信息安全原理与技术Protocols.pptxVIP

Part III: Protocols Part 3 ? ProtocolsProtocolHuman protocols ? the rules followed in human interactionsExample: Asking a question in classNetworking protocols ? rules followed in networked communication systemsExamples: HTTP, FTP, etc.Security protocol ? the (communication) rules followed in a security applicationExamples: SSL, IPSec, Kerberos, etc. Part 3 ? ProtocolsProtocolsProtocol flaws can be very subtleSeveral well-known security protocols have significant flawsIncluding WEP, GSM, and IPSecImplementation errors can also occurRecently, IE implementation of SSLNot easy to get protocols right… Part 3 ? ProtocolsIdeal Security ProtocolMust satisfy security requirementsRequirements need to be preciseEfficientMinimize computational requirementMinimize bandwidth usage, delays…RobustWorks when attacker tries to break itWorks if environment changes (slightly)Easy to implement, easy to use, flexible…Difficult to satisfy all of these! Part 3 ? ProtocolsChapter 9: Simple Security Protocols “I quite agree with you,” said the Duchess; “and the moral of that is?‘Be what you would seem to be’?orif youd like it put more simply?‘Never imagine yourself not to beotherwise than what it might appear to others that what you wereor might have been was not otherwise than what you had been would have appeared to them to be otherwise.’ ”?Lewis Carroll, Alice in WonderlandSeek simplicity, and distrust it.? Alfred North Whitehead Part 2 ? Access ControlSecure Entry to NSAInsert badge into readerEnter PINCorrect PIN?Yes? EnterNo? Get shot by security guard Part 3 ? ProtocolsATM Machine ProtocolInsert ATM cardEnter PINCorrect PIN?Yes? Conduct your transaction(s)No? Machine (eventually) eats card Part 3 ? ProtocolsAuthentication Protocols Part 3 ? ProtocolsAuthenticationAlice must prove her identity to BobAlice and Bob can be humans or computersMay also require Bob to prove he’s Bob (mutual authentication)Probably need to establish a session keyMay have other requirements, such asPublic key