Security Protocols I - Information Security

More documents

Recommendations

Info

Sebastian Mödersheim 45Examples of kinds of attack• Man-in-the-middle (or parallel sessions) attack: A ↔ i ↔ B.• Replay (or freshness) attack: reuse parts of previous messages.• Masquerading attack: pretend to be another principal,• Reflection attack send transmitted information back to originator.• Oracle attack: take advantage of normal protocol responses asencryption and decryption “services”.• Binding attack: using messages in a different context/for adifferent purpose than originally intended.• Type flaw attack: substitute a different type of message field.Note that these attack types are not formally defined and there maybe overlaps between these types.FMSEC Module 2, v.2 28.09.2009
Sebastian Mödersheim 46Diffie-Hellman: man-in-the-middle attack• Diffie-Hellman (without authentication of the half-keys) can be attacked:1. a → i(b) : exp(g, x)2. i(b) → a : exp(g, z)1. ′ i(a) → b : exp(g, z)2. ′ b → i(a) : exp(g, y)• a believes to share key exp(exp(g, x), z) with b. b believes . . .• The intruder knows both keys . . . .• Also a “half” man-in-the-middle attack is possible:1. a → i(b) : exp(g, x)2. i(b) → a : exp(g, z)• Prevention: authenticate the half-keys, e.g. with digital signatures:1. A → B : {exp(g, X)} inv(pk(A))2. B → A : {exp(g, Y )} inv(pk(B))• Many protocols are based on Diffie-Hellman, which is not a bad idea!FMSEC Module 2, v.2 28.09.2009
Page 1 and 2: Security Protocols IIntroductionSeb
Page 3 and 4: Sebastian Mödersheim 2Good Crypto
Page 5 and 6: Sebastian Mödersheim 4Motivation
Page 7 and 8: Sebastian Mödersheim 6Road map•
Page 9 and 10: Sebastian Mödersheim 8Building a k
Page 11 and 12: Sebastian Mödersheim 1. A, B10Buil
Page 13 and 14: Sebastian Mödersheim 1. A, B12Buil
Page 15 and 16: Sebastian Mödersheim 14Building a
Page 19: Sebastian Mödersheim 18Building a
Page 24 and 25: iSebastian Mödersheim 23Building a
Page 32 and 33: Sebastian Mödersheim 31ExerciseCan
Page 34 and 35: Sebastian Mödersheim 33Summary: Co
Page 36 and 37: Sebastian Mödersheim 35Summary: Pr
Page 38 and 39: Sebastian Mödersheim 37An authenti
Page 40 and 41: Sebastian Mödersheim 39Informal Co
Page 42 and 43: Sebastian Mödersheim 41Man-in-the-
Page 44 and 45: Sebastian Mödersheim 43Assumptions
Page 48 and 49: Sebastian Mödersheim 47Type flaw a
Page 50 and 51: Sebastian Mödersheim 49Type flaw a
Page 52 and 53: Sebastian Mödersheim 51Example of
Page 54 and 55: Sebastian Mödersheim 53Example of
Page 56 and 57: Sebastian Mödersheim 55. . . and s
Page 58 and 59: Sebastian Mödersheim 57Prudent eng
Page 60: Sebastian Mödersheim 59Bibliograph

Security Protocols I - Information Security

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?