Network Protocols Network Systems Security Mort Anvari Network Protocols  Abstractions of communication between two processes over a network     Define message formats Define legitimate sequence of messages Take care of physical details of different network hardware and machines Separate tasks in complex communication networks  For example, FTP and ARP 8/26/2004 Protocol Layering    Many problems need to be solved in a communication network These problems can be divided into smaller sets and different protocols are designed for each set of problem Protocols can be organized into layers to keep them easy to manage 8/26/2004 Properties of Protocol Layer  Functions of each layer are independent of functions of other layers   Thus each layer is like a module and can be developed independently Each layer builds on services provided by lower layers  Thus no need to worry about details of lower layers transparent to this layer 8/26/2004 Protocol Stack: OSI Model Application Presentation Session Transport Network Data link Physical 8/26/2004 Communicating End Hosts Host Host Application Application Presentation Presentation Session Session Transport Network Route r Network Data link Data link Data link Physical Physical Physical Transport 8/26/2004 Network Verification of Network Protocols    Many complex protocols performs multiple functions with multiple messages It is desirable to verify that a protocol can correctly perform functions that it was designed for Particularly important for security protocols 8/26/2004 Traditional Ways of Network Protocol Specification  Plain English  Time charts  Programming languages 8/26/2004 Shortcomings of Plain English  Ambiguity   Different words can have similar meanings process p sends message m to process q process p transmits message m to process q process p forwards message m to process q process p delivers message m to process q Same word can have different meanings process p sends message m to process q process p sends file f to process q 8/26/2004 Shortcoming of Time Chart  Not scalable   Many legitimate sequences of messages Cannot list all possible legitimate sequences when the number of sequences grows exponentially 8/26/2004 10 Shortcoming of Using Programming Language   Hard to prove correctness of protocol specification For example, protocol specified in C language may involve overlap, and may involve transmission delay 8/26/2004 11 Formal Ways of Network Protocol Specification  BAN logic  Abstract Protocol Notation 8/26/2004 12 BAN Logic   Invented by Burrows, Abadi, and Needham Use logical constructs and postulates to analyze authentication protocols and uncover various protocol weaknesses 8/26/2004 13 Logical Constructs         Assume P and Q are network agents, X is a message, and K is an encryption key P believes X: P acts as if X is true, and may assert X in other messages P has jurisdiction over X: P's beliefs about X should be trusted P said X: At one time, P transmitted (and believed) message X, although P might no longer believe X P sees X: P receives message X, and can read and repeat X {X}K: X is encrypted with key K fresh(X): X was sent recently key(K, PQ): P and Q may communicate with shared key K 8/26/2004 14 Examples of Postulates     If P believes key(K, PQ), and P sees {X}K, then P believes (Q said X) If P believes (Q said X) and P believes fresh(X), then P believes (Q believes X) If P believes (Q has jurisdiction over X) and P believes (Q believes X), then P believes X If P believes that Q said , the concatenation of X and Y, then P also believes that Q said X, and P also believes that Q said Y 8/26/2004 15 Shortcomings of BAN Logic    High level of abstraction Need for a protocol idealization step, in which user is required to transform each message in a protocol into formulas Can only verify a round everytime 8/26/2004 16 Abstract Protocol Notation    Presented by Mohamed Gouda in the book Elements of Network Protocol Design Formal and scalable Proof of correctness of protocol specification can be easily done using state transition diagram 8/26/2004 17 Communication Model  A network of processes and two unbounded FIFO channels between every two processes process p … 8/26/2004 Set of messages - process q … 18 Process Specification  Each process in a protocol is specified as follows process px inp : … : var … : begin [] … [] end 8/26/2004 : 19 Action Execution   Specified as -> Satisfy three conditions    Atomic: actions in the whole protocol are executed one at a time; one action cannot start while another action execution is in progress Non-deterministic: an action is executed only when its guard is true Fair: if guard of an action is continuously true, then the action is eventually executed 8/26/2004 20 State Transition Diagram    Define semantic of a protocol State is defined by a value for each variable in protocol and by a message set for each channel in protocol Transition is movement from current state to next state triggered by an action execution 8/26/2004 21 Adversary Model  Adversary can change contents of protocol channels by executing the following actions a finite number of times     Message loss: lose an original message Message modification: modify the field of an original message to cause a modified message Message replay: replace an original message by another original message to cause a replayed message Message insertion: add to a channel a finite number of arbitrary messages 8/26/2004 22 Prove Correctness of Secure Protocol   Execution of adversary actions may lead the protocol to a bad state Protocol is said to be correct if it converges to its good cycle in a finite number of steps after adversary finishes executing its actions 8/26/2004 23 Next Class   Network security tools to counter the effects of adversary actions Cryptography backgrounds of network security tools 8/26/2004 24 ... Presentation Session Session Transport Network Route r Network Data link Data link Data link Physical Physical Physical Transport 8/26/2004 Network Verification of Network Protocols    Many complex... executing its actions 8/26/2004 23 Next Class   Network security tools to counter the effects of adversary actions Cryptography backgrounds of network security tools 8/26/2004 24 ... State is defined by a value for each variable in protocol and by a message set for each channel in protocol Transition is movement from current state to next state triggered by an action execution