protocol security engineering
play

Protocol Security Engineering " - PDF document

Aug 13, 2022 •172 likes •203 views

Can we avoid Protocol Security meltdown? Brian Monahan Trusted Systems Lab HP Labs, Bristol, UK Tel: +44 (0)117 312-8935 Email: brian_monahan@hp.com Presented at STORK : Towards a Roadmap for Future Research 26-27 November 2002 What is

  1. Can we avoid Protocol Security meltdown? Brian Monahan Trusted Systems Lab HP Labs, Bristol, UK Tel: +44 (0)117 312-8935 Email: brian_monahan@hp.com Presented at STORK : Towards a Roadmap for Future Research 26-27 November 2002 What is the Internet made from? ! ! ! ! " ����������������������������������������� " ������������������������������������������������ # Identity and process integrity becomes a serious distributed issue. " ���������������� # Security fixes applied by patch, building upon existing protocols. # Known protocols used in ways unintended by original designers. More crypto, communication & distribution ⇒ protocol evolution. # Slide 2/5 Can we avoid Protocol Security meltdown? STORK :Towards a Roadmap for Future Research 26-27 November 2002 1

  2. Protocol Security Engineering " ������������������������������ # Subtle compositions of foundational cryptographic primitives. " �������������������������������������������� # Simplified “black box” units characterised by external properties. # Security properties are “systemic” and not merely “functional”. " ������������������� # Description and identification of: Security goals for protocols. — — Systems assumptions that protocols rely on to achieve their goals. How and why a protocol works securely (i.e. explanation and proof). — # Tool support for protocol security design & engineering Slide 3/5 Can we avoid Protocol Security meltdown? STORK :Towards a Roadmap for Future Research 26-27 November 2002 How to avoid Protocol Security meltdown? �� �� �� �� ��������� �������������������������������������������� ��������� ��������� ��������� # Innovation & evolution in protocols is inevitable because of: PUSH: Improved cryptographic primitives making interesting things possible PULL: More applications needing to do more things, more securely. �� �� �� �� ��������� ������������������������������������ ���������� ��������� ��������� ��������� ���������� � ���������� ���������� # Education – to broaden understanding of protocols issues by developers and engineers. Recent security protocols web-site: http://www.lsv.ens-cachan.fr/~jacquema/splib/ �� �� �� �� ��������� ��������������������������������� ���������� ��������� ��������� ��������� ���������� ���������� ���������� ��������������������� ���������������������������������������������������������������������������� ������ ��� ��� �� �� �� �� ��������� ��������������� ��������� ��������� ��������� ��������� ��������� ��������������������������������������� ��������� ��������� ����������������������������������������������������������������� Slide 4/5 Can we avoid Protocol Security meltdown? STORK :Towards a Roadmap for Future Research 26-27 November 2002 2

  3. Protocols at HP Labs " �������������������������� ������������� ������������� ������������� ������������� # Automated flaw discovery for simple protocols # Proof-of-concept prototype tool # New version under development – broader range, more control. # Report: http://www.hpl.hp.com/techreports/2002/HPL-2002-246.html " ���������� ������ ��������� ������ ������ ��� ��� ��� # http://www.casenet-eu.org/ Slide 5/5 Can we avoid Protocol Security meltdown? STORK :Towards a Roadmap for Future Research 26-27 November 2002 3

Recommend

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals:

IN3210 Network Security Transport Layer Security The TLS Protocol Transport Layer Security (TLS) Security goals: Authentication Integrity Confidentiality Transparent security protocol between TCP and application

1k views • 66 slides
Security and Privacy Issues in IPWAVE Jong-Hyouk Lee (jonghyouk@smu.ac.kr) Protocol Engineering

Security and Privacy Issues in IPWAVE Jong-Hyouk Lee (jonghyouk@smu.ac.kr) Protocol Engineering

2016/11/16 @ IPWAVE, IETF 97 Security and Privacy Issues in IPWAVE Jong-Hyouk Lee (jonghyouk@smu.ac.kr) Protocol Engineering Lab., Sangmyung University Background (1/3) Safety messages are not transmitted in IPv6 packets Non-IP

