2. Contents
1. The Origins
2. Information Policies
3. Some concepts
Primitive and protocols
Definitions
The Protocol as a Language
Provability
Modeling the Adversary
The Problem of Protocol Composition
4. Protocol Failures
5. Heuristics
6. Tools for Automated Security Analysis
3. Origins
Classical model of Crypto-System involves only sender and
receiver
- One way transmission
IFF protocols started in 1952 by Feistel Group at Air Force
Research Center
Roger Needham solve the problem of protecting password
by applying the concept of protocols.
Public-key cryptography inventor Whitfield Diffie solve the
problem of authentication.
Zero-knowledge interactive protocols
4. Information Policies
The following list indicates a classification of some concerns
that may arise:
Release of Information
- Maintain private information.
- Prove the possession of secrets without releasing more
information.
- Exclusive sharing of information.
- Gradual release of information.
- Oblivious release of information.
- Exchange of secret information.
- Anonymity of sender and receiver.
5. Preservation of information:
- Maintain correct and complete information among two or more
parties.
- Correct senders and receivers.
- Correct time and complete sequence of events.
We will find all these concerns in various application areas of
networked communications. For example, e-commerce,
transactions, financial trading, on-line auctions.
6. Some Concepts
Primitives and protocols
Cryptographic Primitives: The mathematical operations and
functions in local cryptographic transformations are computed
by communicating parties (e.g. encryption, hash function, public
key trapdoor function ,secret key stream, block cipher)
Cryptographic Protocols : The communication procedures that
use cryptographic primitives in achieving some goals (e.g. key
distribution entity authentication, confidential information
sharing. )
- Small programs designed to secure communication (various
security goals)
7. Definitions
- Communication protocol is a set of rules that controls the
interaction of communicating parties.
Two party case, n=2
Multi-party case n>=3(single sender and multiple recipients)
- Cryptographic protocol is a communication protocol that
includes one or more cryptographic primitives.
- Communication channel is the communication medium
enabling the message exchange between communicating parties.
8. Protocol as a Language
A language consist of an alphabet of symbols, the syntax of
acceptable words of language and grammar of acceptable
sentences.
The service provided to communicating parties by the protocol.
The vocabulary of messages that can be used in the exchange.
Provability
Correctness – For all possible input values when all parties behave
according to protocol rules.
Soundness – The security of the protocol principals relative to
adversary.
9. Modeling of Adversary
We may assume weak adversary with limited power, or
stronger adversary with extended power over
communication and participants.
The weakest adversary model is the passive eavesdropping
model of Shannon.
In even stronger attack model, Malice can also be
acknowledged the power to take over(“corrupt”) other
principals, making the opportunity for collusion attacks by
all “maliced” principals on remaining principals.
10. Problem of Protocol Composition
Security of arbitrary cryptographic protocol composition is a
grand challenge.
One concern is interdependencies between security requirement
and execution environment.
Types of protocol composition:
Sequential composition of runs of one or more protocols.
Parallel composition of runs of one or more protocols.
Concurrent protocol composition allowing arbitrary message
interleaving of simultaneous runs of one or more protocols.
11. Protocol Failure
Reasons for Failure
It can come from:
1. Incorrect design of the cryptographic primitives
2. Incorrect design of the cryptographic protocol
3. Incorrect implementation
4. Incorrect environment
5. Incorrect operational management
All these concerns must be observed to ensure the correctness
and soundness of operational cryptographic protocol as
part of larger system.
12. Heuristics
Simmons's principle
Principle1- Enumerate all of the properties of all of quantities
involved.
Principle2- 1. Go through the list of properties assuming that
none of them are as they are claimed or tacitly assumed to be
unless a proof technique exist to either or verify their nature.
2. For each possible violation of property, critically examine the
protocol to see if this makes any difference in the outcome of
execution of the protocol.
3. Consider combinations of parameters as well as single
parameters.
13. Principle 3-
If the outcome of protocol can be influenced as a result of
a violation of one or more of the assumed properties, it is
essential to determine whether this can be exploited to
advance some meaningful deception.
Protocol failure occur whenever the function of protocol
can be subverted as consequence of violations.
14. Separation of concerns
Divide and conquer is a useful principle in
algorithmic design.
A direct and natural problem partitioning attempt
for cryptographic protocol is to separate the concern
of crypto-primitives and cryptographic protocols.
An encryption of message m under secret key k
becomes abstracted and an ideal with [m]k, though a
detailed definition of what this notation means in
terms of security must be made too.
15. A simple approach to cryptographic protocol
specification between an initiator I and responder R,
based on initialization of crypto-primitives c an go
like this:
1. I --> R: [NI, I] pk(R)
2. R--> I: [NI, NR] pk(I)
3. I --> R: [NR] pk(R)
This describes Needham -Schroeder public based
mutual authentication protocol.
16. ResponderInitiator
Nonce NI
[NI, I] pk(R)
[NI, NR] pk(I) Nonce NR
R authenticated
NI , NR Secret [NR] pk(R) I authenticated
NI , NR Secret
Fig. Needham –Schroder public key based authentication protocol
17. More prudent engineering advice
Basic principle1: Explicit communication
Every message should say what it means : its
interpretation depends on its content.
Basic principle2: Appropriate Conditions for Actions
The conditions for [received] message to be acted upon
should be clearly set out so that someone receiving a
design may see whether they are acceptable or not.
18. Tools for Automated Security Analysis
Scyther is a formal analysis method tool .
Scyther is a tool for the automatic verification of
security protocols.
It is a specialized model checker for authentication
protocol that emulate simple theorem proving
methods.
Scyther tool illustrates the attack scenarios found by
graphical diagram.
19. Summary
Cryptographic protocols are used to provide security
guarantees for the exchanged data when multiple
parties are communicating in an insecure
environment.
The need for such security guarantees arises because
there are malicious parties who have interest in
obtaining or tampering with the exchanged
information.
In this we studied information policies, protocol
failures, heuristics ,tools for automated security.
20. Questions ?
Explain Cryptographic protocol and primitives.
State and explain reasons for protocol failure.
Short note on-
1.Protocol as language,
2.Simmons principle ,
3. Problem of protocol composition,
4.Modeling adversary.