CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

Slides:

Advertisements

Similar presentations

COEN 350 Kerberos.

Advertisements

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

Lecture 10: Mediated Authentication

Chapter 10 Real world security protocols

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

CSC 474 Information Systems Security

Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.

COEN 350 Kerberos. Provide authentication for a user that works on a workstation. Uses secret key technology Because public key technology still had patent.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.

Computer Security Key Management

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 9 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 3 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

Slide 1 Vitaly Shmatikov CS 378 Key Establishment Pitfalls.

KerberSim CMPT 495 Fall 2004 Jerry Frederick. Project Goals Become familiar with Kerberos flow Create a simple Kerberos simulation.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.

Security protocols and their verification Mark Ryan University of Birmingham Midlands Graduate School University of Birmingham April 2005 Steve Kremer.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,

The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 3 Jonathan Katz.

Computer Communication & Networks

CMSC 414 Computer and Network Security Lecture 15

Message Security, User Authentication, and Key Management

The University of Adelaide, School of Computer Science

Protocol ap1.0: Alice says “I am Alice”

AIT 682: Network and Systems Security

Presentation transcript:

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz

Otway-Rees  A  B: N C, K A (N A, N C, Alice, Bob)  B  KDC: K A (…), K B (N B, N C, Alice, Bob) –KDC checks that N C is the same…  KDC  B: N C, K A (N A, K AB ), K B (N B, K AB )  B  A: K A (…)  A  B: K AB (timestamp) –Note: KDC already authenticated Bob

Analysis?  N C should be unpredictable, not just a nonce –Otherwise, can impersonate B to KDC Send first message: (next N C ), “garbage” B forwards to KDC along with encryption of the next N C Next time A initiates a conversation, replay previous message from B  Still uses encryption for authentication…  –Serious attack if ECB is used Replace K AB with N C

Kerberos  (May discuss in more detail later)  A  KDC: N 1, Alice, Bob  KDC  A: K A (N 1, Bob, K AB, ticket), where ticket = K B (K AB, Alice, expiration time)  A  B: ticket, K AB (time)  B  A: K AB (time+1)

Certificate authorities and PKI