security properties straw polls n.
Skip this Video
Loading SlideShow in 5 Seconds..
Security Properties Straw Polls PowerPoint Presentation
Download Presentation
Security Properties Straw Polls

Loading in 2 Seconds...

  share
play fullscreen
1 / 20
Download Presentation

Security Properties Straw Polls - PowerPoint PPT Presentation

honey
136 Views
Download Presentation

Security Properties Straw Polls

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Security Properties Straw Polls Authors: Date: 2011-11-10 Dan Harkins, Aruba Networks

  2. Abstract This presentation describes some security properties and offers some straw polls on them. Many thanks to Rene Struik for document 11-11/1408r3 which this submission borrows from heavily. Dan Harkins, Aruba Networks

  3. We’re getting ahead of ourselves… • Proposals are being made for FILS authentication and security • We have not decided what properties we want from a FILS authentication and security protocol though! • Alice proposes protocol with property FOO • Bob proposes protocol that does not have FOO • Bob and his proponents now discount the desirability of FOO because his protocol doesn’t have it • Alice and her proponents now state the importance of FOO because her protocol has it • This is backwards! • We should agree on properties and then evaluate proposals on how they meet those properties Dan Harkins, Aruba Networks

  4. A Modest Proposal • Discuss common security properties that typical key exchange and authentication protocols have • Have a series of straw polls to gauge what the group feels is important and what isn’t. • With respect: • Suggest that these not be makers or breakers of a proposed protocol • Also, if 75% of the people value FOO then it doesn’t mean that Bob’s protocol (that doesn’t have FOO) is undesirable. And vice versa. • Suggest using these straw poll results to evaluate proposals. • Suggest we set expectations appropriately: we might not get everything we desire. Dan Harkins, Aruba Networks

  5. What are we talking about? • We have 2 parties in a hostile environment that wish to communicate securely. These parties are not equals: • One is a gatekeeper who protects a valuable resource– the network • The other is one who would like to obtain access to that valuable resource • We need to provide some level of identity assurance– we need authentication • We need to provide a way for these 2 parties to communicate securely after the authentication step– we need key establishment • We need an authentication and key exchange protocol! Dan Harkins, Aruba Networks

  6. What are we talking about? • Authentication requires a credential– an identity and a way to prove that identity • Secret keys can be independent and unique for each session, or secret keys for many sessions can share a common secret ancestor • In addition to knowing that the other party really is who the other party claims to be, a proof of “liveness” is also needed; similarly, replaying an old message exchange should cause the protocol to fail • A successful attack is not just finding out the secret key! • The severity of a weakness does not depend on our ability to describe how it can be successfully exploited! Dan Harkins, Aruba Networks

  7. Some Basic Security Properties of Authentication and Key Exchange Protocols • Key establishment/derivation • A shared secret becomes available to two parties, or is derived by the two parties, for subsequent cryptographic use • Key transport/distribution • A shared secret is generated for two parties and provided to them for subsequent cryptographic use • Key Confirmation • Assurance that other (possibly unknown) party has possession of a particular key… a proof of possession of the secret key Dan Harkins, Aruba Networks

  8. Some More Esoteric Properties of Authentication and Key Exchange Protocols • Unknown key share resilience • Upon conclusion of the protocol, Alice is assured that she shares a key with Bob (and not Carl), and vice versa • Forward Secrecy • Loss of security of a long-term secret does not provide an attacker an advantage in determining past session keys • Session Key Independence • Compromise of one session key does not provide an attacker an advantage in determining another session key • Identity Protection • The identity (of Alice) cannot be ascertained by a passive observer of the exchange Dan Harkins, Aruba Networks

  9. Some More Esoteric Properties of Authentication and Key Exchange Protocols • Mutual authentication • Alice proves to Bob that she really is Alice, and Bob proves to Alice that he really is Bob • Non-mutual authentication • Alice proves to Bob that she really is Alice, but Bob doesn’t prove anything to Alice about who he really is • Deniability • Ability to deny ever participating in a particular protocol exchange • Protection against Distributed Denial of Service Attacks • Crypto-agility • Ability to swap in/out different cryptographic primitives (like hash functions or ciphers) Dan Harkins, Aruba Networks

  10. References • 11-11/1408r3, “Notes On TGai Security Properties” Dan Harkins, Aruba Networks

  11. Suggested Security Considerations • Protocols should list what properties apply to them • Key Establishment or Key Derivation • Key Confirmation • Identity Protection • Forward Secrecy • Session Key Independence • Mutual Authentication or Non-mutual Authentication • Deniability • Crypto-agility • Resistance to DDOS attacks Dan Harkins, Aruba Networks

  12. Straw Poll #1 • This is an important security property for a FILS authentication protocol to have • Key Establishment: • Key Delivery/Transport: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  13. Straw Poll #2 • Key Confirmation is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  14. Straw Poll #3 • Identity Protection is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  15. Straw Poll #4 • Forward Secrecy is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  16. Straw Poll #5 • Session key independence is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  17. Straw Poll #6 • Mutual authentication is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  18. Straw Poll #7 • Mutual authentication is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  19. Straw Poll #8 • Deniability is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks

  20. Straw Poll #9 • Resistance to DDOS attacks is an important security property for a FILS authentication protocol to have • Yes: • No: • Don’t know/Don’t care: Dan Harkins, Aruba Networks