9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

Slides:



Advertisements
Similar presentations
AUTHENTICATION AND KEY DISTRIBUTION
Advertisements

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Digital Signatures and Hash Functions. Digital Signatures.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Distributed Systems CS Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
Cryptography Basic (cont)
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Network Security. Security Threats 8Intercept 8Interrupt 8Modification 8Fabrication.
Cryptography  Why Cryptography  Symmetric Encryption  Key exchange  Public-Key Cryptography  Key exchange  Certification.
Cryptography, Authentication and Digital Signatures
E-Commerce Security Professor: Morteza Anvari Student: Xiaoli Li Student ID: March 10, 2001.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
Chapter 21 Distributed System Security Copyright © 2008.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.
V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
KERBEROS SYSTEM Kumar Madugula.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
Security. Cryptography (1) Intruders and eavesdroppers in communication.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
1 Example security systems n Kerberos n Secure shell.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Computer Communication & Networks
9.2 SECURE CHANNELS Medisetty Swathy.
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
The Secure Sockets Layer (SSL) Protocol
CDK: Chapter 7 TvS: Chapter 9
DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S
Presentation transcript:

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI

Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications Example: Kerberos

Introduction How to make communication between clients and servers secure ? Authentication ? Communication within a distributed system Setting up a secure channel Protection against Interception, Modification and Fabrication Ensuring Confidentiality Protocols for mutual Authentication and message Integrity

Authentication Authentication and Message Integrity should always come together Example of Tinku & Pinky For Authentication a secure channel is set up For Message Integrity secret-key Cryptography by means of session keys is used Keys are securely destroyed when the channel is closed

Authentication Based on Shared Secret Key Secret key is already shared between A and B One party challenges other to a response Response is authenticated with shared secret key Challenge-Response protocols Tinku (A) Pinky (B) A RBRB RARA K A,B (R B ) K A,B (R A )

Authentication Based on Shared Secret Key Designing protocols that actually works Optimizing number of messages to three Sending secret key along with the message Tinku (A) Pinky (B) A, R A R B,K A,B (R A ) K A,B (R B )

Authentication Based on Shared Secret Key The reflection attack C sends message along with the challenge B returns challenge along with the response Chucky (C) Pinky (B) A,R C R B, K A,B (R C ) R B2, K A,B (R B ) A,R B K A,B (R B ) First Session Second Session First Session

Authentication Based on Shared Secret Key C tires to establish another session by using the challenge of B B sends another challenge and responds with his key C sets up First session with the key and leaves Second session Chucky (C) Pinky (B) A,R C R B, K A,B (R C ) R B2, K A,B (R B ) A,R B K A,B (R B ) First Session Second Session First Session

Authentication Based on Shared Secret Key A better design is to always use different challenges for the initiator and the responder Example: A always used even number and B always uses odd number This solution may subject to other attacks, such as “man-in-the-middle-attack” Doing number of things identically while setting up a secure channel between two parties is not a good idea Tweaking an existing protocol to improve its performance, can easily affect its correctness

Authentication Using Key Distribution Center Scalability is one of the problems with shared secret key If the distribution system has N hosts, it is difficult to manage when N is large Key Distribution Center shares a secret key with each host; instead of pairs sharing the key In SSK, the system needs to manage N(N-1)/2 keys; where as in KDC only N keys

Authentication Using Key Distribution Center KDC hands out key to both Tinku(A) and Pinky(B) A sends message to KDC and tells about B KDC returns with a message with shared secret key K A,B Tinku (A) KDC, generates K A,B Pinky (B) K A,KDC (K A,B ) K B,KDC (K A,B ) A,B

Authentication Using Key Distribution Center The message is encrypted with secret key K A,KDC KDC also sends K A,B to B encrypted with secret key K B,KDC Tinku (A) KDC, generates K A,B Pinky (B) K A,KDC (K A,B ) K B,KDC (K A,B ) A,B

Authentication Using Key Distribution Center There are certain drawbacks, like A wants to set up connection with B even before KDC contacts B KDC needs to pass the key to the B before it brings in the loop Instead KDC can just pass the keys to A and lets A to contact B with ticket

