SPKI analysis SPKI analysis in in strand space strand space Alex Vidergar, 1Lt, USAF Alex Vidergar, 1Lt, USAF Air Force Institute of Technology Air Force Institute of Technology Graduate School of Computer Science & Graduate School of Computer Science & Engineering Engineering Thesis Advisor: Robert Graham, Maj, USAF Thesis Advisor: Robert Graham, Maj, USAF
23
Embed
SPKI analysis in strand space Alex Vidergar, 1Lt, USAF Air Force Institute of Technology Graduate School of Computer Science & Engineering Thesis Advisor:
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
SPKI analysis SPKI analysis in in
strand spacestrand space
Alex Vidergar, 1Lt, USAFAlex Vidergar, 1Lt, USAFAir Force Institute of TechnologyAir Force Institute of TechnologyGraduate School of Computer Science & EngineeringGraduate School of Computer Science & EngineeringThesis Advisor: Robert Graham, Maj, USAFThesis Advisor: Robert Graham, Maj, USAF
OverviewOverview SPKISPKI
• what it is and why we use itwhat it is and why we use it
Strand SpaceStrand Space• How this tool was used effectivelyHow this tool was used effectively
Example AnalysisExample Analysis• Transport Layer Security (TLS)Transport Layer Security (TLS)
Conclusions about new security propertiesConclusions about new security properties• AuthorizationsAuthorizations
Simple Public Key InfrastructureSimple Public Key Infrastructure
Championed by Ron Rivest (RSA) and Championed by Ron Rivest (RSA) and
Carl Ellison (Intel)Carl Ellison (Intel)
Simple Distributed Security Infrastructure (SDSI) Simple Distributed Security Infrastructure (SDSI) and SPKI merged in the 90sand SPKI merged in the 90s
Developed to overcome shortcoming in the Developed to overcome shortcoming in the currently deployed PKI (X.509)currently deployed PKI (X.509)
Two types of certificates Name & AuthorizationTwo types of certificates Name & Authorization
• Global reach of the x.500 directoryGlobal reach of the x.500 directory• Single global standardSingle global standard• Unique names in one namespaceUnique names in one namespace
PrivacyPrivacy• Participation in the network may unwillingly Participation in the network may unwillingly
revealing details about organization revealing details about organization
Lack of FlexibilityLack of Flexibility• Updated information impossibleUpdated information impossible• Multiple keys unsupportedMultiple keys unsupported
SPKI SolutionsSPKI Solutions
Egalitarian DesignEgalitarian Design• Every Principal acts as Certificate Authority Every Principal acts as Certificate Authority
(CA)(CA)• Local NamesLocal Names
Humans tend to relate well to things they name Humans tend to relate well to things they name themselvesthemselves
Local name spaceLocal name space• Allows unique names to be applied as Allows unique names to be applied as
understood by the principals that will be using understood by the principals that will be using themthem
• Fully qualified names act globallyFully qualified names act globally Alice’s Bob’s Charlie ≠ Allison’s Bob’s CharlieAlice’s Bob’s Charlie ≠ Allison’s Bob’s Charlie
SPKI SolutionsSPKI Solutions
Delegation of AuthorityDelegation of Authority• Delegation bitDelegation bit• University ExampleUniversity Example
University EnrollmentUniversity Enrollment Course EnrollmentCourse Enrollment
• DepartmentDepartment School School
- student- student
SPKI: Authorization TagsSPKI: Authorization Tags
Customized to applicationsCustomized to applications• Once again not standardizedOnce again not standardized• FlexibilityFlexibility
Security through obscurity?Security through obscurity?• What is access of 10 mean?What is access of 10 mean?• More importantly, meaningful to the More importantly, meaningful to the
issuers of access to a resourceissuers of access to a resource
SPKI: Flexibility or Meager Design?SPKI: Flexibility or Meager Design?
