ebook img

Attacking Real-World Security Protocols using Legacy Crypto Formal Methods for Analyzing Crypto PDF

103 Pages·2017·16.96 MB·English
by  
Save to my drive
Quick download
Download
Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.

Preview Attacking Real-World Security Protocols using Legacy Crypto Formal Methods for Analyzing Crypto

Attacking Formal Methods for Real-World Security Protocols Analyzing Crypto Protocols: using Legacy Crypto from attacks to proofs [part I] Karthikeyan Bhargavan + many, many others. (INRIA, Microsoft Research, LORIA, IMDEA, Univ of Pennsylvania, Univ of Michigan, JHU) Internet protocols (TLS, SSH, IPsec) seemingly implement textbook cryptographic protocols … yet, not exactly the same protocols • Modeling gaps between paper proofs and real protocol • Implementation gaps between protocol and deployment These gaps lead to many attacks, new questions Example: HTTPS for Web Security Secure connection to bank’s website Nobody other than the bank can read what I type (confidentiality) xxxxxxx My secret login Information Nobody other than me can access my account page (authentication) Goal: Prevent unauthorized access to data even if an unknown attacker controls Secure Channel? the network and some other bank clients. compose a standard AKE with a standard AEAD 3 • 3Shake Insecure resumption [Apr’14] • POODLE SSLv3 MAC-Encode-Encrypt [Dec’14] • SMACK State machine attacks [Jan’15] • FREAK Export-grade 512-bit RSA [Mar’15] • LOGJAM Export-grade 512-bit DH [May’15] • SLOTH RSA-MD5 signatures [Jan’16] • DROWN SSLv2 RSA-PKCS#1v1.5 [Mar’16] • 3Shake Insecure resumption [Apr’14] • SMACK State machine attacks [Jan’15] High-profile attacks, with Logos! • FREAK Export-grade 512-bit RSA [Mar’15] What’s going on? • LOGJAM Export-grade 512-bit DH [May’15] How do we prevent this in the future? • SLOTH RSA-MD5 signatures [Jan’16] Part I: Attacks on Authenticated Key Exchange in TLS Part 2: Finding Protocol Flaws with Symbolic Analysis Part 3: Mechanizing Cryptographic Protocol Proofs Part 4: Towards High-Assurance Crypto Software Part I: Attacks on Authenticated Key Exchange in TLS • TLS 1.2. IETF RFC 5246. • Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice. ACM CCS 2015. • Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH. ISOC NDSS 2016. 2018? TLS1.3 OpenSSL, SecureTransport, NSS, SChannel, GnuTLS, JSSE, PolarSSL, … many bugs, attacks, patches every year mostly for simplified models of TLS Client Server

Description:
Part 3: Mechanizing Cryptographic Protocol Proofs Cryptographic Weaknesses in Legacy Constructions .. Affects all versions of Java until.
See more

The list of books you might like

Most books are stored in the elastic cloud where traffic is expensive. For this reason, we have a limit on daily download.