Authentication Using Public Key Cryptography Does not require KDC A and B has each others public keys with them A sends challenge encrypted with B’s public key B returns the decrypted challenge, along with his own challenge. Tinku (A) Pinky (B) K + B (A,R A ) K + A (R A, R B,K A,B ) K A,B (R B )

Authentication Using Public Key Cryptography B generates session key K A,B to use for further communication B’s response to A, B’s challenge, session key are put in a message encrypted with public key of A A returns the response using session key to acknowledge Tinku (A) Pinky (B) K + B (A,R A ) K + A (R A, R B,K A,B ) K A,B (R B )

Message Integrity and Confidentiality Message Integrity ensures protection from modification Confidentiality ensures protection from interception Confidentiality can be achieved by encryption through a shared secret key or public key Message Integrity is a difficult task

Message Integrity and Confidentiality Digital Signatures Message Integrity goes beyond the actual transfer through a secure channel Example of A buying a collection item from B In addition to authentication, digital signatures helps in improving integrity Several ways to place digital signatures Popular form is to use a public-key cryptosystem such as RSA

Message Integrity and Confidentiality Digital Signatures A sends message m to B by encrypting with its private key If A wants the content of the message to be secret, B’s public key is used which combines m and the signature of A B receives the message and decrypts with A’s public key A’s private key K - A B’s public key K + B B’s private key K - B A’s public key K + A m m m A’s Computer B’s Computer

Message Integrity and Confidentiality Digital Signatures Certain problems are associated with his method If A’s private key is stolen If A changes its private key Encryption costs A’s private key K - A B’s public key K + B B’s private key K - B A’s public key K + A m m m A’s Computer B’s Computer

Message Integrity and Confidentiality Digital Signatures Cryptographic Hash function is used to improve the situation A uses Hash function to calculate the message digest with A’s private key A’s message digest along with the original message is sent to B

Message Integrity and Confidentiality Digital Signatures B decrypts the message digest with A’s public key Compares the original message with the decrypted message If both are same it understands that no modifications are done and the signature is authentic

Secure Group Communication How to enable Secure communication for more than two parties ? It is necessary to enable secure communication between more than just two parties The sever is replicated to improve the fault tolerance and performance The replicated sever for which all the replicas exist, should be protected against modification, fabrication, interception

Secure Group Communication Confidential Group Communication To ensure confidentiality, a simple scheme of letting all group members to share same secret key This key is used to encrypt and decrypt all the messages transmitted by the members All the members need to be trusted to keep the key a secret This prerequisite alone makes the use of single key more vulnerable to attacks

Secure Group Communication Confidential Group Communication Another solution is to maintain separate shared secret key between each pair of group members When one attack happens others can stop sending the messages but still use their secret keys However, instead of maintaining one key, it is necessary to maintain N(N-1)/2 keys which is a difficult problem

Secure Group Communication Confidential Group Communication Using public-key cryptosystem the situation can be improved Each member has its own (private key, public key) pair, in which public key can be used by all members for sending confidential messages N key pairs are need for N members Unfaithful members can be removed from group without compromising the other keys

Secure Group Communication Secure Replicated Servers

Example: Kerberos A logs into A’s work station and its identity is sent to Authentication Server by the work station (AS) AS authenticates the user and provides a key to set up a secure channel This key is known only to AS and Ticket Granting System (TGS)

Example: Kerberos Work station asks for the password When the correct password is entered, then the key is ready to use A requests for the connection with B to TGS A secure channel is established

Future Work Optimization of Knowledge Distribution Center can be improved by developing more reliable protocols More data need to maintained in replicated servers rather than having it in single server Efficiency of algorithms can be improved for encrypting and decrypting the messages More reliable channels should be made for Group Communications

References Andrew S. Tanenbaum, Maarten Van Steen, “Distributed Systems: Principles and Paradigms”, Prentice-Hall,NJ,USA. Andrew S. Tanenbaum, Maarten Van Steen, “Distributed Systems: Principles and Paradigms”, Prentice-Hall,NJ,USA

Any Questions ?

Thank you !!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.