Examination of Industrial Protocols Cuellar, Tschofenig Siemens

0
0
1722 days ago, 574 views
PowerPoint PPT Presentation
Seoul, March, 2004. Connection: Standardization Committees for Internet Protocols. W3C. IETF. 3GPP. . . . . . 802.11. . . . IP. . . TCP. UDP. html. xml. HTTP. . . . . OMA. They are all benefiting a vocation, yet ..... IEEE. . . Seoul, March, 2004. They need assistance. Notwithstanding utilizing flawless cryptographic algorithmsthey may be utilized as a part of shaky ways...Errors in security are exceptionally costly:Updates are costing hundreds

Presentation Transcript

Slide 1

Investigation of Industrial Protocols Cuellar, Tschofenig Siemens

Slide 2

GSM Context: Standardization Committees for Internet Protocols W3C OMA html xml IETF HTTP TCP UDP IP 3GPP IEEE 802.11 They are all making a decent showing with regards to, yet ....

Slide 3

They require help Even utilizing immaculate cryptographic calculations they might be utilized as a part of uncertain ways... Blunders in security are expensive: Updates are costing many millions, e.g. WLAN/WEP Other conventions are postponed by years, e.g. Versatile IP, Geopriv Eroding trust in Internet Security and web based business Security convention configuration is exceptionally troublesome, needs plenitude of alert, experienced cryptographers and security convention planners and quick, adaptable, and usable convention investigation apparatuses! This is the place AVISPA is having the effect

Slide 4

Project Objectives Develop a rich detail dialect for formalizing mechanical quality security conventions and their properties. Propel cutting edge investigation systems to scale up to this many-sided quality. Build up the AVISPA instrument in view of these systems. Tune and evaluate the AVISPA apparatus on a vast accumulation of for all intents and purposes important, modern conventions . Relocate this innovation to engineers and institutionalization associations.

Slide 5

Coverage of the AVISPA Protocol Candidates The IETF, IEEE, 3GPP, OMA and so forth require instruments that cover an extensive variety of conventions and security properties: 11 distinct zones (in 33 bunches) 5 layers 20+ security objectives (as comprehended at IETF, 3GPP, OMA, and so on)

Slide 6

Areas Infrastructure (DHCP, DNS, BGP, stime) Network Access (WLAN, Pana) Mobility (Mobile IP, HIP, Seamoby) VoIP, informing, nearness (SIP, ITU-T H530, impp, basic) Internet Security (IKE, IKEv2, UMTS-AKA, TLS, Kerberos, EAP & EAP Methoden, OTP, Sacred, ssh, telnet,...) Privacy (nom de plume conventions) AAA, Identity Management, Single Sign On (Liberty Alliance) Security for QoS and NAT/FW flagging, and so forth. (NSIS) Broadcast/Multicast Authentication (TESLA) E-Commerce (Payment) Perhaps: Secure Download, Content assurance (DRM)

Slide 7

SET Kerberos TLS IPsec-IKE WLAN-Wep Layers Application impp Middleware SIP/http SIP/http tcp/udp tcp/udp Transport Layer ip Network Layer Ethernet Data Link Layer Physical Layer Host Access Point, Gateway or Host

Slide 8

Security Goals Authentication + Secrecy (unicast + multicast) Peer Entity , Data Origin, Implicit Destination Authn, Replay Protection Key Agreement Properties Key validation (understood key verification) Key affirmation (Key Proof of Possession) Fresh Key Derivation (key freshness) "Namelessness" (otherwise known as detached client personality classification) Identity Protection against Eavesdroppers Non-denial Proof of Origin Proof of Delivery All of them diminish to traditional confirmation + mystery properties

Slide 9

Security Goals Authentication + Secrecy (unicast + multicast) Authorisation (by a Trusted Third Party) Key Agreement Properties Perfect Forward Secrecy (PFS) Secure capacities transaction (Resistance against Downgrading and Negotiation Attacks) "Obscurity" Identity Protection against Peer Non-revocation Proof of Origin Proof of Delivery "Responsibility" Limited DoS Resistance Sender Invariance Safety Temporal Property at times they decrease to established verification + mystery properties, yet different properties may likewise be fundamental.

Slide 10

Security Goals Authentication + Secrecy (unicast + multicast) Authorisation (by a Trusted Third Party) Key Agreement Properties Perfect Forward Secrecy (PFS) Secure capacities transaction (Resistance against Downgrading and Negotiation Attacks) "Obscurity" Identity Protection against Peer Non-renouncement Proof of Origin Proof of Delivery "Responsibility" Limited DoS Resistance Sender Invariance Safety Temporal Property Session Formation Consistent View (synchronization) Key naming

Slide 11

Coverage of built up IETF Security Specifications AVISPA covers 86% (24 of the 28) of the Security Protocols recorded in RFC 2316,RFC 3631, Auth-mech (in addition to extremely current ones) Total of more than 90 conventions

Slide 12

New Problems offer new Challenges Internet offers specialist numerous characters client, ip, macintosh, tcp port, ... What is "An", "ID_A"? Area of enemies over the air "more secure" courses Many sorts of DoS assaults flodding, besieging, starving, upsetting New sorts of security objectives DoS key control, idealize forward mystery, ... layered properties if assailant <weak> then certification <DoS resilience+confidentiality+integrity+… > if aggressor <strong> then assurance <at minimum confidentiality+integrity>

Slide 13

Conclusions The institutionalization associations require us: Avoid delays in the institutionalization procedure Avoid mistakes in conveyed measures Help to reestablish the trust on online business, protection Automatic devices are required Fast assessment of options Our competitors cover: every one of the 5 IP layers most (11) IP Areas all security objectives 86% of the " prescribed " IETF security Protocols additional data on http://www.tschofenig.com/avispa/despite everything we have many difficulties in front of us!

SPONSORS