CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

Slides:



Advertisements
Similar presentations
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Advertisements

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 15 Jonathan Katz.
CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.
CMSC 414 Computer (and Network) Security Lecture 16 Jonathan Katz.
A simple remote user authentication scheme 1. M. S. Hwang, C. C. Lee and Y. L. Tang, “A simple remote user authentication.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
電子商務與數位生活研討會 1 Further Security Enhancement for Optimal Strong-Password Authentication Protocol Tzung-Her Chen, Gwoboa Horng, Wei-Bin Lee,Kuang-Long Lin.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Chapter 9 Overview of Authentication System
1 Pertemuan 04 Pengamanan Akses Sistem Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Georgy Melamed Eran Stiller
Authentication System
NS-H /11041 System Security. NS-H /11042 Authentication Verifying the identity of another entity Two interesting cases (for this class): –Computer.
1 Security Weakness in a Three-Party Password-Based Key Exchange Protocol Using Weil Pairing From : ePrint (August 2005) Author : Junghyun Nam, Seungjoo.
CMSC 414 Computer and Network Security Lecture 11 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Strong Password Protocols
Chapter 2. Network Security Protocols
COEN 250 Authentication. Between human and machine Between machine and machine.
Lecture 11: Strong Passwords
Authentication (ch 9~12) IT443 – Network Security Administration 1.
Key Agreement Guilin Wang School of Computer Science 12 Nov
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CIST/ETRI/ISIT/KDDI/Kyusyu Univ./NICT Joint Research Workshop on Ubiquitous Network Security 2005 Verifier-Based Password-Authenticated Key Exchange Jeong.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz
Kerberos Guilin Wang School of Computer Science 03 Dec
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Dos and Don’ts of Client Authentication on the Web Kevin Fu, Emil Sit, Kendra Smith, Nick Feamster Presented: Jesus F. Morales.
1 Authentication Protocols Rocky K. C. Chang 9 March 2007.
December 14, 2000Securely Available Credentails (SACRED) - Framework Draft 1 Securely Available Credentials (SACRED) Protocol Framework, Draft Specification.
Threshold password authentication against guessing attacks in Ad hoc networks ► Chai, Zhenchuan; Cao, Zhenfu; Lu, Rongxing ► Ad Hoc Networks Volume: 5,
Threshold password authentication against guessing attacks in Ad hoc networks Authors: Zhenchuan Chai, Zhenfu Cao, Rongxing Lu Sources: Ad Hoc Networks,
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
@Yuan Xue Authentication Protocol and System Yuan Xue.
CMSC 414 Computer and Network Security Lecture 15
Presentation transcript:

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz

Authentication  Verifying the identity of another entity –Computer authenticating to another computer –Person authenticating to a local computer –Person authenticating to a remote computer  Two issues: –How authentication information is stored (at both ends) –Authentication protocol itself

Overview  Authentication may be based on –What you know –What you have –What you are –Examples?  Mutual authentication vs. unidirectional authentication

Attack taxonomy  Passive attacks  Active attacks –Impersonation –Man-in-the-middle  Server compromise  Different attacks may be easier/more difficult in different settings

Address-based authentication  Is sometimes used (e.g., unix)  This is generally not very secure –Relatively easy to forge source addresses of network packets

Password-based protocols  Password-based authentication –Any system based on low-entropy shared secret (note: different from book definitions!)

Password selection  User selection of passwords is typically very weak –Lower entropy password makes dictionary attacks easier  Typical passwords: –Derived from account names or usernames –Dictionary words, reversed dictionary words, or small modifications of dictionary words –Etc.

Better password selection  Non-alphanumeric characters  Longer phrases  Can try to enforce good password selection…  …but these types of passwords are difficult for people to memorize and type!

From passwords to keys?  Can potentially use passwords to derive symmetric or public keys  What is the entropy of the resulting key?  Often allows off-line dictionary attacks on the password

Password-based protocols  Any password-based protocol is vulnerable to an “on-line” dictionary attack –On-line attacks can be detected and limited –How?  Any password-based protocol is vulnerable to off-line attack if server is compromised

Password-based protocols  Best: Use a password-based protocol which is secure against off-line attacks when server is not compromised –Unfortunately, this has not been the case in practice (e.g., telnet, cell phones, etc.) –This is a difficult problem!

Password storage  In the clear…  Hash of password (done correctly) –Doesn’t always achieve anything! –Makes adversary’s job harder –Potentially protects users who choose good passwords  “Salt”-ed hash of password –Makes bulk dictionary attacks harder, but no harder to attack a particular password  Centralized server stores password  Threshold password storage

Centralized password storage  Authentication storage node –Central server stores password; servers request the password to authenticate user  Auth. facilitator node –Central server stores password; servers send information from user to be authenticated by the central server  Note that central server must be authenticated!

Basic authentication protocols…  Server stores H(pw); user sends pw –“Secure” against server compromise, but not eavesdropping (or replay attacks)  Server stores pw, sends R; user sends H(pw,R) –Secure against eavesdropping, but not server compromise (or dictionary attack) –What if the user sends R also…?  Can we achieve security against both?