DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

Slides:



Advertisements
Similar presentations
The Diffie-Hellman Algorithm
Advertisements

AUTHENTICATION AND KEY DISTRIBUTION
Chapter 10 Real world security protocols
Chapter 14 – Authentication Applications
SCSC 455 Computer Security
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Computer Science&Technology School of Shandong University Instructor: Hou Mengbo houmb AT sdu.edu.cn Office: Information Security Research Group.
Cryptography and Network Security
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
Cryptography and Network Security (CS435) Part Eleven (Digital Signatures and Authentication Protocols)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Digital signatures, DSS and authentication protocols
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
CSE 597E Fall 2001 PennState University1 Digital Signature Schemes Presented By: Munaiza Matin.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Csci5233 Computer Security1 Bishop: Chapter 10 Key Management: Digital Signature.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Information Security and Management 13. Digital Signatures and Authentication Protocols Chih-Hung Wang Fall
Chapter 5 Digital Signatures MSc. NGUYEN CAO DAT Dr. TRAN VAN HOAI 1.
Bob can sign a message using a digital signature generation algorithm
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Information Security Principles Assistant Professor Dr. Sana’a Wafa Al-Sayegh 1 st Semester ITGD 2202 University of Palestine.
IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:
Authentication: keys, MAC, hashes, message digests, digital signatures.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 21 Distributed System Security Copyright © 2008.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Q: How do Ole and Lena get a shared private key? 1) Lena  LockmasterE keyLena ( ID Lena || ID Ole ) Example (Suppose Lena wants a key to shared with Ole.)
Digital Signatures and Authentication Protocols Chapter 13.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings.
KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT; OTHER PUBLIC-KEY CRYPTOSYSTEMS - Chapter 10 KEY MANAGEMENT DIFFIE-HELLMAN KEY.
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown & Süleyman KONDAKCI.
Digital Signatures, Message Digest and Authentication Week-9.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Key Management Network Systems Security Mort Anvari.
X. Digital Signatures and Authentication Protocols We begin this chapter with an overview of digital signatures, authentication protocol and Digital Signature.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Fall 2006CS 395: Computer Security1 Key Management.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Key Management and Distribution Anand Seetharam CST 312.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Dr. Nermin Hamza.  Attacks:  Traffic Analysis : traffic analysis occurs when an eavesdroppers observes message traffic on network. Not understand the.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Computer Communication & Networks
Authentication Protocols
Chapter 13 – Digital Signatures & Authentication Protocols
Message Security, User Authentication, and Key Management
Subject Name: NETWORK SECURITY Subject Code: 10EC832
Presentation transcript:

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication Protocols Digital Signature Standard

AUTHENTICATION vs SIGNATURE AUTHENTICATION vs SIGNATURE Authentication auth A  B protects against {C} Signature sign A  B protects against {A,C}

SIGNATURE CHARACTERISTICS SIGNATURE CHARACTERISTICS Author Verifiable Date Authenticate by Time Contents Third Party

SIGNATURE TYPES SIGNATURE TYPES Direct X  Y weakness: security of private key Arbitrated + date X  A  Y

ARBITRATED DIGITAL SIGNATURE TECHNIQUES

Table 13.1: Scheme (a) Arbiter Sees Message Table 13.1: Scheme (a) Arbiter Sees Message Conventional Encryption: After X  A  Y Dispute between X and Y Y  A: E K ay [ID x ||M||E K ax [ID x ||H(M)]]

Table 13.1: Scheme (b) Arbiter Does Not See Message Table 13.1: Scheme (b) Arbiter Does Not See Message Conventional Encryption: Arbiter : neither can read message Eavesdropper

Table 13.1: Scheme (c) Arbiter Does Not See Message Table 13.1: Scheme (c) Arbiter Does Not See Message Public-Key (double) Encryption: advantages: 1. No information shared before communication 2. if KRx compromised date is still correct 3. message secret from Arbiter and Eavesdropper

REPLAY ATTACKS REPLAY ATTACKS Simple Replay: X  m E  m Logged Replay: X  m||T 0 t E  m||T 0 (< T 0 later) i m Undetected Replay:X  m e E  m  Backward Replay: X  m X  m E

