Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Slides:

Advertisements

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Advertisements

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Computer Security Set of slides 5 Dr Alexei Vernitski.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

Computer Security Key Management

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Chapter 9: Key Management

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

1 Chap 1: Introduction Some background –The message is usually represented as M or P (plaintext), the encryption result is usually represented as C (ciphertext).

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Security Management.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

DNSSEC Cryptography Review Track 2 Workshop July 3, 2010 American Samoa Hervey Allen.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

Symmetric versus Asymmetric Cryptography. Why is it worth presenting cryptography? Top concern in security Fundamental knowledge in computer security.

Lecture 11: Strong Passwords

CSCD 218 : DATA COMMUNICATIONS AND NETWORKING 1

1 Chapter 9: Key Management All algorithms we have introduced are based on one assumption: keys have been distributed. But how to do that? Key generation,

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

Week 4 - Wednesday.  What did we talk about last time?  RSA algorithm.

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

Digital Signatures, Message Digest and Authentication Week-9.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.

1 Authentication Protocols Rocky K. C. Chang 9 March 2007.

CIA AAA. C I A Confidentiality I A Confidentiality Integrity A.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.

Secure HTTP (HTTPS) Pat Morin COMP 2405.

IT IS 6200/8200.

CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9

CDK: Chapter 7 TvS: Chapter 9

Chapter 29 Cryptography and Network Security

Presentation transcript:

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to protect one conversation –Long term key is used to distribute the session keys –Reduce the amount of traffic encrypted by each secret

Key exchange protocols Protocols 1: using symmetric cryptography –We assume that every node shares a key with KDC –Steps (1)Alice requests a key from KDC (2)KDC encrypts the key with Alice and Bob’s keys respectively and sends both messages to Alice (3)Alice forward Bob’s copy to Bob

Problems of protocol 1 –Alice knows both the plaintext and cipher text for Bob. It becomes a known-plaintext attack for Bob –When Alice sends a copy to Bob, how can Bob makes sure this is a fresh key or the other party is actually Alice?

Protocol 2: Using public key –We assume that everyone has a public private key pair –Steps (1)Alice generates a session key and encrypts it with Bob’s public key (2)Bob decrypts the message and gets the session key (3)Now they can talk safely

If the public keys of the nodes do not have certificate with them, they can be fake keys. And a min-in-the-middle attack can be conducted. How the min-in-the-middle attacks are conducted. How can the Interlock protocol mitigate the attack –What will be a good interlock: hash of the message, hash of the encryption result?

Man-in-the-Middle Attack AliceCathy I need Bob’s public key Eve Cathy I need Bob’s public key Eve Cathy Bob’s pub key e B Alice Bob’s pub key e E Eve Alice Bob { k s } e E Eve Bob { k s } e B Eve intercepts request Eve intercepts message

Interlock protocol (right way) AliceCathy I need Bob’s public key Eve Cathy I need Bob’s public key Eve Cathy Bob’s pub key e B Alice Bob’s pub key e E Eve Alice Bob Hash ( { msg} e E ) Eve Bob What should I send? Eve intercepts request Eve intercepts message

Interlock protocol (wrong way) AliceCathy I need Bob’s public key Eve Cathy I need Bob’s public key Eve Cathy Bob’s pub key e B Alice Bob’s pub key e E Eve Alice Bob Hash ( msg ) Eve Bob Eve intercepts request Eve intercepts message Hash ( msg )

Improvement to protocol 2: –Public keys for Alice and Bob should be protected by the certificate from a TTP

Authentication Authentication: prove that you are who you claim to be Method 1: –The system stores your password, and compares it with the characters you type in every time you login –Problem: if the attacker gets access to the file, you are cooked.

Method 2: –The system stores the hash result of the password, now if the attacker sees the hash value, it cannot recover the plaintext. –Problem: It is still not safe under dictionary attacks The system can add a random number after the password, which is called salt Public salt and private salt. Salt protects the overall system, but not specific users The same key combined with different salt will look differently in the system

Key management in some UNIX systems –don't use the shadow password files –the passwords are stored encrypted in the file /etc/passwd –Format of the stored record Account; coded password data; homedir; Gigawalt; fURfuu4.4hY0U; /home/gigawalt

Method 3: Using public-private key –The system knows the public key and the user keeps the private key –During login, the system sends a random number to user and user encrypts it with the private key –System decrypts with public key and verifies the user –Problems: Blind signature Chosen plaintext attack

Authentication Method 4: one key a time protocol –Hash chain –Unlimited one key a time system (2 possible solutions) Both sides know a secret k A knows R1, and B knows hash(k, R1) During first login, A sends R1 and hash(k, R2)