SlideShare ist ein Scribd-Unternehmen logo

Kerberos - BAN

Alexandra Buruciuc
Alexandra Buruciuc

Analiza protocolului Kerberos utilizand logica BAN

1 von 25
Downloaden Sie, um offline zu lesen
Logica BAN Kerkeros Analiza protocolului Kerkeros utilizând logica BAN Buruciuc Alexandra Facultatea de Informatic  Logici de încredere în securitatea informaµiei, 2011 Buruciuc Alexandra Kerberos - BAN
Logica BAN Kerkeros Cuprins 1 Logica BAN Termeni Axiome Reguli de inferenµ  Limit ri Propriet µi 2 Kerkeros Protocolul original Analiza protocolului Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Cuprins 1 Logica BAN Termeni Axiome Reguli de inferenµ  Limit ri Propriet µi 2 Kerkeros Protocolul original Analiza protocolului Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Termeni Principalii sunt agenµii implicaµi în protocol. Posibile simbloluri: P, Q, R. În Kerberos: S, A, B. Cheile simetrice - posibile simboluri: Kab , Kas . Cheile publice - posibile simboluri: (Kb , Kb 1 ). − Nonce-urile sunt p rµi din mesaje care nu sunt repetate. Posibile simboluri: Na , Nb . M ricile de timp (timestamps) reect  timpul curent al celui care le creeaz  ³i nu sunt repetate. Posibile simboluri: Ta , Tb . Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Axiome P |≡ X believes X) (P P X (P sees X ) P |∼ X (P said X ) P |⇒ X (P controls X ) #X (fresh(X )) K P ←→ Q K −→ P P XQ { X }K sau X K X Y Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 1. Reguli referitoare la interpretarea mesajelor 1.1 pentru chei partajate P K |≡ Q ←→ P , P { X }K P |≡ Q |∼ X 1.2 pentru chei publice P K |≡ −→ Q , P { X }K −1 P |≡ Q |∼ X 1.3 pentru secrete P |≡ Q Y P , P X Y P |≡ Q |∼ X Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 2. Reguli referitoare la mesaje recente 2.1 P |≡ #X , P |≡ Q |∼ X P |≡ Q |≡ X 2.2 P |≡ #X P |≡ # X , Y Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 3. Regula de jurisdicµie P |≡ Q |⇒ X , P |≡ Q |≡ X P |≡ X Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 4. Reguli de compoziµie (1) 4.1 de descompunere (a) P X, Y P X (b) P X Y P X (c) P |≡ X, Y P |≡ X Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 4. Reguli de compoziµie (2) 4.2 de decriptare (d) P K |≡ Q ←→ P , P { X }K P X (e) P K |≡ −→ P , P { X }K P X (f) P K |≡ −→ Q , P { X }K −1 P X Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 5. Reguli de proiecµie 5.1 P |≡ X , P |≡ Y P |≡ X , Y 5.2 P |≡ Q |∼ X , Y P |≡ Q |∼ X 5.3 P |≡ Q |≡ X , Y P |≡ Q |≡ X 5.4 P |≡ Q |≡ X , P |≡ Q |≡ Y P |≡ Q |≡ X , Y Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Limit ri Logica BAN presupune c  agenµii one³ti nu i³i public  secretele, presupunere bun  dar logica nu veric  acest lucru. Ar trebui vericat dac  cheile K ∈ cuno¸tin¸e(I ). / s t Presupune c  agenµii î³i pot recunoa³te propriile mesaje, ceea ce înseamn  c  pot evitate anumite atacuri în care componentele sunt interpretate gre³it, dar nici aceasta nu este vericat  concret. Toµi agenµii implicaµi în protocol sunt one³ti, deci intrusul nu este luat în calcul. În logica BAN nu ne intereseaz  dac  o cheie nu este cunoscut  de intrus (condenµialitate), ci ne intereseaz  dac  cheia este cunoscut  de agenµii one³ti (autenticare). Analizeaz  doar o sesiune particular  a protocolului ³i nu sunt luate în calcul intercal rile de sesiuni. Buruciuc Alexandra Kerberos - BAN
Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Specicarea propriet µilor Autenticarea mutual  are loc dac  formulele urm toare se obµin din aplicarea algoritmului de vericare: P |≡ P KQ ←→ Q K |≡ P ←→ Q Pentru unele protocoale putem obµine pe lâng  autenticare ³i: conrmarea cunoa³terii cheii K P |≡ Q |≡ P ←→ Q Q |≡ P |≡ P KQ ←→ Un agent crede c  are o cheie partajat  cu un altul, dar crede c  ³i cel lalt agent crede acela³i lucru. prezenµa Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Cuprins 1 Logica BAN Termeni Axiome Reguli de inferenµ  Limit ri Propriet µi 2 Kerkeros Protocolul original Analiza protocolului Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Kerberos 1 A→S : ( A, B ) 2 S →A : Ts , L, KAB , B , { Ts , L, KAB , A }K BS KAS 3 A→B : { Ts , L, KAB , A }KBS , { A, TA }KAB 4 B → A : { TA + 1}KAB Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Kerberos Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Algoritmul de vericare al protocoalelor folosind logica BAN 1 Obµinem versiunea idealizat  a protocolului din versiunea concret . 