TIMESTAMP TIMESTAMP m||T X Y synchronized clocks

CHALLENGE/RESPONSE CHALLENGE/RESPONSE Use NONCE: N X Y m||N X Y handshake required

ATTACK ON Fig 7.9 E avesdropper gets Old K s : Replay Step 3 Intercept Step 4 Impersonate Step 5 Bogus Messages  Y

SOLUTION: TIMESTAMP 1.A  ID A ||ID B KDC 2. KDC  E K A [ K S ||ID B ||T||E K B [K S ||ID A ||T] ] A 3. A  E K B [K S ||ID A ||T] B 4. B  E K S [N 1 ] A 5. A  E K S [f(N 1 )] B

CLOCK ATTACKS CLOCK ATTACKS To counteract: Suppress – Replay attacks: 1. Check clocks regularly use KDC clock 2. Handshaking via Nonce

AN IMPROVED PROTOCOL over Fig 7.9 AN IMPROVED PROTOCOL over Fig 7.9 To counteract suppress-replay attacks: A  ID A || N A B B  ID B ||N B ||E KB [ID A ||N A ||T B ] KDC KDC  E K A [ID B ||N A ||K S ||T B ]||E K B [ID A ||K S ||T B ]||N B A 4. A  E K B [ID A ||K S ||T B ]||E K S [N B ] B No clock synch. T B only checked by B

AUTHENTICATION SERVER AUTHENTICATION SERVER - no secret key distribution (public key) A  ID A ||ID B AS AS  E KR AS [ID A ||KU A ||T]||E KR AS [ID B ||KU B ||T] A 3. A  E KR AS [ID A ||KU A ||T]||E KR AS [ID B ||KU B ||T]||E KU B [E KR A [K S ||T]] B Problem: Clock Synch.

ALTERNATIVE NONCE PROTOCOL ALTERNATIVE NONCE PROTOCOL 1. A  ID A ||ID B KDC 2. KDC  E KR auth [ID B ||KU B ] A 3. A  E KU B [N A ||ID A ] B 4. B  ID B ||ID A ||E KUauth [N A ] KDC 5. KDC  E KR auth [ID A ||KU A ]||E KU B [E KR auth [N A ||K S ||ID A ||ID B ]] B 6. B  E KU A [E KR auth [N A ||K S ||ID A ||ID B ]||N B ] A 7. A  E K S [N B ] B

ONE-WAY AUTHENTICATION ONE-WAY AUTHENTICATION (e.g. ) Encrypt Message Authenticate Sender

SYMMETRIC-KEY (one-way auth.) SYMMETRIC-KEY (one-way auth.) 1. A  ID A ||ID B ||N 1 KDC 2. KDC  E K A [K S ||ID B ||N 1 ||E K B [K S ||ID A ]] A 3. A  E K B [K S,ID A ]||E K S [M] B

PUBLIC-KEY (one-way auth.) PUBLIC-KEY (one-way auth.) Use Figs 11.1b,c, and d or A  E KU B [K S ]||E K S [M] B or A  M||E KR A [H(M)] B

PUBLIC-KEY (one-way auth.) PUBLIC-KEY (one-way auth.) Send A’s public key to B A  M||E KR A [H(M)]||E KR AS [T||ID A ||KU A ] B

DSS : USES SHA-1 DSS : USES SHA-1 Signature YES Encryption NO Key-Exchange NO

DSS : USES SHA-1

DISCRETE LOG DISCRETE LOG p,q,g – global public keys x - user private key y - user public key k - user per-message secret number r = (g k mod p) mod q s = [k -1 (H(M) + xr)] mod q Signature = (r,s) precompute g k, k -1

VERIFY VERIFY w = (s’) -1 mod q u 1 = [H(M’)w] mod q u 2 = (r’)w mod q v = [(g u 1.y u 2 ) mod p] mod q where y = g x mod p v = r’ ? y = g x is one-way: x  y YES y  x NO

DIGITAL SIGNATURE ALGORITHM

DSS SIGNING AND VERIFYING