introduction to cryptographic protocols
play

Introduction to cryptographic protocols models, proofs, and attacks - PowerPoint PPT Presentation

Introduction to cryptographic protocols models, proofs, and attacks Karthikeyan Bhargavan INRIA karthikeyan.bhargavan@inria.fr http://prosecco.inria.fr/personal/karthik September 2013 (Based on slides by Stphanie Delaune, Bruno Blanchet,


  1. Introduction to cryptographic protocols models, proofs, and attacks Karthikeyan Bhargavan INRIA karthikeyan.bhargavan@inria.fr http://prosecco.inria.fr/personal/karthik September 2013 (Based on slides by Stéphanie Delaune, Bruno Blanchet, and others) Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 1 / 43

  2. Cryptographic protocols Cryptography Protocol Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  3. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Protocol Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  4. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Crypto Primitives : algorithms for encryption, signature, hashing, . . . Protocol Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  5. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Crypto Primitives : algorithms for encryption, signature, hashing, . . . Examples : RSA, AES, RC4 (encryption), RSA, DSA (signature), SHA-1, MD5 (hashing), HMAC, CMAC (MAC), . . . Protocol Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  6. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Crypto Primitives : algorithms for encryption, signature, hashing, . . . Examples : RSA, AES, RC4 (encryption), RSA, DSA (signature), SHA-1, MD5 (hashing), HMAC, CMAC (MAC), . . . Protocol A set of rules governing the transmission and storage of data that is exchanged between computers. Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  7. Cryptographic protocols Cryptography The study of mathematical techniques related to aspects of information security such as confidentiality and data integrity Crypto Primitives : algorithms for encryption, signature, hashing, . . . Examples : RSA, AES, RC4 (encryption), RSA, DSA (signature), SHA-1, MD5 (hashing), HMAC, CMAC (MAC), . . . Protocol A set of rules governing the transmission and storage of data that is exchanged between computers. Examples : TCP/IP, GSM, Network File System, Cloud Storage Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 2 / 43

  8. Cryptographic protocols Cryptographic protocol A set of rules for the exchange of data between multiple principals that uses cryptography to achieve security goals against a threat model. Principal : a protocol participant, typically human or computer Security Goal : the confidentiality or integrity of a data item, or the authentication of a principal Threat Model : the capabilities of the attacker Examples Communications protocols: TLS, IPsec, SSH, WPA Tamper-proof hardware: Smartcard, Navigo, SIM card Privacy preserving applications: BitCoin, Electronic Voting Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 3 / 43

  9. Example: Online Banking Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 4 / 43

  10. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Cryptographic Protocol : Password-based authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  11. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Cryptographic Protocol : Password-based authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  12. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Cryptographic Protocol : Password-based authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  13. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Threat Model : network attacker (malicious wireless access point), phishing website Cryptographic Protocol : Password-based authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  14. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Threat Model : network attacker (malicious wireless access point), phishing website Cryptographic Protocol : Password-based authentication Principals : Bank Client, Bank Website Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  15. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Threat Model : network attacker (malicious wireless access point), phishing website Cryptographic Protocol : Password-based authentication Principals : Bank Client, Bank Website Security Goal : Client authentication Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  16. Example: Online Banking Cryptographic Protocol : TLS (HTTPS) Principals : Web Browser, Bank Website Security Goal : confidentiality and integrity of data (secure channel), server authentication Threat Model : network attacker (malicious wireless access point), phishing website Cryptographic Protocol : Password-based authentication Principals : Bank Client, Bank Website Security Goal : Client authentication Threat Model : dishonest client Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 5 / 43

  17. Example: Credit Card Payment (EMV) Client Credit Card Terminal Bank Server Cardholder Verification (PIN Entry) Online Transaction Authorization Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 6 / 43

  18. Example: Credit Card Payment (EMV) Client Credit Card Terminal Bank Server Cardholder Verification (PIN Entry) Principals : Client, Terminal, Credit Card Security Goal : Client authentication Threat Model : Stolen credit card Online Transaction Authorization Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 6 / 43

  19. Example: Credit Card Payment (EMV) Client Credit Card Terminal Bank Server Cardholder Verification (PIN Entry) Principals : Client, Terminal, Credit Card Security Goal : Client authentication Threat Model : Stolen credit card Online Transaction Authorization Principals : Credit Card, Terminal, Bank Security Goal : Transaction data integrity, Card authentication Threat Model : Forged credit card, Tampered terminal Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 6 / 43

  20. Modelling cryptographic protocols Cryptographic protocols are small security-critical components embedded within large distributed applications Example : TLS within a web browser The security of the system depends on their correctness Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 7 / 43

  21. Modelling cryptographic protocols Cryptographic protocols are small security-critical components embedded within large distributed applications Example : TLS within a web browser The security of the system depends on their correctness Still, a long history of attacks on academic protocols: see the SPORE repository on TLS (HTTPS): BEAST, CRIME, RC4 on smartcards: YesCard, Side Channels Why is it so hard to design secure protocols? Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 7 / 43

  22. Modelling cryptographic protocols Cryptographic protocols are small security-critical components embedded within large distributed applications Example : TLS within a web browser The security of the system depends on their correctness Still, a long history of attacks on academic protocols: see the SPORE repository on TLS (HTTPS): BEAST, CRIME, RC4 on smartcards: YesCard, Side Channels Why is it so hard to design secure protocols? Cryptographic guarantees are often misunderstood Rich threat models are difficult to reason about and to test Karthikeyan Bhargavan (INRIA) Introduction to cryptographic protocols September 2013 7 / 43

Recommend


More recommend