欢迎来到麦多课文档分享! | 帮助中心 海量文档,免费浏览,给你所需,享你所想!
麦多课文档分享
全部分类
  • 标准规范>
  • 教学课件>
  • 考试资料>
  • 办公文档>
  • 学术论文>
  • 行业资料>
  • 易语言源码>
  • ImageVerifierCode 换一换
    首页 麦多课文档分享 > 资源分类 > PPT文档下载
    分享到微信 分享到微博 分享到QQ空间

    Analysis of Security Protocols (I).ppt

    • 资源ID:378358       资源大小:514.50KB        全文页数:23页
    • 资源格式: PPT        下载积分:2000积分
    快捷下载 游客一键下载
    账号登录下载
    微信登录下载
    二维码
    微信扫一扫登录
    下载资源需要2000积分(如需开发票,请勿充值!)
    邮箱/手机:
    温馨提示:
    如需开发票,请勿充值!快捷下载时,用户名和密码都是您填写的邮箱或者手机号,方便查询和重复下载(系统自动生成)。
    如需开发票,请勿充值!如填写123,账号就是123,密码也是123。
    支付方式: 支付宝扫码支付    微信扫码支付   
    验证码:   换一换

    加入VIP,交流精品资源
     
    账号:
    密码:
    验证码:   换一换
      忘记密码?
        
    友情提示
    2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
    3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
    4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
    5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。

    Analysis of Security Protocols (I).ppt

    1、Analysis of Security Protocols (I),John C. Mitchell Stanford University,My Second Marktoberdorf School,Fun playing volleyball, swimming, hiking Review German vocabulary Alt, Pils, Dunkel, Weizen, Dunkel Weizen wegabschneider (trail-off-cutter) Seen some 96 students at conferences What else should I

    2、remember?,Computer Security,Protect information Store user passwords in a form that prevents anyone from reading them Transmit information like credit card numbers in a way that prevents others from intercepting them Protect system integrity Keep others from deleting your files Keep downloaded code

    3、(such as Java applets) from modifying important data Reject mail messages that contain viruses Maintain privacy,Correctness vs Security,Program or System Correctness Program satisfies specification For reasonable input, get reasonable output Program or System Security Program resists attack For unre

    4、asonable input, output not completely disastrous Secure system might not be correct Main technical differences Active interference from environment Refinement techniques may fail,Outline of these lectures,Introduction to security protocols Issues in security, protocol examples and flaws Overview of

    5、cryptography Formal presentation of protocols and intruder Automated finite-state analysis A probabilistic, poly-time framework,Tractable program analysis,Goal: tools and techniques to solve useful problems Caveat: need to be realistic,program complexity,complexity of property to verify,May be possi

    6、ble,Intractable,Security Protocols,Transmit information across network Keep important information secret Communicate with those you know and trustTypical handshake protocols 3-7 steps 2-5 parties client, server, key distribution service, lead to shared secret key for data transfer,Example: Secure So

    7、ckets Layer,Establishing Secure Communication,Parties use SSL protocol to Choose encryption scheme, e.g. 40-bit international encryption with 2 keys 120-bit domestic encryption with 2 keys choose among versions of specific scheme Agree on shared secret key Secret key more efficient than public key A

    8、void known-plaintext attack Minimize reuse of hard-to-establish public key,40,120,Some security objectives,Secrecy Info not revealed Authentication Know identity of individual or site Data integrity Msg not altered Message Authentication Know source of msg,Receipt Know msg received Access control Re

    9、vocation Anonymity Non-repudiation,Example Protocols,Challenge response Mechanism for freshness Needham-Schroeder Public Key Use public-key crypto to generate shared secret Kerberos Simplified version w/o timestamps or nonces Idea of sending encrypted “tickets” SSL (briefly) Diffie-Hellman key excha

    10、nge,Timeliness in Communication,Assume Alice and Bob share a private encryption key K Alice wants to know if Bob is on network Possible protocol: Alice Bob: “Hi Bob. Still there?” K Bob Alice: “I am here?” K Whats wrong with this?,Challenge-Response,Alice wants to know if Bob is still there Send “fr

    11、esh” number n, Bob returns f(n) nonce = number used once This avoids reply by malicious 3rd party Protocol Alice Bob: nonce K Bob Alice: nonce+1 K Does this work?,Needham-Schroeder Key Exchange, A, Noncea Noncea, Nonceb Nonceb,Ka,Kb,Result: A and B share two private numbers not known to any observer

    12、 without Ka-1, Kb -1,A,B,Kb,Anomaly in Needham-Schroeder,A,E,B, A, Na , A, Na , Na, Nb , Na, Nb , Nb ,Ke,Kb,Ka,Ka,Ke,Evil agent E tricks honest A into revealing private key Nb from B.,Evil E can then fool B.,Lowe,TMN Cell Phone Protocol,a,N,a,b,b,K,K,s,s,S,B,A,B, N ,A,B N ,A N ,TMN Replay Attack,S,B

    13、,A,B, NaKs,A,A, NbKs,B, NbNa,S,D,C,D, NcKs,C,C, NbKs,D, NbNc,REPLAY,Kerberos,Client requests key from KDC C KDC : C, TGS KDC returns private key and ticket KDC C : Ks1 Kc C, Ks1 Ktgs Client sends name and ticket to TGS C TGS : CKs1, C, Ks1 Ktgs, S TCS returns private key and ticket TGS C : Ks2 Kc C,

    14、 Ks2 Ks Client contacts server C S : CKs1, C, Ks1 Ks,Secure Socket Layer (SSL),Three goals Negotiate specific encryption scheme Possible “version attack” Authenticate client and server Appeal to “signature authority” Use public key to transmit secret key,Several underlying primitives: public key, si

    15、gnature scheme, hash function, private key,Handshake Protocol Description,ClientHello C S C, VerC, SuiteC, NC ServerHello S C VerS, SuiteS, NS, signCA S, KS+ ClientVerify C S signCAC, VC VerC, SecretC + signC Hash( Master(NC, NS, SecretC) + Pad2 +Hash(Msgs + C + Master(NC, NS, SecretC) + Pad1) (Chan

    16、ge to negotiated cipher) ServerFinished S C Hash( Master(NC, NS, SecretC) + Pad2 + Hash( Msgs + S + Master(NC, NS, SecretC) + Pad1)ClientFinished C S Hash( Master(NC, NS, SecretC) + Pad2 + Hash( Msgs + C + Master(NC, NS, SecretC) + Pad1) ,KS,Master(NC, NS, SecretC),Master(NC, NS, SecretC),Diffie-Hel

    17、lman Key Exchange,Number-theoretic assumption Given three numbers p, g, ga mod p, no efficient algorithm for computing a Belief: adversary cannot find a until “too late” Protocol (assumes public prime p, generator g) Alice Bob: ga mod p Bob Alice: gb mod p Consequence Alice and Bob know gab mod p, no one else does Works on telephone, not general network. Why?,


    注意事项

    本文(Analysis of Security Protocols (I).ppt)为本站会员(wealthynice100)主动上传,麦多课文档分享仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知麦多课文档分享(点击联系客服),我们立即给予删除!




    关于我们 - 网站声明 - 网站地图 - 资源地图 - 友情链接 - 网站客服 - 联系我们

    copyright@ 2008-2019 麦多课文库(www.mydoc123.com)网站版权所有
    备案/许可证编号:苏ICP备17064731号-1 

    收起
    展开