Security Protocols I - Information Security

More documents

Recommendations

Info

Sebastian Mödersheim 15Building a key establishment protocol (9)• In other words: the intruder has complete control of thechannel(s) over which protocol messages flow.The intruder has complete control over the network.• In contrast to ordinary communication protocols, we assume theworst-case of a malicious agent.◮ Although there may be no more than 4 or 5 messages involvedin a legitimate run of the protocol, there are an infinite numberof variations in which the intruder can participate.◮ These variations involve an unbounded number of messages andeach must satisfy the protocol’s security requirements.• The protocol can then be attacked as follows:FMSEC Module 2, v.2 28.09.2009
Sebastian Mödersheim 16Building a key establishment protocol (10)s 1. a, b2. {|kab|} sk(a,s) , {|kab|} sk(b,s) a3. {|kab|} sk(b,s) , a i3 ′ . {|kab|} sk(b,s) , D b• The intruder i simply intercepts the message from a to b andsubstitutes D for a’s identity (D is any agent name).⇒ b believes that he is sharing the key with D, whereas in fact heis sharing it with a.FMSEC Module 2, v.2 28.09.2009
Page 1 and 2: Security Protocols IIntroductionSeb
Page 3 and 4: Sebastian Mödersheim 2Good Crypto
Page 5 and 6: Sebastian Mödersheim 4Motivation
Page 7 and 8: Sebastian Mödersheim 6Road map•
Page 9 and 10: Sebastian Mödersheim 8Building a k
Page 11 and 12: Sebastian Mödersheim 1. A, B10Buil
Page 13 and 14: Sebastian Mödersheim 1. A, B12Buil
Page 15: Sebastian Mödersheim 14Building a
Page 19: Sebastian Mödersheim 18Building a
Page 22 and 23: Sebastian Mödersheim 21Building a
Page 24 and 25: iSebastian Mödersheim 23Building a
Page 32 and 33: Sebastian Mödersheim 31ExerciseCan
Page 34 and 35: Sebastian Mödersheim 33Summary: Co
Page 36 and 37: Sebastian Mödersheim 35Summary: Pr
Page 38 and 39: Sebastian Mödersheim 37An authenti
Page 40 and 41: Sebastian Mödersheim 39Informal Co
Page 42 and 43: Sebastian Mödersheim 41Man-in-the-
Page 44 and 45: Sebastian Mödersheim 43Assumptions
Page 46 and 47: Sebastian Mödersheim 45Examples of
Page 48 and 49: Sebastian Mödersheim 47Type flaw a
Page 50 and 51: Sebastian Mödersheim 49Type flaw a
Page 52 and 53: Sebastian Mödersheim 51Example of
Page 54 and 55: Sebastian Mödersheim 53Example of
Page 56 and 57: Sebastian Mödersheim 55. . . and s
Page 58 and 59: Sebastian Mödersheim 57Prudent eng
Page 60: Sebastian Mödersheim 59Bibliograph

Security Protocols I - Information Security

Create successful ePaper yourself

Delete template?

Save as template?