CA413: Security Protocols

Introduction
David Gray
School of Computer Applications
DCU
david.gray@computing.dcu.ie
September 20, 2010

1. http://ca413.computing.dcu.ie
• Lecture notes, etc. are available from this WEB site.
2. http://honey.computing.dcu.ie
• Bulletin Board.

Housekeeping
• There is no essential textbook.
• However, there is a collection of useful books in the library.
• In addition, the WWW is a good source of information.
• Study work may be carried out in groups. For example, different members can research different topics.
• However, you are expected to know the material for the continuous assessment and the written exam.
• You will need to register with the WEB site using your student ID.
• You will also need to register with the module bulletin board.
– All general questions should be asked on the bulletin board.
– I will only respond to e-mails that are of a personal nature.
• The WEB site & bulletin board are new, so there may be some teething problems.

Module Structure
Lectures:
• 2 lectures per week for 12 weeks.
• Copies of all the slides are on the WEB site.
• References to other material are also on the WEB site.
Continuous Assessment (CA):
• There will be a number of pieces of practical work that you must undertake.
– All this work is examinable.
• The practical work must be undertaken using either Java or Go.

1
CA413: Introduction 2

• The CA will consist of a number these practicals.

• The CA is marked and must not be done in groups.
• Anyone caught copying or working together on the CA will fail the course.
• You may be requested to give a presentation of your work as part of the assessment process.
Marks:
• Continuous Assessment: 20%
• Exam: 80%
• You must get a combined mark ≥40% to pass
• The CA cannot be repeated.
• If your combined mark is <40%, you will have to repeat the exam in August
– Your continuous assessment mark will be carried forward.
– Even if you pass the exam, if you fail to get a combined mark ≥40%, you will have to do the
repeat exam.
– Of course, this is all subject to the mother & child arrangement.

The Exam Paper:

• The content of CA413 has changed over the years.

– Only the relevant exam papers will be on the WEB site.
• You will be required to answer 2 out of 3 questions.

• The rubric for the exam paper will be:

“Please answer question one and any
other question”.
• Question 1 will cover the work undertaken in the practicals.

Module Material
• This is the first year that CA413 has been presented in Semester One.

– CA416 (Cryptography) is no longer a prerequisite.

• Content of the module has changed.
– More material on using cryptography.
– A section on Advanced Protocols has been removed.
. This material required familiarity with some of the mathematics underlying public-key cryp-
togrsphy.
– More material on real protocols.
• I will not give detailed notes.

– You are expected to do background reading on some subjects.

– You should use the bulletin board to discuss these subjects and reference useful sources of infor-
mation that you have discovered.

Module Outline
We will cover three main areas:

© 2001-2010 David Gray

CA413: Introduction 3

1. Cryptography
• We will treat ciphers & hash functions as black boxes.
• How they work is covered in CA416.
• We are interested in using ciphers & hash in protocols.
2. Security Protocols
• Abstract view of security protocols.
• We are interested in analyzing and fixing weaknesses.

3. Real-world Protocols
• How security protocols are used in practice.

Some Definitions
Threat: the potential for the occurrence of a harmful event such as an attack.
Attack: an action taken against a target with the intention of doing harm.
Vulnerability: a weakness that makes targets susceptible to an attack.

Attacks
• There are two basic types of attack:
– Passive
– Active

• With a passive attack, information is accessed but not modified.

– An administrator reading mail messages being sent across the Internet.
– A hacker gaining access to information contained in bank accounts.
• With an active attack, information or the system is modified.

– An administrator modifying mail messages.

– A hacker withdrawing money from a bank account.

What is a secure system?

• Every system is susceptible to attack.
• Security is about ensuring that attacks will not be successful.
• A security mechanism prevents an attack from being successful.
– A password can prevent unauthorized access to a computer.
– A hand-written signature can prevent someone denying that they entered into a contract.
– Watermarking in bank notes can prevent forgery.
• A security mechanism detects, prevents, or recovers from a attack.
• A secure system is one in which known threats have been considered and suitable security mechanisms
have been incorporated to prevent successful attacks.

