Standard Protocols

Download Report

Transcript Standard Protocols

By:
Kirti Chawla
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
Set of rules that ensure that source, transit
and destination exchanges and retains information
in secure way.
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
1.
2.
3.
Information is not confined
We need to exchange information
Standard means of exchanging information
• Introduction
• Needs & Necessity
• Standard Protocols
Categories
Examples
Secret sharing
Key exchange protocols
Identity
Authentication protocols
Presence of Secret
Zero-knowledge proofs
Channel
Subliminal channel
Group Secrets
Secure multiparty computation
• An Example
• Looking Back
Key exchange protocols
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
Sender
1.
2.
3.
A key that should be kept secret
It is required to be shared
Should be valid for a session only
Receiver
Authentication protocols
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
Home
1.
2.
3.
Mobile
You need to access resource that are displaced
You need to prove your identity without physical
relocation
Should be time-bound access to resources
Zero knowledge proofs
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
A
• Looking Back
Q
User
1.
2.
3.
Challenger/System
Prove possession of secret but don’t divulge it
A basic element called trust is there, although
however minimum
Access to resource based upon this proof
Subliminal channel
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
Scrutinizer
Sender
1.
2.
3.
Receiver
Secret has to go under the eyes of Scrutinizer
The message should appear “innocuous” to
Scrutinizer
Sender and receiver know the scheme to get secret
Secure multiparty computation
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
Sender
1.
2.
3.
Receiver
Each member has secret that should not be shared
All know the combined result
No member can stop or delay any information that’s
circulating
• Introduction
Security Protocols
• Needs & Necessity
• Standard Protocols
Kerberos
• An Example
• Looking Back
IPSec
SSL/HTTPS
IPSec
• Introduction
• Needs & Necessity
• Standard Protocols
A set of rules for protecting data at IP layer. It
supports both authentication and security of
data-packets originating from IP based network.
• An Example
• Looking Back
Transport
IP-Header
Payload
Tunnel
IP-Header
IP-Header
Payload
Authentication
• Introduction
• Needs & Necessity
• Standard Protocols
IPSec supports authentication by non-repudiation of
payload and/or complete packet. The header is
called AH or Authentication Header.
• An Example
• Looking Back
Transport with AH header
IP-header
AH-header
Payload
Tunnel with AH header
IP-Header
AH-header
IP-header
Payload
Security
• Introduction
• Needs & Necessity
• Standard Protocols
IPSec supports security by encrypting of payload
and/or complete packet. The header is called ESP or
Encapsulated Security Payload.
• An Example
• Looking Back
Transport with ESP header
IP-header
ESP-header
Payload
Tunnel with ESP header
IP-Header
ESP-header
IP-header
Payload
Security Associations
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
Security Association is collection of facts that
allows two parties to maintain a secure session. All
security associations contain certain parameters and
destination address.
• Looking Back
Authentication & security algorithms used
Keys used for both algorithms
Security
Association
Database
Lifetime of key
Lifetime of SA
Sensitivity level
Structure of SA
How it works ?
• Introduction
Authentication
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
Public
Network
Security
Public
Network
Kerberos
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
It’s authentication protocol, which allows controlled
and legitimate usage of resources by it’s users.
Components
• Introduction
• Needs & Necessity
A User who wishes to use some resources on network
• Standard Protocols
• An Example
• Looking Back
A Key Distribution Center that gives user a session key,
when he logs in.
An Authentication Server which authenticates user.
A Ticket Granting Server which allows usage of multiple resources
on network.
How it works ?
• Introduction
• Needs & Necessity
User
AS
KDC
• Standard Protocols
• An Example
• Looking Back
1
2
…
N
TGS
Realms
• Introduction
KDC
• Needs & Necessity
• Standard Protocols
• An Example
Network 2 TGS
TGS
Network 1
• Looking Back
AS
AS
AS
User
TGS Network 3
AS
Network N
TGS
SSL/HTTPS
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
It’s a session or application level protocol to ensure
security. SSL is Secure Socket Layer and HTTPS is
Secure Hyper Text Transfer Protocol.
Components
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
A User who wishes to use some resources or communicate
with other user.
• Looking Back
A User or Server who wishes to communicate (to provide
some service) with above user needs to prove his identity.
A Hacker
How it works ?
• Introduction
Hello
• Needs & Necessity
Cert
• Standard Protocols
Prove
MAC
• An Example
• Looking Back
User
Server
Hacker
• Introduction
• Needs & Necessity
1.
• Standard Protocols
2.
• An Example
3.
• Looking Back
A user needs to carry information on the go from
incumbent system.
Information needs to be authenticated before it leaves incumbent
system.
A component in system provides mechanism of authenticating
information after scrutiny based upon following measures:
1. Ask information bearer of the source of information.
2. Scrutinize based upon information at hand and their persistent
knowledge.
How it works ?
• Introduction
• Needs & Necessity
2
• Standard Protocols
User
• An Example
3
• Looking Back
1
Authenticating
component
Policy
Implementer
• Introduction
• Needs & Necessity
• Standard Protocols
• An Example
• Looking Back
Are you familiar with the protocol in previous slide ?