Network Protocols Network Systems Security

Mort Anvari

8/26/2004 2

Network Protocols Abstractions of communication between

two processes over a network Define message formats Define legitimate sequence of messages

Take care of physical details of different network hardware and machines

Separate tasks in complex communication networks For example, FTP and ARP

8/26/2004 3

Protocol Layering

Many problems need to be solved in a communication network

These problems can be divided into smaller sets and different protocols are designed for each set of problem

Protocols can be organized into layers to keep them easy to manage

8/26/2004 4

Properties of Protocol Layer

Functions of each layer are independent of functions of other layers Thus each layer is like a module and can

be developed independently Each layer builds on services provided

by lower layers Thus no need to worry about details of

lower layers -- transparent to this layer

8/26/2004 5

Protocol Stack: OSI Model

Application

Presentation

Session

Transport

Network

Data link

Physical

8/26/2004 6

Communicating End Hosts

Application

Presentation

Session

Transport

Network

Data link

Physical

Application

Presentation

Session

Transport

Network

Data link

Physical

Network

Data link

Physical

Host Host

Router

8/26/2004 7

Verification of Network Protocols

Many complex protocols performs multiple functions with multiple messages

It is desirable to verify that a protocol can correctly perform functions that it was designed for

Particularly important for security protocols

8/26/2004 8

Traditional Ways of Network Protocol Specification

Plain English

Time charts

Programming languages

8/26/2004 9

Shortcomings of Plain English

Ambiguity Different words can have similar meanings

process p sends message m to process qprocess p transmits message m to process qprocess p forwards message m to process qprocess p delivers message m to process q

Same word can have different meanings

process p sends message m to process qprocess p sends file f to process q

8/26/2004 10

Shortcoming of Time Chart

Not scalable Many legitimate sequences of messages Cannot list all possible legitimate sequences

when the number of sequences grows exponentially

8/26/2004 11

Shortcoming of UsingProgramming Language Hard to prove correctness of protocol

specification For example, protocol specified in C

language may involve overlap, and may involve transmission delay

8/26/2004 12

Formal Ways of Network Protocol Specification

BAN logic

Abstract Protocol Notation

8/26/2004 13

BAN Logic

Invented by Burrows, Abadi, and Needham

Use logical constructs and postulates to analyze authentication protocols and uncover various protocol weaknesses

8/26/2004 14

Logical Constructs Assume P and Q are network agents, X is a message,

and K is an encryption key P believes X: P acts as if X is true, and may assert X in

other messages P has jurisdiction over X: P's beliefs about X should

be trusted P said X: At one time, P transmitted (and believed)

message X, although P might no longer believe X P sees X: P receives message X, and can read and

repeat X {X}K: X is encrypted with key K fresh(X): X was sent recently key(K, P<->Q): P and Q may communicate with shared

key K

8/26/2004 15

Examples of Postulates If P believes key(K, P<->Q), and P sees

{X}K, then P believes (Q said X) If P believes (Q said X) and P believes

fresh(X), then P believes (Q believes X) If P believes (Q has jurisdiction over X)

and P believes (Q believes X), then P believes X

If P believes that Q said <X, Y>, the concatenation of X and Y, then P also believes that Q said X, and P also believes that Q said Y

8/26/2004 16

Shortcomings of BAN Logic

High level of abstraction Need for a protocol idealization

step, in which user is required to transform each message in a protocol into formulas

Can only verify a round everytime

8/26/2004 17

Abstract Protocol Notation Presented by Mohamed Gouda in the

book Elements of Network Protocol Design

Formal and scalable Proof of correctness of protocol

specification can be easily done using state transition diagram

8/26/2004 18

Communication Model

A network of processes and two unbounded FIFO channels between every two processes

process p

…

process q

…- - - - - - -

Set of messages

8/26/2004 19

Process Specification Each process in a protocol is specified as

followsprocess pxinp <name of input> : <type of input>

…<name of input> : <type of input>

var <name of variable> : <type of variable>…<name of variable> : <type of variable>

begin<action>

[] <action>…[] <action>end

8/26/2004 20

Action Execution Specified as <guard> -> <statement> Satisfy three conditions

Atomic: actions in the whole protocol are executed one at a time; one action cannot start while another action execution is in progress

Non-deterministic: an action is executed only when its guard is true

Fair: if guard of an action is continuously true, then the action is eventually executed

8/26/2004 21

State Transition Diagram

Define semantic of a protocol State is defined by a value for each

variable in protocol and by a message set for each channel in protocol

Transition is movement from current state to next state triggered by an action execution

8/26/2004 22

Adversary Model

Adversary can change contents of protocol channels by executing the following actions a finite number of times

Message loss: lose an original message Message modification: modify the field of an

original message to cause a modified message Message replay: replace an original message by

another original message to cause a replayed message

Message insertion: add to a channel a finite number of arbitrary messages

8/26/2004 23

Prove Correctness of Secure Protocol

Execution of adversary actions may lead the protocol to a bad state

Protocol is said to be correct if it converges to its good cycle in a finite number of steps after adversary finishes executing its actions

8/26/2004 24

Next Class

Network security tools to counter the effects of adversary actions

Cryptography backgrounds of network security tools