2 Stabilim presupunerile iniµiale - trebuie s  e minime pentru o analiz  ecient . Se stabilesc cheile iniµiale ³i entit µile din sistem în care au încredere agenµii. 3 Adnot m protocolul idealizat cu formule - se creeaz  o secvenµ  de formule de forma Q sees X . 4 Aplic m regulile de deducµie pentru formulele disponibile (presupuneri iniµiale, aserµiuni, formule deja obµinute) pentru obµinerea de noi încrederi Algoritmul poate repetat dac  se consider  c  este nevoie de noi presupuneri ce trebuie ad ugate sau dac  protocolul idealizat poate ranat. Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului 6. Regula de adnotare Dac  Y are loc înainte de momentul trimiterii lui X de la P la Q (P → Q : X ) atunci Y ³i Q sees X are loc dup  trimiterea mesajului. Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Idealizarea protocolului 1 - 2 S →A : KAB Ts , A ←→ B , KAB Ts , A ←→ B KBS KAS 3 A→B : KAB Ts , A ←→ B , KAB A ←→ B , TA from A KBS KAB 4 B →A : KAB A ←→ B , TA KAB Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Stabilirea presupunerilor iniµiale agenµii cunosc cheile partajate cu S KAS A |≡ A ←→ S KAS S |≡ A ←→ S KBS B |≡ B ←→ S K S |≡ B BS S ←→ serverul cunoa³te iniµial o cheie KAB ³i crede c  aceasta poate utilizat  de A ³i B pentru comunicare K S |≡ A AB B ←→ Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Stabilirea presupunerilor iniµiale relaµii de încredere (ecare agent crede c  S are autoritate pentru generarea de chei arbitrare de sesiune pe care A ³i B le vor utiliza pentru comunicare) K A |≡ S |⇒ A ←→ B B |≡ S |⇒ A KB ←→ presupuneri relative la noutate A |≡ #TS A |≡ #TA B |≡ #TS B |≡ #TA Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Adnotarea ³i aplicarea regulilor de inferenµ  autenticare din punct de vedere a lui A S →A : Ts , A KAB B , Ts , A KAB B ←→ ←→ KBS KAS A|≡A KAS S (6) A Ts , A KAB B , Ts , A KAB B ←→ ←→ ←→ KBS KAS (1.1) A|≡S |∼ KAB B , Ts , A KAB B Ts , A ←→ ←→ KBS (5.2) A|≡S |∼ Ts , A KAB B ←→ A|≡S |∼ Ts , A KAB B A|≡#TS ←→ A|≡#(TS , A KAB B ) ←→ (2.2) A|≡S |∼ Ts , A KAB B ←→ KAB B A|≡S |≡ Ts , A ←→ (2.1) A|≡S |⇒A KAB B ←→ A|≡S |≡A KAB B (5.3) ←→ (3) A|≡A KAB B ←→ Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Adnotarea ³i aplicarea regulilor de inferenµ  autenticare din punct de vedere a lui B A→B : Ts , A KAB B ←→ KAB , A ←→ B , TA KBS KAB (6) B Ts , A KAB B ←→ KAB , A ←→ B , TA (*) KBS KAB KAB B B Ts , A ←→ (4.1a) B |≡B KBS S ←→ KBS (1.1) B |≡S |∼ Ts , A KAB B ←→ B |≡S |∼ Ts , A KAB B ←→ B |≡#TS B |≡#(TS , A KAB B ) ←→ (2.2) B |≡S |∼ Ts , A KAB B ←→ KAB B B |≡S |≡ Ts , A ←→ (2.1) B |≡S |⇒A KAB B ←→ KAB B B |≡S |≡A ←→ (5.3) (3) B |≡A KAB B ←→ Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Adnotarea ³i aplicarea regulilor de inferenµ  B crede c  A este prezent ³i ³tie cheia B Ts , A KAB B ←→ KAB , A ←→ B , TA (*) KBS KAB (4.1a) B A KAB B , TA ←→ B |≡A KAB B ←→ KAB (1.1) B |≡A|∼ TA , A KAB B ←→ B |≡A|∼ TA , A KAB B (1.1) B |≡#T ←→ A (2.2) B |≡#(TA , A KAB B ) ←→ B |≡A|∼ Ts , A KAB B ←→ B |≡A|≡ Ts , A KAB B (2.1) ←→ (5.3) B |≡A|≡A KAB B ←→ Buruciuc Alexandra Kerberos - BAN
Logica BAN Protocolul original Kerkeros Analiza protocolului Adnotarea ³i aplicarea regulilor de inferenµ  A crede c  B este prezent ³i ³tie cheia B →A : A KAB B , TA ←→ KAB (6) A A KAB B , TA ←→ A|≡A KAB B ←→ KAB (1.1) A|≡B |∼ TA , A KAB B ←→ A|≡B |∼ TA , A KAB B ←→ A|≡#TA A|≡#(TA , A KAB B ) A|≡B |∼ Ts , A KAB B (2.2) ←→ ←→ A|≡B |≡ Ts , A KAB B (2.1) ←→ (5.3) A|≡B |≡A KAB B ←→ Buruciuc Alexandra Kerberos - BAN

