Introduction to Information Security - Security Protocols

Questions and Answers

What is a primary challenge mentioned in the design of secure communication protocols?

Difficulty in integrating basic primitives (correct)

Over-reliance on encryption methods

Complexity in network configurations

Insufficient data transmission speed

Which of the following is NOT a basic cryptographic primitive?

Diffie-Hellman

Public key infrastructure (correct)

Block/stream cipher

Hash functions

What is the purpose of key exchange in network security?

To encrypt data packets for transmission

To establish a trusted communication channel (correct)

To monitor network performance

To synchronize clocks between systems

What does the term 'nonce' refer to in secure communication protocols?

A single-use number

What should always be assumed when deploying a secure communication protocol?

An attacker is present on the network.

Which of the following is a higher-level security property derived from basic cryptographic primitives?

Entity authentication

What issue can arise from the interaction between basic cryptographic primitives?

Design errors that compromise security

What is a recommended timing mechanism to prevent replay attacks in secure communication protocols?

Timestamps and nonces

What is the purpose of specifying how long a key is valid for?

To define the duration of secret keeping between parties

Why is it important to explicitly mention the principal's name in a message?

To avoid any potential impersonation issues

What does 'Forward Secrecy' refer to in the context of key negotiation?

Keys that are not tied to any particular session

Which of the following is a potential issue with the key exchange protocol presented?

The principal's identity is not adequately confirmed

What challenge exists after receiving Message 3 in the Denning-Sacco protocol?

One party can impersonate the other

What type of attack involves a malicious user attempting to guess a password by trying many combinations?

Dictionary attack

Which principle emphasizes that every message should clearly express its intended meaning?

Principle 1

What does the notation {X}K represent in cryptographic protocols?

Message X encrypted with key K

Which of the following actions can a malicious user, referred to as M, perform?

Initiate multiple parallel protocol sessions

What is the role of the authentication server denoted by S in the context of cryptographic protocols?

To authenticate principals A and B

Which type of attack is characterized by a malicious user replaying previously sent messages?

Replay attack

What does the term 'nonce' refer to in cryptographic protocols?

A random number used only once

Which of these statements correctly describes the relationship between symmetric keys K and its inverse K-1?

K equals K-1 in symmetric encryption

What is the main issue with Message 3 in the Denning-Sacco protocol?

B can impersonate A after receiving it.

How does including the principals' names in the signed message improve security in the protocol?

It prevents B from impersonating A.

In the improved design, what does Message 3 consist of?

C A , C B , {A, B, K ab, T a} K a -1

What consequence arises if B impersonates A after receiving Message 3?

C will believe they are communicating with A.

What validation step does C perform for Message 3’?

Checking if B is one of the principals.

What does the term Ta refer to in the context of the protocol?

The timestamp attached to the message.

What is the role of the server S in the Denning-Sacco protocol?

To facilitate the key exchange between A and B.

Which message does B send to the server in the second run of the protocol?

B → S : B, C

What is the primary purpose of the initial message sent from A to S?

To initiate the key exchange process

What do CA and CB represent in Message 2?

The certificates associated with entities A and B

In Message 3, what is encrypted under A's private key Ka-1?

The session key Kab and timestamp Ta

What is a significant vulnerability identified in Message 3?

B can impersonate entity A after receiving the message

What does Message 1' from B to S include?

The identities of B and C

In Message 3', what is the significance of encrypting under C's public key Kc?

It ensures only C can read the message.

What is the role of the certificates CA and CB in the context of secure communication?

To verify the identities and authenticity of A and B

What solution is proposed to address the vulnerability in the protocol?

Explicitly including the names of the involved principals in messages

Study Notes

Course Information

• Course Title: Introduction to Information Security
• Unit: Network Security
• Lecture: 14 - Security Protocols

Agenda

• Outline of cryptographic protocol engineering principles
  • Naming
  • Encryption
  • Timeliness
• Objectives
  • Understand the challenges of secure communication protocol design
  • Review the Prudent Engineering Practice for Cryptographic Protocols

Security Protocols

• Cryptography is a powerful tool, but susceptible to design flaws
• Combining basic cryptographic primitives (e.g., cryptography, network communication) can introduce complexities
• Individual primitives may function as expected, but interactions can lead to problems

Building Blocks

• Basic cryptographic primitives
  • Block/stream ciphers
  • Symmetric/asymmetric keys
  • Diffie-Hellman
  • Hash functions, MAC
• Higher-level security properties are derived from these primitives
  • Entity Authentication (proving identity)

Key Exchange

• Establishing a trusted session between entities (principals)
• Used to establish a secure communication channel ensuring secrecy and authenticity
• Trusted entities are crucial

Timeliness Proofs

• Nonces and timestamps are vital for timeliness
• Nonce (e.g., counter, random number) is used only once
• Timestamps can be nonces, but nonces don't have to be timestamps

Assumptions and Attacker Capabilities

• Attackers are assumed to be on the network
• Attacker capabilities
  • Eavesdropping on communication sessions
  • Replay of messages
  • Injecting fabricated messages
  • Manipulating principal messages
  • Initiating multiple concurrent sessions
  • Performing dictionary attacks on passwords
  • Performing attacks on non-random nonce values

Notation

• Principals: A, B, etc. (Mallory: malicious user)
• Authentication server: S
• Timestamps: T (selected by A or B)
• Nonce: N (selected by A)
• Keys: K and its inverse K⁻¹
  • For symmetric keys, K = K⁻¹
  • Shared key (Kab) known to both A and B
  • Public key (Ka) and private Key (Ka⁻¹)
  • Certificate (CB) containing public key (Kb)

Principles

• Principle 1: Every message should explicitly state its meaning and content; a clear interpretation.
• Principle 2: Specify the conditions for message processing to ensure design acceptability; clarify factors like secrecy duration and key re-negotiation.
• Principle 3: The identity of principals in a message must be explicit to prevent impersonation.
  • Example: Denning-Sacco protocol (1982) and key exchange methods

Protocol Examples

• Initial protocol runs (Message 1: A → S: A, B; Message 2: S → A: CA, CB; Message 3: A → B: CA, CB, ….) and implications.
• Second run (Message 1' B → S: B, C;…) and implications.

Solutions

• Incorporating principal names in messages.
• Explicitly naming recipients in the encrypted message to strengthen security and prevent impersonation

Description

Dive into the essentials of cryptographic protocols in this quiz on network security. Understand the challenges in designing secure communication methods and the importance of cryptographic primitives. Test your knowledge on key concepts such as encryption, key exchange, and entity authentication.