks and Defences 3 Detecting and Resolving Potential

391 views • 25 slides
Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17,

Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17,

Distributed Systems Rik Sarkar James Cheney Security Protocols & Case Studies March 17, 2014 Recap & outline Security is hard Cryptography is not security No "security through obscurity" Today:

924 views • 39 slides
a Session-based Library with Polarities and Lenses Keigo Imai Nobuko Yoshida Shoji Yuen

a Session-based Library with Polarities and Lenses Keigo Imai Nobuko Yoshida Shoji Yuen

Session-ocaml : a Session-based Library with Polarities and Lenses Keigo Imai Nobuko Yoshida Shoji Yuen Gifu University, JP Imperial College London, UK Nagoya University, JP COORDINATION 2017 Neuchtel, Switzerland 20th June,

621 views • 59 slides
Linux Kernel Evolution vs OpenAFS Marc Dionne Edinburgh - 2012 The stage Linux is widely

Linux Kernel Evolution vs OpenAFS Marc Dionne Edinburgh - 2012 The stage Linux is widely

Linux Kernel Evolution vs OpenAFS Marc Dionne Edinburgh - 2012 The stage Linux is widely deployed as an OpenAFS client platform Many large OpenAFS sites rely heavily on Linux on both servers and clients The OpenAFS Linux client

681 views • 30 slides
Hands-On Ghidra A Tutorial about the Software Reverse Engineering Framework Roman Rohleder

Hands-On Ghidra A Tutorial about the Software Reverse Engineering Framework Roman Rohleder

Hands-On Ghidra A Tutorial about the Software Reverse Engineering Framework Roman Rohleder Thales Group Ghidra? Gee-druh. The G sounds like the G in goto, great, good, graph and GitHub. The emphasis goes on the first syllable.

1.25k views • 40 slides
Expressing Human Trust in Distributed Systems: the Mismatch Between Tools and Reality Sean W.

Expressing Human Trust in Distributed Systems: the Mismatch Between Tools and Reality Sean W.

Expressing Human Trust in Distributed Systems: the Mismatch Between Tools and Reality Sean W. Smith Department of Computer Science Dartmouth College Hanover, NH USA http://www.cs.dartmouth.edu/~sws/ April 15, 2005 joint work with various

615 views • 38 slides
Creative Visualizations A non-programming approach to create instant data visualizations through

Creative Visualizations A non-programming approach to create instant data visualizations through

Creative Visualizations A non-programming approach to create instant data visualizations through drag-and-drop builders Dr. Omer Ayoub Senior Data Scientist House of Mathematical and Statistical Sciences, King Abdul Aziz University, Jeddah,

358 views • 17 slides
Public Sector Service Transforma4on Julie Grant & Nadia

Public Sector Service Transforma4on Julie Grant & Nadia

Public Sector Service Transforma4on Julie Grant & Nadia Dajani Agenda Introduc4ons About the Barrington Consul4ng Group Case Study: Access

449 views • 24 slides
Is this the future? BALEAP PIM : Blending technology with EAP University of Southampton

Is this the future? BALEAP PIM : Blending technology with EAP University of Southampton

eFeedback & eMarking of Written Assignments with Grademark Is this the future? BALEAP PIM : Blending technology with EAP University of Southampton November 10th 2012 Garry Maguire gmaguire@brookes.ac.uk Abstr Abstract act: The stage

374 views • 22 slides
r s t

r s t

r s t sr P rstt tt

813 views • 16 slides

More recommend