Constant theme of FlexibilityConstant theme of Flexibility• Very Vague SpecificationVery Vague Specification
Highly customizableHighly customizable
• Requires diligence in implementationRequires diligence in implementation Easily integrated into a systemEasily integrated into a system Potential security issues may arisePotential security issues may arise
Solution: Strand space analysisSolution: Strand space analysis
Strand SpaceStrand Space
Existing Strand Space ModelExisting Strand Space Model• Public Key ProtocolPublic Key Protocol
Diffie-HellmanDiffie-Hellman Injective hash functionInjective hash function Signatures in addition to encryptionsSignatures in addition to encryptions
• Mixed Strand SpaceMixed Strand Space Disparate protocols operating in the same spaceDisparate protocols operating in the same space RespectRespect Disjoint EncryptionDisjoint Encryption
Strand Space : MergeStrand Space : Merge
Mixed PKI Strand SpaceMixed PKI Strand Space
• Amalgamation of needed features of Amalgamation of needed features of previous strand space modelsprevious strand space models
• Ideal environment for testing SPKI Ideal environment for testing SPKI protocols being integrated into other protocols being integrated into other systemssystems
TLS : AnalysisTLS : Analysis
Ideal analysis protocol: Ideal analysis protocol:
Transport Layer SecurityTransport Layer Security
Arguably the most widely used Internet Arguably the most widely used Internet protocol for secure transactionsprotocol for secure transactions
Intrinsic use of certificatesIntrinsic use of certificates• Uses x.509Uses x.509
TLS uses x.509 certificatesTLS uses x.509 certificates• Mayweh implements SSL with SPKIMayweh implements SSL with SPKI
Substitute x.509 for SPKI name certsSubstitute x.509 for SPKI name certs Functionally identicalFunctionally identical Limited Network securityLimited Network security
• Assumed operating in secure environmentAssumed operating in secure environment
TLS : the sweet OnionTLS : the sweet Onion
TLS is a layer of protocolsTLS is a layer of protocols• TLS itself is a shellTLS itself is a shell
Arranges for other protocols to runArranges for other protocols to run
• Does not provide securityDoes not provide security Security provided by sub protocolsSecurity provided by sub protocols
• Diffie-HellmanDiffie-Hellman• RSA RSA
TLS : Primary ProtocolsTLS : Primary Protocols
ServerServer
AuthenticationAuthentication
ProtocolProtocol
Client unauthenticatedClient unauthenticated
TLS : Primary ProtocolsTLS : Primary Protocols
Server & ClientServer & Client
AuthenticationAuthentication
ProtocolProtocol
Both principalsBoth principals
authenticatedauthenticated
Mixed Strand Space : ResumeMixed Strand Space : Resume
Resume ProtocolResume Protocol
Inherently Inherently uninterestinguninteresting
Provides only a Provides only a recount of a recount of a previously executed previously executed sessionsession
Relies on message Relies on message digest for coordination digest for coordination and agreementand agreement
Mixed Strand Space : Mixed Strand Space : Certificate Chain DiscoveryCertificate Chain Discovery
Designed from the ground up with TLS in mindDesigned from the ground up with TLS in mind• establish authentication of CAestablish authentication of CA• validation of certificatevalidation of certificate• maintain security of primary protocolmaintain security of primary protocol
Mixed Strand Space : Mixed Strand Space : Certificate Chain DiscoveryCertificate Chain Discovery
Possible to assume Possible to assume disjoint set of keysdisjoint set of keys• therefore therefore
disjoint encryption is disjoint encryption is trivialtrivial
Message formats Message formats designed disjointlydesigned disjointly• once again simple once again simple
proof of respect if proof of respect if designed properlydesigned properly
AnalysisAnalysis
RespectRespect• Concept born in paper Concept born in paper Mixed Strand SpacesMixed Strand Spaces• Supplemented Supplemented
Method for defining respectMethod for defining respect• Characterize test componentsCharacterize test components• Identify sets of messagesIdentify sets of messages
Applied to Diffie-Hellman Applied to Diffie-Hellman
• Protocol design based on RespectProtocol design based on Respect SPKI Certificate Chain DiscoverySPKI Certificate Chain Discovery
• Disjoint EncryptionDisjoint Encryption• Respect of primary protocol’s test componentsRespect of primary protocol’s test components
• Necessary to Prove for each protocol as Necessary to Prove for each protocol as primary?primary?
AnalysisAnalysis
Disjoint Encryption Disjoint Encryption • Protocol Independence through Disjoint EncryptionProtocol Independence through Disjoint Encryption• Better Refined concept of respect Better Refined concept of respect → Independence→ Independence
Disjoint set of test componentsDisjoint set of test components Previous notion of Respect Previous notion of Respect
• covers naïve case of disjoint setscovers naïve case of disjoint sets Allows more complex secondary protocols to be designedAllows more complex secondary protocols to be designed
• In the CCD Protocol Design CaseIn the CCD Protocol Design Case CCD design from respect is indeed Disjoint EncryptionCCD design from respect is indeed Disjoint Encryption
• Disjoint Outbound Disjoint Outbound simple case: no shared termssimple case: no shared terms• Disjoint InboundDisjoint Inbound
• Visual representation of mixed strand spacesVisual representation of mixed strand spaces Problematic with entwined sub-protocolsProblematic with entwined sub-protocols
Simple and PowerfulSimple and Powerful Signed statements are certificationsSigned statements are certifications
An authority is an authority An authority is an authority • Certificate Authorities traditionally are simply Certificate Authorities traditionally are simply
name authoritiesname authorities Does not have to be limited to namesDoes not have to be limited to names
Authorizations are thus provided by an Authorizations are thus provided by an authorization principalauthorization principal• Already incorporated with authorization Already incorporated with authorization
certificates in SPKI standardcertificates in SPKI standard