Challenge the Estimate Presented by Mort Anvari Steve Loftus 23 June 05.
Network Protocols Network Systems Security Mort Anvari.
-
Upload
marcia-hart -
Category
Documents
-
view
216 -
download
0
Transcript of Network Protocols Network Systems Security Mort Anvari.
Network Protocols Network Systems Security
Mort Anvari
8/26/2004 2
Network Protocols Abstractions of communication between
two processes over a network Define message formats Define legitimate sequence of messages
Take care of physical details of different network hardware and machines
Separate tasks in complex communication networks For example, FTP and ARP
8/26/2004 3
Protocol Layering
Many problems need to be solved in a communication network
These problems can be divided into smaller sets and different protocols are designed for each set of problem
Protocols can be organized into layers to keep them easy to manage
8/26/2004 4
Properties of Protocol Layer
Functions of each layer are independent of functions of other layers Thus each layer is like a module and can
be developed independently Each layer builds on services provided
by lower layers Thus no need to worry about details of
lower layers -- transparent to this layer
8/26/2004 5
Protocol Stack: OSI Model
Application
Presentation
Session
Transport
Network
Data link
Physical
8/26/2004 6
Communicating End Hosts
Application
Presentation
Session
Transport
Network
Data link
Physical
Application
Presentation
Session
Transport
Network
Data link
Physical
Network
Data link
Physical
Host Host
Router
8/26/2004 7
Verification of Network Protocols
Many complex protocols performs multiple functions with multiple messages
It is desirable to verify that a protocol can correctly perform functions that it was designed for
Particularly important for security protocols
8/26/2004 8
Traditional Ways of Network Protocol Specification
Plain English
Time charts
Programming languages
8/26/2004 9
Shortcomings of Plain English
Ambiguity Different words can have similar meanings
process p sends message m to process qprocess p transmits message m to process qprocess p forwards message m to process qprocess p delivers message m to process q
Same word can have different meanings
process p sends message m to process qprocess p sends file f to process q
8/26/2004 10
Shortcoming of Time Chart
Not scalable Many legitimate sequences of messages Cannot list all possible legitimate sequences
when the number of sequences grows exponentially
8/26/2004 11
Shortcoming of UsingProgramming Language Hard to prove correctness of protocol
specification For example, protocol specified in C
language may involve overlap, and may involve transmission delay
8/26/2004 12
Formal Ways of Network Protocol Specification
BAN logic
Abstract Protocol Notation
8/26/2004 13
BAN Logic
Invented by Burrows, Abadi, and Needham
Use logical constructs and postulates to analyze authentication protocols and uncover various protocol weaknesses
8/26/2004 14
Logical Constructs Assume P and Q are network agents, X is a message,
and K is an encryption key P believes X: P acts as if X is true, and may assert X in
other messages P has jurisdiction over X: P's beliefs about X should
be trusted P said X: At one time, P transmitted (and believed)
message X, although P might no longer believe X P sees X: P receives message X, and can read and
repeat X {X}K: X is encrypted with key K fresh(X): X was sent recently key(K, P<->Q): P and Q may communicate with shared
key K
8/26/2004 15
Examples of Postulates If P believes key(K, P<->Q), and P sees
{X}K, then P believes (Q said X) If P believes (Q said X) and P believes
fresh(X), then P believes (Q believes X) If P believes (Q has jurisdiction over X)
and P believes (Q believes X), then P believes X
If P believes that Q said <X, Y>, the concatenation of X and Y, then P also believes that Q said X, and P also believes that Q said Y
8/26/2004 16
Shortcomings of BAN Logic
High level of abstraction Need for a protocol idealization
step, in which user is required to transform each message in a protocol into formulas
Can only verify a round everytime
8/26/2004 17
Abstract Protocol Notation Presented by Mohamed Gouda in the
book Elements of Network Protocol Design
Formal and scalable Proof of correctness of protocol
specification can be easily done using state transition diagram
8/26/2004 18
Communication Model
A network of processes and two unbounded FIFO channels between every two processes
process p
…
process q
…- - - - - - -
Set of messages
8/26/2004 19
Process Specification Each process in a protocol is specified as
followsprocess pxinp <name of input> : <type of input>
…<name of input> : <type of input>
var <name of variable> : <type of variable>…<name of variable> : <type of variable>
begin<action>
[] <action>…[] <action>end
8/26/2004 20
Action Execution Specified as <guard> -> <statement> Satisfy three conditions
Atomic: actions in the whole protocol are executed one at a time; one action cannot start while another action execution is in progress
Non-deterministic: an action is executed only when its guard is true
Fair: if guard of an action is continuously true, then the action is eventually executed
8/26/2004 21
State Transition Diagram
Define semantic of a protocol State is defined by a value for each
variable in protocol and by a message set for each channel in protocol
Transition is movement from current state to next state triggered by an action execution
8/26/2004 22
Adversary Model
Adversary can change contents of protocol channels by executing the following actions a finite number of times
Message loss: lose an original message Message modification: modify the field of an
original message to cause a modified message Message replay: replace an original message by
another original message to cause a replayed message
Message insertion: add to a channel a finite number of arbitrary messages
8/26/2004 23
Prove Correctness of Secure Protocol
Execution of adversary actions may lead the protocol to a bad state
Protocol is said to be correct if it converges to its good cycle in a finite number of steps after adversary finishes executing its actions
8/26/2004 24
Next Class
Network security tools to counter the effects of adversary actions
Cryptography backgrounds of network security tools