Empfohlen

Marketing de Guerrilla. Praxis.
Marketing de Guerrilla. Praxis. Marketing de Guerrilla. Praxis.
Marketing de Guerrilla. Praxis.
enendeavor
 
RubinMaxwell_Qatar
RubinMaxwell_QatarRubinMaxwell_Qatar
RubinMaxwell_Qatar
maxwellrubin
 
Eu India Grid Project Presentation Andy
Eu India Grid Project Presentation AndyEu India Grid Project Presentation Andy
Eu India Grid Project Presentation Andy
google
 
TorqueBox at GNUnify 2012
TorqueBox at GNUnify 2012TorqueBox at GNUnify 2012
TorqueBox at GNUnify 2012
Saleem Ansari
 
VIP Club Sponsored by Mogreet: View our Presentation on Building & Engaging C...
VIP Club Sponsored by Mogreet: View our Presentation on Building & Engaging C...VIP Club Sponsored by Mogreet: View our Presentation on Building & Engaging C...
VIP Club Sponsored by Mogreet: View our Presentation on Building & Engaging C...
Vivastream
 
IPP Briefing Deck
IPP Briefing DeckIPP Briefing Deck
IPP Briefing Deck
Robin
 
Rezumat disertatie
Rezumat disertatieRezumat disertatie
Rezumat disertatie
Alexandra Buruciuc
 
Disertatie
DisertatieDisertatie
Disertatie
Alexandra Buruciuc
 

Empfohlen

Marketing de Guerrilla. Praxis.
Marketing de Guerrilla. Praxis. Marketing de Guerrilla. Praxis.
Marketing de Guerrilla. Praxis.
enendeavor
 
RubinMaxwell_Qatar
RubinMaxwell_QatarRubinMaxwell_Qatar
RubinMaxwell_Qatar
maxwellrubin
 
Eu India Grid Project Presentation Andy
Eu India Grid Project Presentation AndyEu India Grid Project Presentation Andy
Eu India Grid Project Presentation Andy
google
 
TorqueBox at GNUnify 2012
TorqueBox at GNUnify 2012TorqueBox at GNUnify 2012
TorqueBox at GNUnify 2012
Saleem Ansari
 
VIP Club Sponsored by Mogreet: View our Presentation on Building & Engaging C...
VIP Club Sponsored by Mogreet: View our Presentation on Building & Engaging C...VIP Club Sponsored by Mogreet: View our Presentation on Building & Engaging C...
VIP Club Sponsored by Mogreet: View our Presentation on Building & Engaging C...
Vivastream
 
