Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Slides:



Advertisements
Similar presentations
AUTHENTICATION AND KEY DISTRIBUTION
Advertisements

COEN 350 Kerberos.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
CNS2010handout 12 :: crypto protocols1 ELEC5616 computer and network security matt barrie
CSC 474 Information Systems Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
COEN 350 Kerberos. Provide authentication for a user that works on a workstation. Uses secret key technology Because public key technology still had patent.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Chapter 2 Protocols Controlling communications of principals in systems.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Authentication System
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Strong Password Protocols
Authentication: keys, MAC, hashes, message digests, digital signatures.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Week 4 - Wednesday.  What did we talk about last time?  RSA algorithm.
Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Lecture 6.1: Protocols - Authentication and Key Exchange I CS 436/636/736 Spring 2012 Nitesh Saxena.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.
Lecture 5.1: Message Authentication Codes, and Key Distribution
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
Identify Friend or Foe (IFF) Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. E(N,K) SAAF Impala Russian MIG 1 Military needs many specialized.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Security. Cryptography (1) Intruders and eavesdroppers in communication.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
1 Example security systems n Kerberos n Secure shell.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
CS480 Cryptography and Information Security
Chapter 15 Key Management
Handshake Protocols COEN 150.
Message Security, User Authentication, and Key Management
9.2 SECURE CHANNELS Medisetty Swathy.
Strong Password Protocols
Protocol ap1.0: Alice says “I am Alice”
Protocol ap1.0: Alice says “I am Alice”
Strong Password Protocols
Lecture 6.1: Protocols - Authentication and Key Exchange I
Diffie/Hellman Key Exchange
AIT 682: Network and Systems Security
Key Exchange With Public Key Cryptography
Presentation transcript:

Handshake Protocols COEN 350

Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Simple Protocol Vulnerable to sniffing and replay attack. Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.... Mallory: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Shared Secret Alice and Bob share a secret key K. Alice: I am Alice. Bob: Encrypt R. Alice: E K (R) Bob (calculates E K (R) as well.): Welcome Alice.

Shared Secret Vulnerable to DOS attack. while(1){ Mallory: I am Alice. Bob: Encrypt R. Mallory: X. Bob (E K (R) != X): Access denied. }

Shared Secret Vulnerable to sniffing and replay attack if R is not random or if R is repeated.

Shared Secret, use of clock Alice: I am Alice, E K (clock). Bob calculates clock, compares with his value: Welcome Alice.

Shared secret, use of clock Man in the Middle + replay attack: Mallory to Bob: KILL, KILL, KILL, KILL. Alice: Hi, I’m Alice. E K (clock). Mallory to Alice: KILL, KILL, KILL, KILL. Mallory to Bob: Hi, I’m Alice. E K (clock). Bob: Hi, Alice.

Public Key Alice: “I’m Alice.” Bob: “R”. Alice: “E Alice (R)”. Bob calculates “D Alice E Alice (R) == R: Hi Alice.

Public Key Alice: “I’m Alice.” Bob creates random challenge R: “E Alice (R)”. Alice: “R”. Bob checks R == R: Hi Alice.

Public Key: DOS attack Trudy: “I’m Alice.” Bob: “R”. Trudy: “X” Bob calculates “D Alice E Alice (X) != R: Access Denied. Bob spends much more time computing than Trudy!

Mutual Authentication: Shared Secret Alice: “I am Alice” Bob: “R B ” Alice: E K (R B ). R A. Bob calculates E K (R B ) himself: E K (R A ). Hi Alice. Alice calculates E K (R A ) herself: Hi Bob.

Mutual Authentication with less messages? Alice: I am Alice. R A Bob: R B. E K (R A ). Alice: Hi Bob. E K (R B ). Bob: Hi Alice.

Mutual Authentication with less steps is vulnerable to the replay attack Session 1 Trudy: I am Alice. R A. Session 1 Bob: R B. E K (R A ). Session 2 Trudy: I am Alice. R B. Session 2 Bob: R B’. E K (R B ). Session 1 Trudy: Hi Bob. E K (R B ). Session 1 Bob: Hi Alice.

Warning Signals  Requestor should authenticate herself first.  Don’t have requestor and requestee do exactly the same thing. (E.g. use different key pairs.)  If you provide encryption service, you set yourself up for a key guessing attack.

Public Key: Simple Mutual Authentication Alice: “I am Alice. R A ” Bob:“E Bob (R A ). R B ” Alice D Bob E Bob (R A )=R A : Hello Bob. E Alice (R B ). Bob: D Alice E Alice (R B ) = R B : Hello Alice.

Key Distribution Centers  Maintains a shared secret for each registered user.  To set-up a connection requires the KDC to set up a session key.

Key Distribution Center Original Algorithm  Alice to KDC: Alice wants Bob.  KDC to Alice: Here is your session key.  KDC to Bob: Here is your session key. This needs to be modified.

Key Distribution Center: Needham Schroeder Protocol Alice to KDC: N1, Alice wants Bob. KDC to Alice: K A (N1,K S,Bob,Ticket), where Ticket=K B (K S,Alice). Alice to Bob: Ticket, K S (N2). Bob to Alice: K S (N2-1,N3). Alice to Bob: K(N3-1). N1, N2, N3 are nonces to prevent replay attacks.

Key Distribution Center: Needham Schroeder Protocol Variant Alice to KDC: N1, Alice wants Bob. KDC to Alice: K A (N1,K S,Bob,Ticket), where Ticket=K B (K S,Alice). Alice to Bob: Ticket, K S (N2). Bob to Alice: K S (N2-1),K S (N3). Alice to Bob: K(N3-1). N1, N2, N3 are nonces to prevent replay attacks.

Replay attack on modified NS Alice to KDC: N1, Alice wants Bob. KDC to Alice: K A (N1,K S,Bob,Ticket), where Ticket=K B (K S,Alice). Alice to Bob: Ticket, K S (N2). Bob to Alice: K S (N2-1),K S (N3). Alice to Bob: K S (N3-1). Trudy as Alice to Bob: Ticket, K S (N 2 ) Bob to Alice, but intercepted by Trudy: K S (N 2 -1), K S (N 4 ) Trudy as Alice to Bob: Ticket, K S (N 4 ). Bob to Alice, but intercepted by Trudy. K S (N4-1), K S (N 5 ). Trudy as Alice to Bob: K S (N4-1).

Key Distribution Center  Assume that Alice’s key has become compromised.  Trudy can now present herself as Alice to Bob with an old ticket.  Tickets need to have an expiration date!!!!!!!!!!!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.