Introduction to Information Security - Security Protocols

Questions and Answers

What is a primary challenge mentioned in the design of secure communication protocols?

• Difficulty in integrating basic primitives (correct)
• Over-reliance on encryption methods
• Complexity in network configurations
• Insufficient data transmission speed

Which of the following is NOT a basic cryptographic primitive?

• Diffie-Hellman
• Public key infrastructure (correct)
• Block/stream cipher
• Hash functions

What is the purpose of key exchange in network security?

• To encrypt data packets for transmission
• To establish a trusted communication channel (correct)
• To monitor network performance
• To synchronize clocks between systems

What does the term 'nonce' refer to in secure communication protocols?

A single-use number (B)

What should always be assumed when deploying a secure communication protocol?

An attacker is present on the network. (C)

Which of the following is a higher-level security property derived from basic cryptographic primitives?

Entity authentication (B)

What issue can arise from the interaction between basic cryptographic primitives?

Design errors that compromise security (D)

What is a recommended timing mechanism to prevent replay attacks in secure communication protocols?

Timestamps and nonces (C)

What is the purpose of specifying how long a key is valid for?

To define the duration of secret keeping between parties (C)

Why is it important to explicitly mention the principal's name in a message?

To avoid any potential impersonation issues (D)

What does 'Forward Secrecy' refer to in the context of key negotiation?

Keys that are not tied to any particular session (C)

Which of the following is a potential issue with the key exchange protocol presented?

The principal's identity is not adequately confirmed (C)

What challenge exists after receiving Message 3 in the Denning-Sacco protocol?

One party can impersonate the other (D)

What type of attack involves a malicious user attempting to guess a password by trying many combinations?

Dictionary attack (B)

Which principle emphasizes that every message should clearly express its intended meaning?

Principle 1 (B)

What does the notation {X}K represent in cryptographic protocols?

Message X encrypted with key K (D)

Which of the following actions can a malicious user, referred to as M, perform?

Initiate multiple parallel protocol sessions (C)

What is the role of the authentication server denoted by S in the context of cryptographic protocols?

To authenticate principals A and B (A)

Which type of attack is characterized by a malicious user replaying previously sent messages?

Replay attack (A)

What does the term 'nonce' refer to in cryptographic protocols?

A random number used only once (A)

Which of these statements correctly describes the relationship between symmetric keys K and its inverse K-1?

K equals K-1 in symmetric encryption (A)

What is the main issue with Message 3 in the Denning-Sacco protocol?

B can impersonate A after receiving it. (C), It does not include the intended recipients' identities. (D)

How does including the principals' names in the signed message improve security in the protocol?

It prevents B from impersonating A. (B)

In the improved design, what does Message 3 consist of?

C A , C B , {A, B, K ab, T a} K a -1 (A)

What consequence arises if B impersonates A after receiving Message 3?

C will believe they are communicating with A. (A)

What validation step does C perform for Message 3’?

Checking if B is one of the principals. (A)

What does the term Ta refer to in the context of the protocol?

The timestamp attached to the message. (A)

What is the role of the server S in the Denning-Sacco protocol?

To facilitate the key exchange between A and B. (D)

Which message does B send to the server in the second run of the protocol?

B → S : B, C (C)

What is the primary purpose of the initial message sent from A to S?

To initiate the key exchange process (C)

What do CA and CB represent in Message 2?

The certificates associated with entities A and B (B)

In Message 3, what is encrypted under A's private key Ka-1?

The session key Kab and timestamp Ta (A)

What is a significant vulnerability identified in Message 3?

B can impersonate entity A after receiving the message (B)

What does Message 1' from B to S include?

The identities of B and C (C)

In Message 3', what is the significance of encrypting under C's public key Kc?

It ensures only C can read the message. (D)

What is the role of the certificates CA and CB in the context of secure communication?

To verify the identities and authenticity of A and B (B)

What solution is proposed to address the vulnerability in the protocol?

Explicitly including the names of the involved principals in messages (D)

Flashcards

Cryptographic Protocols

Rules and procedures for secure communication using cryptography.

Basic Cryptographic Primitives

Fundamental building blocks for creating cryptographic protocols (e.g., ciphers, keys, hashes).

Entity Authentication

Process of proving identity to another entity in a communication.

Key Exchange

Establishing a shared secret key between entities for secure communication.

Timeliness Proofs

Verifying messages were sent and received at the correct time.

Nonces

Unique, one-time values used to prevent replay attacks.

Timestamps

Records of when a message was sent or received.

Attacker Assumption

Designing security protocols assuming an attacker will try to break them.

Forward Secrecy

A protocol where a new encryption key is generated for each session, rather than reusing the same key. This helps protect past communications if a current key is compromised.

Key Exchange

The process of securely exchanging encryption keys, often critical for secure communications.

Kab Validity

The duration for which the encryption key 'Kab' is valid. A key's validity period is crucial to its security.

Principal Identity

When a message's meaning relies on the identity of the sender or recipient, the identity should be clearly stated.

Message Action Conditions

Rules and criteria for a message to be processed, which are essential in secure communications design.

Eavesdropping (Network Attack)

The act of secretly listening to or monitoring communications between two or more parties without their knowledge or consent.