IPP Briefing Deck
IPP Briefing DeckIPP Briefing Deck
IPP Briefing Deck
Robin
 
Rezumat disertatie
Rezumat disertatieRezumat disertatie
Rezumat disertatie
Alexandra Buruciuc
 
Disertatie
DisertatieDisertatie
Disertatie
Alexandra Buruciuc
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
Marius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
Expeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
Pixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
marketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
Skeleton Technologies
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Lily Ray
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
Rajiv Jayarajah, MAppComm, ACC
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
Christy Abraham Joy
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
Vit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
MindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
RachelPearson36
 

Weitere ähnliche Inhalte

Empfohlen

How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
ThinkNow
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
Kurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
SpeakerHub
 

Empfohlen (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Kerberos - BAN

  • 1. Logica BAN Kerkeros Analiza protocolului Kerkeros utilizând logica BAN Buruciuc Alexandra Facultatea de Informatic  Logici de încredere în securitatea informaµiei, 2011 Buruciuc Alexandra Kerberos - BAN
  • 2. Logica BAN Kerkeros Cuprins 1 Logica BAN Termeni Axiome Reguli de inferenµ  Limit ri Propriet µi 2 Kerkeros Protocolul original Analiza protocolului Buruciuc Alexandra Kerberos - BAN
  • 3. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Cuprins 1 Logica BAN Termeni Axiome Reguli de inferenµ  Limit ri Propriet µi 2 Kerkeros Protocolul original Analiza protocolului Buruciuc Alexandra Kerberos - BAN
  • 4. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Termeni Principalii sunt agenµii implicaµi în protocol. Posibile simbloluri: P, Q, R. În Kerberos: S, A, B. Cheile simetrice - posibile simboluri: Kab , Kas . Cheile publice - posibile simboluri: (Kb , Kb 1 ). − Nonce-urile sunt p rµi din mesaje care nu sunt repetate. Posibile simboluri: Na , Nb . M ricile de timp (timestamps) reect  timpul curent al celui care le creeaz  ³i nu sunt repetate. Posibile simboluri: Ta , Tb . Buruciuc Alexandra Kerberos - BAN
  • 5. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Axiome P |≡ X believes X) (P P X (P sees X ) P |∼ X (P said X ) P |⇒ X (P controls X ) #X (fresh(X )) K P ←→ Q K −→ P P XQ { X }K sau X K X Y Buruciuc Alexandra Kerberos - BAN
  • 6. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 1. Reguli referitoare la interpretarea mesajelor 1.1 pentru chei partajate P K |≡ Q ←→ P , P { X }K P |≡ Q |∼ X 1.2 pentru chei publice P K |≡ −→ Q , P { X }K −1 P |≡ Q |∼ X 1.3 pentru secrete P |≡ Q Y P , P X Y P |≡ Q |∼ X Buruciuc Alexandra Kerberos - BAN
  • 7. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 2. Reguli referitoare la mesaje recente 2.1 P |≡ #X , P |≡ Q |∼ X P |≡ Q |≡ X 2.2 P |≡ #X P |≡ # X , Y Buruciuc Alexandra Kerberos - BAN
  • 8. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 3. Regula de jurisdicµie P |≡ Q |⇒ X , P |≡ Q |≡ X P |≡ X Buruciuc Alexandra Kerberos - BAN
