Security Protocols I - Information Security

More documents

Recommendations

Info

Sebastian Mödersheim 9Building a key establishment protocol (3)• A first attempt: a protocol that consists of 3 messages.1. A, B AS2. K AB 3. K AB , A B1. A contacts S by sending theidentities of the 2 parties whoare going to share the sessionkey.2. S sends the key K AB to A.3. A passes K AB on to B.• N.B.: K AB does not contain any “information” about A and B,but is simply a name for the bit-string representing the session key.• Before we examine the (lack of) security of this protocol, notethat this is a significantly incomplete protocol specification.FMSEC Module 2, v.2 28.09.2009
Sebastian Mödersheim 1. A, B10Building a key establishment protocol (4)AS2. K AB 3. K AB , A• Only messages passed in a successful protocol run are specified.◮ No description of what happens in the case that a message of the wrongformat is received or that no message is received at all.◮ This is often done for security protocols, since error messages are often notrelevant for the security. (Exceptions?)• No specification of internal actions of principals.◮ e.g. “create fresh K AB ” and store that it is a key for A and B.• Implicit assumption: A and B “know” that the received messagesare part of the protocol.◮ It is common to omit such details which would be required for a networkedcomputer to be able to track the progress of a particular protocol run.◮ This may include details of which key should be used to decrypt a receivedmessage which has been encrypted. BFMSEC Module 2, v.2 28.09.2009
Page 1 and 2: Security Protocols IIntroductionSeb
Page 3 and 4: Sebastian Mödersheim 2Good Crypto
Page 5 and 6: Sebastian Mödersheim 4Motivation
Page 7 and 8: Sebastian Mödersheim 6Road map•
Page 9: Sebastian Mödersheim 8Building a k
Page 13 and 14: Sebastian Mödersheim 1. A, B12Buil
Page 15 and 16: Sebastian Mödersheim 14Building a
Page 19: Sebastian Mödersheim 18Building a
Page 24 and 25: iSebastian Mödersheim 23Building a
Page 32 and 33: Sebastian Mödersheim 31ExerciseCan
Page 34 and 35: Sebastian Mödersheim 33Summary: Co
Page 36 and 37: Sebastian Mödersheim 35Summary: Pr
Page 38 and 39: Sebastian Mödersheim 37An authenti
Page 40 and 41: Sebastian Mödersheim 39Informal Co
Page 42 and 43: Sebastian Mödersheim 41Man-in-the-
Page 44 and 45: Sebastian Mödersheim 43Assumptions
Page 46 and 47: Sebastian Mödersheim 45Examples of
Page 48 and 49: Sebastian Mödersheim 47Type flaw a
Page 50 and 51: Sebastian Mödersheim 49Type flaw a
Page 52 and 53: Sebastian Mödersheim 51Example of
Page 54 and 55: Sebastian Mödersheim 53Example of
Page 56 and 57: Sebastian Mödersheim 55. . . and s
Page 58 and 59: Sebastian Mödersheim 57Prudent eng
Page 60:
Sebastian Mödersheim 59Bibliograph
show all

Security Protocols I - Information Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?