233 views • 8 slides
Security Testing fuzzing protocol fuzzing m odel-based testing autom ated reverse engineering

Security Testing fuzzing protocol fuzzing m odel-based testing autom ated reverse engineering

Security Testing fuzzing protocol fuzzing m odel-based testing autom ated reverse engineering autom ated reverse engineering Erik Poll Erik Poll Radboud University Nijmegen Testing Ingredients T ti I di t Two things are needed to test

865 views • 53 slides
Automated Reasoning for Security Protocol Analysis The ASW Protocol Revisited: A Unified View

Automated Reasoning for Security Protocol Analysis The ASW Protocol Revisited: A Unified View

Automated Reasoning for Security Protocol Analysis The ASW Protocol Revisited: A Unified View Paul Hankes Drielsma and Sebastian M odersheim Information Security, ETH Zurich ARSPA Paul Hankes Drielsma 1 Introduction ASW: an

508 views • 14 slides
IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor

IPv6 Protocol IPv6 Protocol Does it solve all the security problems of IPv4? Franjo Majstor EMEA Consulting Engineer fmajstor@cisco.com Cisco Systems, Inc. 1 fmajstor@cisco.com, IPv6 Security Agenda IPv6 Primer IPv6 Protocol

241 views • 21 slides
Security Engineering Security Engineering Wallace Hopp Industrial Engineering Department

Security Engineering Security Engineering Wallace Hopp Industrial Engineering Department

Security Engineering Security Engineering Wallace Hopp Industrial Engineering Department McCormick School of Engineering A Flat World is an exciting but dangerous world Technology Opportunity Advances Reduced Risk Political Barriers

449 views • 17 slides
Cryptography and Network Security IPSEC Security architecture and protocol stack Secure

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure

Cryptography and Network Security IPSEC Security architecture and protocol stack Secure applications: Applicaz. (SHTTP) PGP, SHTTP, SFTP, or SSL/TLS Security down in the TCP protocol stack -SSL between TCP IPSEC and applic. layer

723 views • 59 slides
The HTTP Protocol The HTTP Protocol How to write servers and clients in Java Anders Mller

The HTTP Protocol The HTTP Protocol How to write servers and clients in Java Anders Mller

Objectives Objectives How the HTTP protocol works An Introduction An Introduction to XML and Web Technologies to XML and Web Technologies The SSL security extension from a programmer's point of view The HTTP Protocol The HTTP Protocol

433 views • 10 slides
What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i

What is i i KP KP? ? i KP i KP: : i i - -Key Key- -Protocol Protocol What is i -Key-Protocol, i = 1, 2, 3, Family of protocols Secure electronic payment Based on credit card payments Christopher Hsu Can be extended

407 views • 4 slides
Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1

Introduction to Network Security Chapter 10 Web Security Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics WWW HTTP: Hyper Text Transfer Protocol HTTP Security HTML Protocol HTML Security

1.09k views • 74 slides
LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me

LoRa Reverse Engineering and AES EM Side-Channel Attacks using SDR Pieter Robyns About me PhD student at Hasselt University since 2014 Since 2016 on FWO SBO research grant Researching wireless security Protocol security,

803 views • 57 slides
OsmocomBB A tool for GSM protocol level security Harald Welte gnumonks.org gpl-violations.org

OsmocomBB A tool for GSM protocol level security Harald Welte gnumonks.org gpl-violations.org

GSM/3G Network Security Introduction Security Problems and the Baseband OsmocomBB Project Summary OsmocomBB A tool for GSM protocol level security Harald Welte gnumonks.org gpl-violations.org OpenBSC airprobe.org hmw-consulting.de SSTIC

629 views • 35 slides
1 2 Security Authentication Principles 3 4 Hypertext Transfer Cryptography Protocol Secure

1 2 Security Authentication Principles 3 4 Hypertext Transfer Cryptography Protocol Secure