  • 9. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 4. Reguli de compoziµie (1) 4.1 de descompunere (a) P X, Y P X (b) P X Y P X (c) P |≡ X, Y P |≡ X Buruciuc Alexandra Kerberos - BAN
  • 10. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 4. Reguli de compoziµie (2) 4.2 de decriptare (d) P K |≡ Q ←→ P , P { X }K P X (e) P K |≡ −→ P , P { X }K P X (f) P K |≡ −→ Q , P { X }K −1 P X Buruciuc Alexandra Kerberos - BAN
  • 11. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi 5. Reguli de proiecµie 5.1 P |≡ X , P |≡ Y P |≡ X , Y 5.2 P |≡ Q |∼ X , Y P |≡ Q |∼ X 5.3 P |≡ Q |≡ X , Y P |≡ Q |≡ X 5.4 P |≡ Q |≡ X , P |≡ Q |≡ Y P |≡ Q |≡ X , Y Buruciuc Alexandra Kerberos - BAN
  • 12. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Limit ri Logica BAN presupune c  agenµii one³ti nu i³i public  secretele, presupunere bun  dar logica nu veric  acest lucru. Ar trebui vericat dac  cheile K ∈ cuno¸tin¸e(I ). / s t Presupune c  agenµii î³i pot recunoa³te propriile mesaje, ceea ce înseamn  c  pot evitate anumite atacuri în care componentele sunt interpretate gre³it, dar nici aceasta nu este vericat  concret. Toµi agenµii implicaµi în protocol sunt one³ti, deci intrusul nu este luat în calcul. În logica BAN nu ne intereseaz  dac  o cheie nu este cunoscut  de intrus (condenµialitate), ci ne intereseaz  dac  cheia este cunoscut  de agenµii one³ti (autenticare). Analizeaz  doar o sesiune particular  a protocolului ³i nu sunt luate în calcul intercal rile de sesiuni. Buruciuc Alexandra Kerberos - BAN
  • 13. Termeni Axiome Logica BAN Reguli de inferenµ  Kerkeros Limit ri Propriet µi Specicarea propriet µilor Autenticarea mutual  are loc dac  formulele urm toare se obµin din aplicarea algoritmului de vericare: P |≡ P KQ ←→ Q K |≡ P ←→ Q Pentru unele protocoale putem obµine pe lâng  autenticare ³i: conrmarea cunoa³terii cheii K P |≡ Q |≡ P ←→ Q Q |≡ P |≡ P KQ ←→ Un agent crede c  are o cheie partajat  cu un altul, dar crede c  ³i cel lalt agent crede acela³i lucru. prezenµa Buruciuc Alexandra Kerberos - BAN
  • 14. Logica BAN Protocolul original Kerkeros Analiza protocolului Cuprins 1 Logica BAN Termeni Axiome Reguli de inferenµ  Limit ri Propriet µi 2 Kerkeros Protocolul original Analiza protocolului Buruciuc Alexandra Kerberos - BAN
  • 15. Logica BAN Protocolul original Kerkeros Analiza protocolului Kerberos 1 A→S : ( A, B ) 2 S →A : Ts , L, KAB , B , { Ts , L, KAB , A }K BS KAS 3 A→B : { Ts , L, KAB , A }KBS , { A, TA }KAB 4 B → A : { TA + 1}KAB Buruciuc Alexandra Kerberos - BAN
  • 16. Logica BAN Protocolul original Kerkeros Analiza protocolului Kerberos Buruciuc Alexandra Kerberos - BAN
  • 17. Logica BAN Protocolul original Kerkeros Analiza protocolului Algoritmul de vericare al protocoalelor folosind logica BAN 1 Obµinem versiunea idealizat  a protocolului din versiunea concret . 2 Stabilim presupunerile iniµiale - trebuie s  e minime pentru o analiz  ecient . Se stabilesc cheile iniµiale ³i entit µile din sistem în care au încredere agenµii. 3 Adnot m protocolul idealizat cu formule - se creeaz  o secvenµ  de formule de forma Q sees X . 4 Aplic m regulile de deducµie pentru formulele disponibile (presupuneri iniµiale, aserµiuni, formule deja obµinute) pentru obµinerea de noi încrederi Algoritmul poate repetat dac  se consider  c  este nevoie de noi presupuneri ce trebuie ad ugate sau dac  protocolul idealizat poate ranat. Buruciuc Alexandra Kerberos - BAN
