introduction to cryptographic protocols
play

Introduction to cryptographic protocols models, proofs, and attacks - PowerPoint PPT Presentation

Feb 17, 2023 •389 likes •1.36k views

Introduction to cryptographic protocols models, proofs, and attacks Karthikeyan Bhargavan INRIA karthikeyan.bhargavan@inria.fr http://prosecco.inria.fr/personal/karthik September 2013 (Based on slides by Stphanie Delaune, Bruno Blanchet,

  1. Introduction to cryptographic protocols models, proofs, and attacks Karthikeyan Bhargavan INRIA karthikeyan.bhargavan@inria.fr http://prosecco.inria.fr/personal/karthik September 2013 (Based on slides by Stéphanie Delaune, Bruno Blanchet, and others) Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 1 / 43

  2. Cryptographic protocols Cryptography Protocol Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  3. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Protocol Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  4. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Crypto Primitives : algorithms for encryption, signature, hashing, . . . Protocol Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  5. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Crypto Primitives : algorithms for encryption, signature, hashing, . . . Examples : RSA, AES, RC4 (encryption), RSA, DSA (signature), SHA-1, MD5 (hashing), HMAC, CMAC (MAC), . . . Protocol Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  6. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Crypto Primitives : algorithms for encryption, signature, hashing, . . . Examples : RSA, AES, RC4 (encryption), RSA, DSA (signature), SHA-1, MD5 (hashing), HMAC, CMAC (MAC), . . . Protocol A set of rules governing the transmission and storage of data that is exchanged between computers. Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  7. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Crypto Primitives : algorithms for encryption, signature, hashing, . . . Examples : RSA, AES, RC4 (encryption), RSA, DSA (signature), SHA-1, MD5 (hashing), HMAC, CMAC (MAC), . . . Protocol A set of rules governing the transmission and storage of data that is exchanged between computers. Examples : TCP/IP, GSM, Network File System, Cloud Storage Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  8. Cryptographic protocols Cryptographic protocol A set of rules for the exchange of data between multiple principals that uses cryptography to achieve security goals against a threat model. Principal : a protocol participant, typically human or computer Security Goal : the confidentiality or integrity of a data item, or the authentication of a principal Threat Model : the capabilities of the attacker Examples Communications protocols: TLS, IPsec, SSH, WPA Tamper-proof hardware: Smartcard, Navigo, SIM card Privacy preserving applications: BitCoin, Electronic Voting Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 3 / 43

  9. Example: Online Banking Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 4 / 43

  10. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Cryptographic Protocol : Password-based authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  11. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Cryptographic Protocol : Password-based authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  12. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Cryptographic Protocol : Password-based authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  13. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Threat Model : network attacker (malicious wireless access point), phishing website Cryptographic Protocol : Password-based authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  14. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Threat Model : network attacker (malicious wireless access point), phishing website Cryptographic Protocol : Password-based authentication Principals : Bank Client, Bank Website Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  15. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Threat Model : network attacker (malicious wireless access point), phishing website Cryptographic Protocol : Password-based authentication Principals : Bank Client, Bank Website Security Goal : Client authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  16. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Threat Model : network attacker (malicious wireless access point), phishing website Cryptographic Protocol : Password-based authentication Principals : Bank Client, Bank Website Security Goal : Client authentication Threat Model : dishonest client Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  17. Example: Credit Card Payment (EMV) Client Credit Card Terminal Bank Server Cardholder Verification (PIN Entry) Online Transaction Authorization Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 6 / 43

  18. Example: Credit Card Payment (EMV) Client Credit Card Terminal Bank Server Cardholder Verification (PIN Entry) Principals : Client, Terminal, Credit Card Security Goal : Client authentication Threat Model : Stolen credit card Online Transaction Authorization Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 6 / 43

  19. Example: Credit Card Payment (EMV) Client Credit Card Terminal Bank Server Cardholder Verification (PIN Entry) Principals : Client, Terminal, Credit Card Security Goal : Client authentication Threat Model : Stolen credit card Online Transaction Authorization Principals : Credit Card, Terminal, Bank Security Goal : Transaction data integrity, Card authentication Threat Model : Forged credit card, Tampered terminal Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 6 / 43

  20. Modelling cryptographic protocols Cryptographic protocols are small security-critical components embedded within large distributed applications Example : TLS within a web browser The security of the system depends on their correctness Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 7 / 43

  21. Modelling cryptographic protocols Cryptographic protocols are small security-critical components embedded within large distributed applications Example : TLS within a web browser The security of the system depends on their correctness Still, a long history of attacks on academic protocols: see the SPORE repository on TLS (HTTPS): BEAST, CRIME, RC4 on smartcards: YesCard, Side Channels Why is it so hard to design secure protocols? Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 7 / 43