Trust

© 2001-2010 David Gray

CA413: Introduction 4

• In any secure system, certain components need to be trusted.

• A trusted component is assumed to behave correctly, i.e., we do not need security mechanisms to
prevent it misbehaving.

– It is common to trust operators of secure systems.

– It is common to trust software within secure systems.
– Of course, such trust is based on operators being vetted and software having been assured.
• In general, the number of trusted components in a system should be as small as possible.

• It is common to have components that have limited trust

– For example, they may be trusted within a limited part of a system.
– In addition, their actions may be audited.
• It is also common to divide trust between a number of components.

– Certain actions may require a number of individuals to agree.

– For example, cheques may require two signatures.

Security Policies
• To build a secure system we need to:
– Assess threats.
. What threats exist?
. What is the cost if there is a successful attack?
– Identify trusted components.
– Determine appropriate security mechanisms to counter threats.
. What mechanisms will work and what will they cost?
. How will these various mechanisms work together?
– Define procedures to ensure the correction operation of the system.
– Define review and audit mechanisms.
...

• All this requires a Security Policy.

• A system is only secure relative to the security policy that it enforces.

Security Objectives
• Confidentiality (Privacy)
– Keeping information secret from those not entitled to see it.
• Identification & Authentication
– Identification & Authentication go hand-in-hand
. There is no point authenticating an unknown entity.
. There is no use identifying an entity if you cannot authenticate them.
– Entity Authentication
. Ensuring that the purported identity of an entity is correct.
– Message Authentication (Origin Authentication)

© 2001-2010 David Gray

CA413: Introduction 5

. Ensuring that the purported source of information is correct.

• Authorization (Access Control)

– Granting permissions to an entity.
– Authorization requires identification & authentication.
– For example, consider a user logging onto a computer.
. Their identity is given by their account name.
. Their password is used for authentication.
. Once they have logged on, they will be authorized to use certain resources.
• Integrity
– Ensuring that information has not been altered.
– An attacker may deliberately attempt to modify information.
– Information might simply become corrupted due to (for example) transmission errors.
• Non-repudiation
– Ensuring that an entity cannot deny a previous action.
– For example, ensuring that someone who sends a mail message cannot later deny sending the
message.
• Prevention of ”denial of service”
– Ensuring that a legitimate user cannot be denied access to a service.
– For example, ensuring that Java software loaded across the Internet does not consume all the
resources within a computer.
• ...
• Depending on the particular system, these security objectives can be met by using a combination of
cryptographic & non-cryptographic security mechanisms.

Types of Security
• Physical Security
– Most security is based on ensuring that the physical access to resources is restricted.
– Large amounts of money are normally stored in safes.
– Shared computer and network equipment is normally locked in secure rooms.
• Secrecy
– By keeping the existence or details of a system secret, then it may be more secure.
• Personnel Security
– Personnel who build and operate secure systems need to be trusted.
– Many organizations (in particular, national security organizations) vet their staff to ensure that
they can be trusted.
– The most serious (and costly) attacks on systems are normally insider attacks by trusted personnel.
• IT Security
– Non-cryptographic mechanisms used in computers, networks, etc..
. Passwords, PINs, ...

© 2001-2010 David Gray

CA413: Introduction 6

. Access controls, e.g., file access controls used in operating systems such as UNIX.
. Secure network addresses, e.g., X.25 addresses, telephone numbers,
. ...

• Cryptographic Security
– Mechanisms based on the use of cryptography.
– Stronger than simple IT security mechanisms.

Is perfect security possible?