  • 18. Logica BAN Protocolul original Kerkeros Analiza protocolului 6. Regula de adnotare Dac  Y are loc înainte de momentul trimiterii lui X de la P la Q (P → Q : X ) atunci Y ³i Q sees X are loc dup  trimiterea mesajului. Buruciuc Alexandra Kerberos - BAN
  • 19. Logica BAN Protocolul original Kerkeros Analiza protocolului Idealizarea protocolului 1 - 2 S →A : KAB Ts , A ←→ B , KAB Ts , A ←→ B KBS KAS 3 A→B : KAB Ts , A ←→ B , KAB A ←→ B , TA from A KBS KAB 4 B →A : KAB A ←→ B , TA KAB Buruciuc Alexandra Kerberos - BAN
  • 20. Logica BAN Protocolul original Kerkeros Analiza protocolului Stabilirea presupunerilor iniµiale agenµii cunosc cheile partajate cu S KAS A |≡ A ←→ S KAS S |≡ A ←→ S KBS B |≡ B ←→ S K S |≡ B BS S ←→ serverul cunoa³te iniµial o cheie KAB ³i crede c  aceasta poate utilizat  de A ³i B pentru comunicare K S |≡ A AB B ←→ Buruciuc Alexandra Kerberos - BAN
  • 21. Logica BAN Protocolul original Kerkeros Analiza protocolului Stabilirea presupunerilor iniµiale relaµii de încredere (ecare agent crede c  S are autoritate pentru generarea de chei arbitrare de sesiune pe care A ³i B le vor utiliza pentru comunicare) K A |≡ S |⇒ A ←→ B B |≡ S |⇒ A KB ←→ presupuneri relative la noutate A |≡ #TS A |≡ #TA B |≡ #TS B |≡ #TA Buruciuc Alexandra Kerberos - BAN
  • 22. Logica BAN Protocolul original Kerkeros Analiza protocolului Adnotarea ³i aplicarea regulilor de inferenµ  autenticare din punct de vedere a lui A S →A : Ts , A KAB B , Ts , A KAB B ←→ ←→ KBS KAS A|≡A KAS S (6) A Ts , A KAB B , Ts , A KAB B ←→ ←→ ←→ KBS KAS (1.1) A|≡S |∼ KAB B , Ts , A KAB B Ts , A ←→ ←→ KBS (5.2) A|≡S |∼ Ts , A KAB B ←→ A|≡S |∼ Ts , A KAB B A|≡#TS ←→ A|≡#(TS , A KAB B ) ←→ (2.2) A|≡S |∼ Ts , A KAB B ←→ KAB B A|≡S |≡ Ts , A ←→ (2.1) A|≡S |⇒A KAB B ←→ A|≡S |≡A KAB B (5.3) ←→ (3) A|≡A KAB B ←→ Buruciuc Alexandra Kerberos - BAN
  • 23. Logica BAN Protocolul original Kerkeros Analiza protocolului Adnotarea ³i aplicarea regulilor de inferenµ  autenticare din punct de vedere a lui B A→B : Ts , A KAB B ←→ KAB , A ←→ B , TA KBS KAB (6) B Ts , A KAB B ←→ KAB , A ←→ B , TA (*) KBS KAB KAB B B Ts , A ←→ (4.1a) B |≡B KBS S ←→ KBS (1.1) B |≡S |∼ Ts , A KAB B ←→ B |≡S |∼ Ts , A KAB B ←→ B |≡#TS B |≡#(TS , A KAB B ) ←→ (2.2) B |≡S |∼ Ts , A KAB B ←→ KAB B B |≡S |≡ Ts , A ←→ (2.1) B |≡S |⇒A KAB B ←→ KAB B B |≡S |≡A ←→ (5.3) (3) B |≡A KAB B ←→ Buruciuc Alexandra Kerberos - BAN
  • 24. Logica BAN Protocolul original Kerkeros Analiza protocolului Adnotarea ³i aplicarea regulilor de inferenµ  B crede c  A este prezent ³i ³tie cheia B Ts , A KAB B ←→ KAB , A ←→ B , TA (*) KBS KAB (4.1a) B A KAB B , TA ←→ B |≡A KAB B ←→ KAB (1.1) B |≡A|∼ TA , A KAB B ←→ B |≡A|∼ TA , A KAB B (1.1) B |≡#T ←→ A (2.2) B |≡#(TA , A KAB B ) ←→ B |≡A|∼ Ts , A KAB B ←→ B |≡A|≡ Ts , A KAB B (2.1) ←→ (5.3) B |≡A|≡A KAB B ←→ Buruciuc Alexandra Kerberos - BAN
  • 25. Logica BAN Protocolul original Kerkeros Analiza protocolului Adnotarea ³i aplicarea regulilor de inferenµ  A crede c  B este prezent ³i ³tie cheia B →A : A KAB B , TA ←→ KAB (6) A A KAB B , TA ←→ A|≡A KAB B ←→ KAB (1.1) A|≡B |∼ TA , A KAB B ←→ A|≡B |∼ TA , A KAB B ←→ A|≡#TA A|≡#(TA , A KAB B ) A|≡B |∼ Ts , A KAB B (2.2) ←→ ←→ A|≡B |≡ Ts , A KAB B (2.1) ←→ (5.3) A|≡B |≡A KAB B ←→ Buruciuc Alexandra Kerberos - BAN