  22. Modelling cryptographic protocols Cryptographic protocols are small security-critical components embedded within large distributed applications Example : TLS within a web browser The security of the system depends on their correctness Still, a long history of attacks on academic protocols: see the SPORE repository on TLS (HTTPS): BEAST, CRIME, RC4 on smartcards: YesCard, Side Channels Why is it so hard to design secure protocols? Cryptographic guarantees are often misunderstood Rich threat models are difficult to reason about and to test Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 7 / 43

Recommend

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic protocols: Concurrent programs

946 views • 69 slides
Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to

Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to

Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to Computer Security Announcements intermission Day 17: Crypto protocols and S protocols SSH Stephen McCamant University of Minnesota, Computer

338 views • 7 slides
Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes,

Analysing privacy-type properties in cryptographic protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France Thursday, July 12th, 2018 Cryptographic protocols everywhere ! Cryptographic protocols small programs designed to secure

849 views • 80 slides
Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth

Verifying Cryptographic Protocols in Applied Pi Calculus Mark Ryan Ben Smyth M.D.Ryan@cs.bham.ac.uk research@bensmyth.com Cryptoforma 7th April 2010 Cryptographic protocols A cryptographic protocol is a distributed procedure that employs

698 views • 46 slides
MTAT.07.005 Cryptographic Protocols Introduction to Zero-Knowledge Helger Lipmaa University of

MTAT.07.005 Cryptographic Protocols Introduction to Zero-Knowledge Helger Lipmaa University of

Zero-Knowledge Two-Party Protocols MTAT.07.005 Cryptographic Protocols Introduction to Zero-Knowledge Helger Lipmaa University of Tartu MTAT.07.005 Cryptographic Protocols Helger Lipmaa MTAT.07.005 Cryptographic Protocols Zero-Knowledge

1.49k views • 122 slides
Outline Cryptographic protocols, contd More causes of crypto failure CSci 5271 Key

Outline Cryptographic protocols, contd More causes of crypto failure CSci 5271 Key

Outline Cryptographic protocols, contd More causes of crypto failure CSci 5271 Key distribution and PKI Introduction to Computer Security HW1 debrief Day 17: PKI and S protocols Stephen McCamant SSH University of Minnesota,

460 views • 11 slides
First steps towards cryptographically sound confidentiality analysis of cryptographic protocols

First steps towards cryptographically sound confidentiality analysis of cryptographic protocols

First steps towards cryptographically sound confidentiality analysis of cryptographic protocols Peeter Laud peeter l@ut.ee Tartu Ulikool Cybernetica AS Teooriap aevad Arulas, 3.-5.02.2003 p.1/27 Overview Cryptographic protocols.

570 views • 27 slides
Symbolic verification of cryptographic protocols using Tamarin Part 1 : Introduction David Basin

Symbolic verification of cryptographic protocols using Tamarin Part 1 : Introduction David Basin

Symbolic verification of cryptographic protocols using Tamarin Part 1 : Introduction David Basin ETH Zurich Summer School on Verification Technology, Systems & Applications Nancy France August 2018 Organization of the course Two

774 views • 74 slides
Introduction to Cryptography Summarized from Applied Cryptography, Protocols, Algorithms, and

Introduction to Cryptography Summarized from Applied Cryptography, Protocols, Algorithms, and

Introduction to Cryptography Summarized from Applied Cryptography, Protocols, Algorithms, and Source Code in C , 2nd. Edition, Bruce Schneier, John Wiley & Sons, Inc. Outline Cryptographic Protocols Introduction Introduction

759 views • 45 slides
Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why

Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why

Clang tools for implementing cryptographic protocols like OTRv4 Sofa Celi What is OTR and why it was created? Cryptographic protocol Paper in 2004 by Ian Goldberg , Nikita Borisov and Eric Brewer Conversations in the

299 views • 18 slides
Cryptographic Protocols 3. Broadcast 4. Blockchain Spring 2020 Part 1 Broadcast / Byzantine

Cryptographic Protocols 3. Broadcast 4. Blockchain Spring 2020 Part 1 Broadcast / Byzantine

Cryptographic Protocols 1. Interactive Proofs and Zero-Knowledge Protocols 2. Secure Multi-Party Computation Cryptographic Protocols 3. Broadcast 4. Blockchain Spring 2020 Part 1 Broadcast / Byzantine Agreement Secure Multi-Party

170 views • 3 slides
Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic

Cryptographic Logical Relations What is the contextual equivalence for cryptographic protocols and how to prove it? Yu ZHANG Including joint work with J. Goubault-Larrecq, D. Nowak and S. Lasota EVEREST, INRIA Sophia-Antipolis February

487 views • 37 slides
CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno

CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno

Introduction Using CryptoVerif Proof technique Enc-then-MAC example FDH example Conclusion CryptoVerif: A Computationally Sound Mechanized Prover for Cryptographic Protocols Bruno Blanchet CNRS, Ecole Normale Sup erieure, INRIA,

972 views • 78 slides
The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with

The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with

The Coinductive Approach to Verifying Cryptographic Protocols Jesse Hughes joint work with Martijn Warnier jesseh@cs.kun.nl University of Nijmegen The Coinductive Approach to Verifying Cryptographic Protocols p.1/27 Outline I.