1. The security of a system is a negative attribute.
• A system is secure if there is no way of mounting a successful attack.
• It is impossible (except for the most trivial of systems) to foresee every possible attack.
• Therefore, in general, it is impossible to demonstrate absolute security.
2. Security mechanisms have limited applicability.
• A security mechanism will only prevent a limited number of possible attacks.
• In general, a security mechanism must be used properly or it will fail.
– The classical example is the use of passwords.
– Passwords are useless if they are written down or if they are selected from a limited set of
words.
• Therefore, we typically need to incorporate a number of different mechanisms to address different
threats.
– The interaction between different mechanisms can be difficult to understand and may intro-
duce weaknesses.
3. Security mechanisms have associated costs.
• There are numerous extra costs:
– Extra hardware and software.
– Extra personnel and more complex operating procedures.
– Restrictions of peoples’ civil rights.
– ...
• There are different measures of cost.
– In the commercial world (to some extent) we can use the financial cost.
– In a military or national security context, it is impossible to measure cost solely in terms of
money.
• To prevent attacks being mounted, we must ensure that the cost of an attack is greater than the
gain to be made from a successful attack.
• However, there is no point using security mechanisms that cost more than the outcome of a
successful attack.
– For example, credit cards are relatively insecure. Presumably, banks have compared actual
losses against the cost of preventing such losses, and have decided (at present) that this level
of loss is acceptable.
– Money can be forged, but the cost of preventing all forgeries is prohibitive and not worthwhile.
4. In many circumstances, security requirements evolve.
• Security is not a static attribute of a system and typically, security must be ”tightened” as attacks
occur or threats increase.

© 2001-2010 David Gray

CA413: Introduction 7

– The classic example is military security were adversaries continually try to develop better
ways of attacking each others systems.
– The security of credit cards is continually being improved as threats increase.
5. Prevention verses Detection.
• The ideal is to prevent attacks becoming successful.
• However, if the technology to prevent a successful attack does not exist or is too costly, then we
should at least try to detect successful attacks.
• Detecting passive attacks tends to be more difficult than detecting active attacks.

• Therefore, except for the most trivial of systems, there is no perfectly secure system.

What is a security protocol?

• Let us assume that we are operating some system in an environment consisting of a collection of entities
or players.
• Some of these entities will be good guys trying to achieve one or more security objectives as part of the
system.
• Others will be bad guys trying to attack the system and overcome the security objectives.
• A security protocol is a description of how the good guys should interact with each other to achieve
the stated security objectives.
• A security protocol should be able to achieve the security objectives no matter what attacks are
mounted by the bad guys.

Security and Networks

• A network is like any other system, except that it is distributed.
– This makes physical security more difficult, if not impossible.
– With centralized/stand-alone systems, physical security affords considerable protection.
– With distributed systems, achieving physical security tends to be very expensive and only justified
for national security applications.
• In addition to being physically distributed, ownership may also be distributed.
– If a system is owned and managed by more than one organization then it is difficult to have a
common security policy and common levels of trust.
• The Internet is the prime example of the problems associated with network security.
– It is physically distributed across the world.
– It is owned and operated by many different organizations.
– Agreement between these organizations is the minimum required for interoperability.
– There is no common agreement on internal Internet security.
– Even if there were an agreement, it is unlikely that organizations & countries would trust each
other.
• How can security be realized in such a chaotic environment?
– The answer is to use security protocols based on cryptography.
– By using cryptography, it is possible to implement mechanisms that can counter the threats
inherent in a network (Internet).

© 2001-2010 David Gray

CA413: Introduction 8

– Information being sent across the Internet can be encrypted.

– Information can be digitally signed.
– ···

• Is cryptography sufficient?
– No. Cryptography is necessary, but it is not sufficient.
– We still need to use other forms of security.
. We still need to make sure that networking equipment is physically secure.
. We still need to trust network operators (but to a much lesser extent).
. We still need to trust software.
. In particular, we need to trust cryptographic products.
. We need to protect cryptographic keys.
. ...

© 2001-2010 David Gray