1 / 20

Security Properties Straw Polls

Security Properties Straw Polls. Authors:. Date: 2011-11-10. Abstract. This presentation describes some security properties and offers some straw polls on them. Many thanks to Rene Struik for document 11-11/1408r3 which this submission borrows from heavily. We’re getting ahead of ourselves….

honey
Télécharger la présentation

Security Properties Straw Polls

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Properties Straw Polls Authors: Date: 2011-11-10 Dan Harkins, Aruba Networks

  2. Abstract This presentation describes some security properties and offers some straw polls on them. Many thanks to Rene Struik for document 11-11/1408r3 which this submission borrows from heavily. Dan Harkins, Aruba Networks

  3. We’re getting ahead of ourselves… • Proposals are being made for FILS authentication and security • We have not decided what properties we want from a FILS authentication and security protocol though! • Alice proposes protocol with property FOO • Bob proposes protocol that does not have FOO • Bob and his proponents now discount the desirability of FOO because his protocol doesn’t have it • Alice and her proponents now state the importance of FOO because her protocol has it • This is backwards! • We should agree on properties and then evaluate proposals on how they meet those properties Dan Harkins, Aruba Networks

  4. A Modest Proposal • Discuss common security properties that typical key exchange and authentication protocols have • Have a series of straw polls to gauge what the group feels is important and what isn’t. • With respect: • Suggest that these not be makers or breakers of a proposed protocol • Also, if 75% of the people value FOO then it doesn’t mean that Bob’s protocol (that doesn’t have FOO) is undesirable. And vice versa. • Suggest using these straw poll results to evaluate proposals. • Suggest we set expectations appropriately: we might not get everything we desire. Dan Harkins, Aruba Networks

  5. What are we talking about? • We have 2 parties in a hostile environment that wish to communicate securely. These parties are not equals: • One is a gatekeeper who protects a valuable resource– the network • The other is one who would like to obtain access to that valuable resource • We need to provide some level of identity assurance– we need authentication • We need to provide a way for these 2 parties to communicate securely after the authentication step– we need key establishment • We need an authentication and key exchange protocol! Dan Harkins, Aruba Networks

  6. What are we talking about? • Authentication requires a credential– an identity and a way to prove that identity • Secret keys can be independent and unique for each session, or secret keys for many sessions can share a common secret ancestor • In addition to knowing that the other party really is who the other party claims to be, a proof of “liveness” is also needed; similarly, replaying an old message exchange should cause the protocol to fail • A successful attack is not just finding out the secret key! • The severity of a weakness does not depend on our ability to describe how it can be successfully exploited! Dan Harkins, Aruba Networks

  7. Some Basic Security Properties of Authentication and Key Exchange Protocols • Key establishment/derivation • A shared secret becomes available to two parties, or is derived by the two parties, for subsequent cryptographic use • Key transport/distribution • A shared secret is generated for two parties and provided to them for subsequent cryptographic use • Key Confirmation • Assurance that other (possibly unknown) party has possession of a particular key… a proof of possession of the secret key Dan Harkins, Aruba Networks

  8. Some More Esoteric Properties of Authentication and Key Exchange Protocols • Unknown key share resilience • Upon conclusion of the protocol, Alice is assured that she shares a key with Bob (and not Carl), and vice versa • Forward Secrecy • Loss of security of a long-term secret does not provide an attacker an advantage in determining past session keys • Session Key Independence • Compromise of one session key does not provide an attacker an advantage in determining another session key • Identity Protection • The identity (of Alice) cannot be ascertained by a passive observer of the exchange Dan Harkins, Aruba Networks

  9. Some More Esoteric Properties of Authentication and Key Exchange Protocols • Mutual authentication • Alice proves to Bob that she really is Alice, and Bob proves to Alice that he really is Bob • Non-mutual authentication • Alice proves to Bob that she really is Alice, but Bob doesn’t prove anything to Alice about who he really is • Deniability • Ability to deny ever participating in a particular protocol exchange • Protection against Distributed Denial of Service Attacks • Crypto-agility • Ability to swap in/out different cryptographic primitives (like hash functions or ciphers) Dan Harkins, Aruba Networks

  10. References • 11-11/1408r3, “Notes On TGai Security Properties” Dan Harkins, Aruba Networks

  11. Suggested Security Considerations • Protocols should list what properties apply to them • Key Establishment or Key Derivation • Key Confirmation • Identity Protection • Forward Secrecy • Session Key Independence • Mutual Authentication or Non-mutual Authentication • Deniability • Crypto-agility • Resistance to DDOS attacks Dan Harkins, Aruba Networks

  12. Straw Poll #1 • This is an important security property for a FILS authentication protocol to have • Key Establishment: • Key Delivery/Transport: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  13. Straw Poll #2 • Key Confirmation is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  14. Straw Poll #3 • Identity Protection is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  15. Straw Poll #4 • Forward Secrecy is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  16. Straw Poll #5 • Session key independence is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  17. Straw Poll #6 • Mutual authentication is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  18. Straw Poll #7 • Mutual authentication is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  19. Straw Poll #8 • Deniability is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  20. Straw Poll #9 • Resistance to DDOS attacks is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

More Related