1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 4.6 Kerberos.
Advertisements

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications
NETWORK SECURITY.
Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 23: Internet Authentication Applications.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
IIIT Security Workshop1 Chapter Authentication Applications ADAPTED FROM THE PRESENTATION by Henric Johnson Blekinge Institute of Technology,Sweden
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Kerberos versions 4 and 5 X.509 Authentication Service
Lecture 23 Internet Authentication Applications
Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 815 Network Security Lecture 9 Digital Signatures & Authentication Applications Kerberos February 13, 2003.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.
Authentication Applications
Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Public Key Cryptography RSA Diffie Hellman Key Management Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College,
Authentication applications
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
1 Authentication Applications Behzad Akbari Fall 2010 In the Name of the Most High.
Cryptography and Network Security Chapter 14 Authentication Fourth Edition by William Stallings Lecture slides by Lawrie Brown Changed and extended by.
Network Security Essentials Chapter 4 Fourth Edition by William Stallings (Based on lecture slides by Lawrie Brown.
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Authentication 3: On The Internet. 2 Readings URL attacks
Module 4 Network & Application Security: Kerberos – X509 Authentication service – IP security Architecture – Secure socket layer – Electronic mail security.
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
31/03/2005Authentication Applications 1 Authentication Applications: Kerberos, X.509 and Certificates REYHAN AYDOĞAN.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security
Authentication Applications
Authentication Protocol
Digital Certificates and X.509
Kerberos and X.509 Fourth Edition by William Stallings
Authentication Applications
Presentation transcript:

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

2 Security Concerns key concerns are confidentiality and timeliness to provide confidentiality must encrypt identification and session key info which requires the use of previously shared private or public keys need to prove ownership of public keys need timeliness to prevent replay attacks provided by using sequence numbers or timestamps or challenge/response Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Digital signatures A digital signature is an encryption of a document with the creator’s private key It is attached to a document that validates the creator of the document Any one can validate it by decrypting the signature with the claimed creator’s public key 3 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Some Misconceptions Some misconceptions, corrected –Public key cryptography is NOT more secure than symmetric key –Public key cryptography does NOT Makes symmetric key obsolete –Central agent is needed for both public key and conventional cryptography 4 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Alternatively…. Digital signatures on hashes A more efficient way for a digital signature is by creating an authenticator of the document first (a hash) Then sign the hash (i.e. encrypt the hash using private key) If M is the message (or document) and Alice wants Bob to be certain that M is from her. M is not confidential –H = Hash(M) –Authenticator = E KR A i.e. encrypting H with Alice’s private key 5 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Digital Signatures: The basic idea ? private key public key AliceBob 6 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Key management Distribution of public keys –Well, what’s the issue? –Can’t we just trust Mallory if she claims a key as her public key? ? private key public key AliceBob Mallory 7 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Public keys to exchange secret keys Using public-keys to exchange secret keys –why exchange secret keys? –aren’t public keys sufficient? 8 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Authenticity of public keys ? Problem: How does Alice know that the public key she received is really Bob’s public key? private key Alice Bob public key Bob’s key 9 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Public-key certificates Anyone can forge public-keys Therefore, use public-key certificates A public-key certificate is a public-key that was signed by a trusted third party (called a certificate authority or CA) See figure on next slide 10 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Key Management Public-Key Certificate Use 11 Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

12 X.509 Authentication Service Distributed set of servers that maintains a database about users. Each certificate contains the public key of a user and is signed with the private key of a CA. Is used in S/MIME, IP Security, SSL/TLS and SET. RSA is recommended to use. Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

13 X.509 Formats Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

14 Typical Digital Signature Approach Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

15 Obtaining a User’s Certificate Characteristics of certificates generated by CA: –Any user with access to the public key of the CA can recover the user public key that was certified. –No party other than the CA can modify the certificate without this being detected. Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

16 X.509 CA Hierarchy Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

17 Revocation of Certificates Reasons for revocation: –The users secret key is assumed to be compromised. –The user is no longer certified by this CA. –The CA’s certificate is assumed to be compromised. Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

18 Authentication Procedures Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

19 KERBEROS Users wish to access services on servers. Three threats exist: –User pretend to be another user. –User alter the network address of a workstation. –User eavesdrop on exchanges and use a replay attack. Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

20 KERBEROS Provides a centralized authentication server to authenticate users to servers and servers to users. Relies on conventional encryption, making no use of public-key encryption Two versions: version 4 and 5 Version 4 makes use of DES Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

21 Kerberos Version 4 Terms: –C = Client –AS = authentication server –V = server –ID c = identifier of user on C –ID v = identifier of V –P c = password of user on C –ADc = network address of C – K v = secret encryption key shared by AS an V –TS = timestamp –|| = concatenation Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

22 A Simple Authentication Dialogue (1)C  AS: ID c || P c || ID v (2)AS  C:Ticket (3)C  V: ID c || Ticket Ticket = E K v [ ID c || AD c || ID v] Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

23 Version 4 Authentication Dialogue Problems: –Lifetime associated with the ticket-granting ticket –If too short  repeatedly asked for password –If too long  greater opportunity to replay The threat is that an opponent will steal the ticket and use it before it expires Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

24 Version 4 Authentication Dialogue Authentication Service Exhange: To obtain Ticket-Granting Ticket (1)C  AS: IDc || IDtgs ||TS 1 (2)AS  C: E Kc [K c,tgs || ID tgs || TS 2 || Lifetime 2 || Ticket tgs ] Ticket-Granting Service Echange: To obtain Service-Granting Ticket (3) C  TGS: IDv ||Ticket tgs ||Authenticatorc (4) TGS  C: E Kc [K c,¨v || IDv || TS 4 || Ticket v ] Client/Server Authentication Exhange: To Obtain Service (5) C  V: Ticket v || Authenticator c (6) V  C: E Kc,v [TS5 +1] Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

25 Overview of Kerberos Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

26 Request for Service in Another Realm Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

27 Difference Between Version 4 and 5 Encryption system dependence (V.4 DES) Internet protocol dependence Message byte ordering Ticket lifetime Authentication forwarding Interrealm authentication Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

28 Kerberos - in practice Kerberos - in practice Currently have two Kerberos versions: 4 : restricted to a single realm 5 : allows inter-realm authentication, in beta test Kerberos v5 is an Internet standard specified in RFC1510, and used by many utilities To use Kerberos: need to have a KDC on your network need to have Kerberised applications running on all participating systems major problem - US export restrictions though these have been relaxed in recent years Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.