Replay Attack (Network Attack)

An attack that involves capturing previously sent messages and retransmitting them later to create a fraudulent activity.

Injection of Fabricated Messages (Network Attack)

Intentionally introducing false or misleading data or instructions into a system to trick or damage it.

Message Modification (Network Attack)

Altering network messages' contents to deceive or manipulate the intended recipient.

Multiple Parallel Sessions (Network Attack)

Establishing simultaneous communication channels to overwhelm or disrupt a system.

Dictionary Attack (Password Attack)

Trying out common or predictable words or phrases to guess a password.

Exhaustive Nonce Attack (Password Attack)

Trying out all possible nonces (random numbers) to bypass a system's security.

Principle 1 (Cryptographic Protocol)

Messages' meaning should be clearly defined and directly reflected in the content itself.

Denning-Sacco Protocol

A key exchange protocol using asymmetric cryptography to establish secure communication between two parties.

Message 1

Initial message in the protocol, where A (sender) and B (intended recipient) are communicated to S (server).

Message 2

Server's response to Message 1, containing certificates (CA, CB) for A and B respectively.

Message 3 (Initial)

A sends key and time information to B, encrypted by A's private key.

Impersonation Vulnerability

A major flaw in the initial protocol design, allowing party B to impersonate A.

Solution (Improved Design)

To prevent impersonation, the principals' names (A,B), key (Kab), and validity timer (Ta) are included in the signed message.

Message 3 (Improved)

Message sent after the initial protocol run to ensure that the message is intended for the stated parties.

Impersonation Rejection

Receiver rejecting messages not between intended parties.

Message 1 (A→S)

Entity A sends a message to authentication server S, including identities of A and B.

Message 2 (S→A)

Authentication server S responds to A with certificates CA, CB.

Message 3 (A→B)

A sends a message to B, including certificates and encrypted key (Kab).

Certificates (CA, CB)

Documents verifying the identities of A and B.

Encrypted Session Key (Kab)

Shared secret key for secure communication, encrypted.

Key Exchange Vulnerability

Entity B can impersonate A after receiving encrypted message.

Timestamp (Ta)

A time-stamp for secure communication.

Solution

Explicitly includes names of parties involved in signed messages.

Study Notes

Course Information

• Course Title: Introduction to Information Security
• Unit: Network Security
• Lecture: 14 - Security Protocols

Agenda

• Outline of cryptographic protocol engineering principles
  • Naming
  • Encryption
  • Timeliness
• Objectives
  • Understand the challenges of secure communication protocol design
  • Review the Prudent Engineering Practice for Cryptographic Protocols

Security Protocols

• Cryptography is a powerful tool, but susceptible to design flaws
• Combining basic cryptographic primitives (e.g., cryptography, network communication) can introduce complexities
• Individual primitives may function as expected, but interactions can lead to problems

Building Blocks

• Basic cryptographic primitives
  • Block/stream ciphers
  • Symmetric/asymmetric keys
  • Diffie-Hellman
  • Hash functions, MAC
• Higher-level security properties are derived from these primitives
  • Entity Authentication (proving identity)

Key Exchange

• Establishing a trusted session between entities (principals)
• Used to establish a secure communication channel ensuring secrecy and authenticity
• Trusted entities are crucial

Timeliness Proofs

• Nonces and timestamps are vital for timeliness
• Nonce (e.g., counter, random number) is used only once
• Timestamps can be nonces, but nonces don't have to be timestamps

Assumptions and Attacker Capabilities

• Attackers are assumed to be on the network
• Attacker capabilities
  • Eavesdropping on communication sessions
  • Replay of messages
  • Injecting fabricated messages
  • Manipulating principal messages
  • Initiating multiple concurrent sessions
  • Performing dictionary attacks on passwords
  • Performing attacks on non-random nonce values

Notation

• Principals: A, B, etc. (Mallory: malicious user)
• Authentication server: S
• Timestamps: T (selected by A or B)
• Nonce: N (selected by A)
• Keys: K and its inverse K⁻¹
  • For symmetric keys, K = K⁻¹
  • Shared key (Kab) known to both A and B
  • Public key (Ka) and private Key (Ka⁻¹)
  • Certificate (CB) containing public key (Kb)

Principles

• Principle 1: Every message should explicitly state its meaning and content; a clear interpretation.
• Principle 2: Specify the conditions for message processing to ensure design acceptability; clarify factors like secrecy duration and key re-negotiation.
• Principle 3: The identity of principals in a message must be explicit to prevent impersonation.
  • Example: Denning-Sacco protocol (1982) and key exchange methods

Protocol Examples

• Initial protocol runs (Message 1: A → S: A, B; Message 2: S → A: CA, CB; Message 3: A → B: CA, CB, ….) and implications.
• Second run (Message 1' B → S: B, C;…) and implications.

Solutions

• Incorporating principal names in messages.
• Explicitly naming recipients in the encrypted message to strengthen security and prevent impersonation

Description

Dive into the essentials of cryptographic protocols in this quiz on network security. Understand the challenges in designing secure communication methods and the importance of cryptographic primitives. Test your knowledge on key concepts such as encryption, key exchange, and entity authentication.