Chapter 18 1 2 Security Authentication Principles 3 4 Hypertext Transfer Cryptography Protocol Secure (HTTPS) 5 6 Security Best Common Practices Threat Vectors 7 Summary Fundamentals of Web Development - 2 nd Ed. Randy Connolly

603 views • 14 slides
How reversing the COMBUS protocol resulted in breaking security Hacking COMBUS in a of a

How reversing the COMBUS protocol resulted in breaking security Hacking COMBUS in a of a

How reversing the COMBUS protocol resulted in breaking security Hacking COMBUS in a of a security system Paradox security system 16.11.2018. IT-SECX 2018, Austria Author Lead researcher at Possible Security, Latvia Hacking and

700 views • 29 slides
Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code

Formal Security Analysis of Cryptographic Protocol Code Karthikeyan Bhargavan INRIA IIT Delhi, Fall 2010 Lecture 1: WriCng Secure Web ApplicaCons

472 views • 25 slides
Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives

Security Bugs in Protocols are Really Bad! Marsh Ray PhoneFactor Protocol Bugs Objectives Discuss the complexities in mitigating security bugs occurring in network protocols. Describe some current issues. Leave time for Q&A.

631 views • 50 slides
Relating Strands and Multiset Rewriting For Security Protocol Analysis Iliano Cervesato Nancy

Relating Strands and Multiset Rewriting For Security Protocol Analysis Iliano Cervesato Nancy

Relating Strands and Multiset Rewriting For Security Protocol Analysis Iliano Cervesato Nancy Durgin, Patrick Lincoln John Mitchell, Andre Scedrov July 3 rd , 2000 CSFW-13 Cambridge, UK Representing Security Protocols Several recent

632 views • 38 slides
ARP Address Resolu,on Protocol Security Joo Paulo Barraca

ARP Address Resolu,on Protocol Security Joo Paulo Barraca

ARP Address Resolu,on Protocol Security Joo Paulo Barraca jpbarraca@ua.pt 1 Networking Basics Communica,on in packet networks rely on several

319 views • 20 slides
Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver Florian Adamsky,

Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver Florian Adamsky,

Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver Security Analysis of the Micro Transport Protocol with a Misbehaving Receiver Florian Adamsky, Syed Ali Khayam, Rudolf Jger and Muukrishnan Rajarajan The 4th

557 views • 38 slides
On the Provable Security of the Dragonfly protocol Jean Lancrenon 1 Marjan krobot 1 1

On the Provable Security of the Dragonfly protocol Jean Lancrenon 1 Marjan krobot 1 1

PAKEs Dragonfly Results Conclusion On the Provable Security of the Dragonfly protocol Jean Lancrenon 1 Marjan krobot 1 1 Interdisciplinary Centre for Security, Reliability and Trust University of Luxembourg ISC 2015 1 / 18 PAKEs

915 views • 65 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
Day 1 - Outline Introductions, Agenda Bashing OSP Protocol Design Issues Overview of Group Work

Day 1 - Outline Introductions, Agenda Bashing OSP Protocol Design Issues Overview of Group Work

Day 1 - Outline Introductions, Agenda Bashing OSP Protocol Design Issues Overview of Group Work Presentation API Protocol Items Review of Open Screen Protocol 1.0 Remote Playback API Protocol Items OSP Authentication & Security Second

1.75k views • 143 slides
OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte

OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte

GSM/3G security Implementing GSM protocols Security analysis Summary OpenBSC network-side GSM stack A tool for GSM protocol level security analysis Harald Welte gnumonks.org gpl-violations.org OpenBSC airprobe.org hmw-consulting.de SSTIC

1.16k views • 34 slides
Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline

Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline

Cryptographic Analysis of TLS Kenny Paterson FOSAD 2013 Information Security Group 1 Outline TLS overview TLS Record Protocol Theory Attacks Security analysis TLS Handshake Protocol Security analysis Discussion 2

1.78k views • 173 slides

More recommend