1.95k views • 184 slides
Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS

Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS

Introduction Formal models Adding equational theories Towards more guarantees Verification techniques for cryptographic protocols eronique Cortier 1 V RTA08 1 LORIA, CNRS - INRIA Cassis project, Nancy Universities 1/45 V eronique

785 views • 76 slides
Outline Public-key crypto basics Public key encryption and signatures CSci 5271 Introduction to

Outline Public-key crypto basics Public key encryption and signatures CSci 5271 Introduction to

Outline Public-key crypto basics Public key encryption and signatures CSci 5271 Introduction to Computer Security Announcements Day 16: Cryptographic protocols and failures Cryptographic protocols Stephen McCamant HW1 debrief University of

673 views • 11 slides
Formal Analysis of Imperfect Cryptographic Protocols Long Nguyen Hoang University of Tartu,

Formal Analysis of Imperfect Cryptographic Protocols Long Nguyen Hoang University of Tartu,

Formal Analysis of Imperfect Cryptographic Protocols Long Nguyen Hoang University of Tartu, Institute of Computer Science Agenda Introduction Probabilistic-spi calculus Security protocol verification Conclusion Q&A

633 views • 19 slides
Composition of Cryptographic Protocols - Feasibility Muthu Venkitasubramaniam University of

Composition of Cryptographic Protocols - Feasibility Muthu Venkitasubramaniam University of

Composition of Cryptographic Protocols - Feasibility Muthu Venkitasubramaniam University of Rochester Some slides borrowed from Manoj, Huijia, Abhishek and Rafael Secure Multi-party Computation [Yao,Goldreich-Micali-Wigderson] Goal: Allow a

652 views • 63 slides
TLS Security EPL682 Neophytos Christou What is TLS? - Cryptographic protocols that provide

TLS Security EPL682 Neophytos Christou What is TLS? - Cryptographic protocols that provide

TLS Security EPL682 Neophytos Christou What is TLS? - Cryptographic protocols that provide secure communication on the internet - Consists of two phases: - TLS Handshake protocol: agree on the cipher suite that will be used to encrypt

320 views • 31 slides
Automata-based analysis of recursive cryptographic protocols Thomas Wilke Joint work with Ralf

Automata-based analysis of recursive cryptographic protocols Thomas Wilke Joint work with Ralf

Automata-based analysis of recursive cryptographic protocols Thomas Wilke Joint work with Ralf K usters Christian-Albrechts-Universit at zu Kiel June 13, 2004 1 Un-/Decidability of security in the DY model Undecidable protocols

425 views • 29 slides
Outline 1 Zero-Knowledge MTAT.07.005 Cryptographic Protocols First Lecture: Main Notions Second

Outline 1 Zero-Knowledge MTAT.07.005 Cryptographic Protocols First Lecture: Main Notions Second

Zero-Knowledge Zero-Knowledge Two-Party Protocols Two-Party Protocols Outline 1 Zero-Knowledge MTAT.07.005 Cryptographic Protocols First Lecture: Main Notions Second Lecture: Proofs of Knowledge Introduction to Zero-Knowledge Third Lecture:

473 views • 31 slides
Pattern-Matching Spi-Calculus A Type System for Cryptographic Protocols Christian Haack and Alan

Pattern-Matching Spi-Calculus A Type System for Cryptographic Protocols Christian Haack and Alan

Pattern-Matching Spi-Calculus A Type System for Cryptographic Protocols Christian Haack and Alan Jeffrey DePaul University, Chicago Pattern-Matching Spi-Calculus p.1/11 Types for Cryptographic Protocols Pattern-Matching Spi-Calculus

779 views • 55 slides
A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara

ASIAN07 A Formal Analysis for Capturing Replay Attacks in Cryptographic Protocols Han Gao 1 , Chiara Bodei 2 , Pierpaolo Degano 2 , Hanne Riis Nielson 1 Informatics and Mathematics Modelling, Technical University of Denmark 1 Dipartimento di

435 views • 20 slides

More recommend