CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.

Slides:



Advertisements
Similar presentations
AUTHENTICATION AND KEY DISTRIBUTION
Advertisements

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Lecture 10: Mediated Authentication
Chapter 14 – Authentication Applications
SCSC 455 Computer Security
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
Systematic Design of a Family of Attack Resistant Authentication Protocols By:- Ray Bird, I Gopal, Amir Herzberg, Philippe A Jnason, Shay Kutten, Refik.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Authentication & Kerberos
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
CSE331: Introduction to Networks and Security Lectures 26 & 27 Fall 2002.
CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.
Security in Wireless LAN Layla Pezeshkmehr CS 265 Fall 2003-SJSU Dr.Mark Stamp.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:
Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
Chapter 21 Distributed System Security Copyright © 2008.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Lecture 6.1: Protocols - Authentication and Key Exchange I CS 436/636/736 Spring 2012 Nitesh Saxena.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.
Authenticated Key Exchange I. Definitions I. MAP I. matching conversations II. oracles II. (I)KA II. AKEP2 III. AKEP2 Security I. Session Keys II. Perfect.
CIS/TCOM 551 Computer and Network Security Slide Set 5 Carl A. Gunter Spring 2004.
Replay Attacks.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
1 Example security systems n Kerberos n Secure shell.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
1 Authentication Celia Li Computer Science and Engineering York University.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Computer Communication & Networks
پروتكلهاي احرازاصالت Authentication protocols
Presentation transcript:

CSE331: Introduction to Networks and Security Lecture 24 Fall 2002

CSE331 Fall Announcements Class is cancelled on Wednesday (Nov. 6 th ) Prof. Zdancewic will be out of town until Nov. 14 th –Should be available by (sporadically) Project 3 is due on Nov. 18 th

CSE331 Fall Recap Authentication –Passwords & Human Authentication Today –Machine Authentication Protocols

CSE331 Fall Aim For honest parties, the claimant A is able to authenticate itself to the verifier B. That is, B will complete the protocol having accepted A’s identity. Alice Bart

CSE331 Fall Threats Transferability: B cannot reuse an identification exchange with A to successfully impersonate A to a third party C. Impersonation: The probability is negligible that a party C distinct from A can carry out the protocol in the role of A and cause B to accept it as having A’s identity.

CSE331 Fall Assumptions A large number of previous authentications between A and B may have been observed. The adversary C has participated in previous protocol executions with A and/or B. Multiple instances of the protocol, possibly instantiated by C, may be run simultaneously.

CSE331 Fall Attacks Not Addressed Identification affirms that communication with the expected party occurred at a given point in time. Two active attacks are not addressed: –Usurpation: The session beginning with the identification is “usurped” by the attacker as a man-in-the-middle. –Grand Master Postal Attack Problem: A man-in- the-middle relays messages between two parties without changing them. (End-to-end authentication, not hop-by-hop)

CSE331 Fall Challenge-Response Background. –Random numbers (nonces). –Sequence numbers. –Timestamps. Symmetric keys. –With timestamps or random numbers. Asymmetric keys. –With encryption or signature.

CSE331 Fall Replay Replay: the threat in which a transmission is observed by an eavesdropper who subsequently reuses it as part of a protocol, possibly to impersonate the original sender. –Example: Monitor the first part of a telnet session to obtain a sequence of transmissions sufficient to get a log-in. Three strategies for defeating replay attacks –Nonces –Timestamps –Sequence numbers.

CSE331 Fall Nonces: Random Numbers Nonce: A number chosen at random from a range of possible values. –Each generated nonce is valid only once. In a challenge-response protocol nonces are used as follows. –The verifier chooses a (new) random number and provides it to the claimant. –The claimant performs an operation on it showing knowledge of a secret. –This information is bound inseparable to the random number and returned to the verifier for examination. –A timeout period is used to ensure “freshness”.

CSE331 Fall Time Stamps The claimant sends a message with a timestamp. The verifier checks that it falls within an acceptance window of time. The last timestamp received is held, and identification requests with older timestamps are ignored. Good only if clock synchronization is close enough for acceptance window.

CSE331 Fall Sequence Numbers Sequence numbers provide a sequential or monotonic counter on messages. If a message is replayed and the original message was received, the replay will have an old or too-small sequence number and be discarded. Cannot detect forced delay. Difficult to maintain when there are system failures.

CSE331 Fall Unilateral Symmetric Key Unilateral authentication with timestamp generated by A. –A&B have synchronized clocks –B accepts only in certain time window Unilateral authentication with nonce. K AB {t, B} n K AB {n, B}

CSE331 Fall Mutual Symmetric Key Using Nonces: nBnB K AB {n A, n B, B} K AB {n A, A}

15 Passkey Systems F S PIN A Display Claimant AVerifier B e y Challenge Generator Login Request Passcode Generator F Secret Database Compare ( challenge ) ( response ) PIN S

CSE331 Fall Unilateral Public Key Decryption Encryption under A’s public key is K A {-}: –The witness H(n) shows knowledge of n and prevents chosen plaintext attacks on EA. H(n), B, K A {n,B} n

CSE331 Fall Mutual Public Key Decryption Exchange nonces K B {n A, A} K A {n A, n B } nBnB

CSE331 Fall Unilateral Digital Signatures S A {M} is A’s signature on message M. Unilateral authentication with timestamps: Unilateral authentication with random numbers: The n A prevents chosen plaintext attacks. t, B, S A {t, B} n A, B, S A {n A, n B, B} nBnB

CSE331 Fall Mutual Digital Signatures Using random numbers. nBnB n A, B, S A {n A, n B, B} A, S B {n A, n B, A}

CSE331 Fall Primary Attacks Replay. Interleaving. Reflection. Forced delay. Chosen plaintext.

CSE331 Fall Primary Controls Replay: –use of challenge-response techniques –embed target identity in response. Interleaving –link messages in a session with chained nonces. Reflection: – embed identifier of target party in challenge response –use asymmetric message formats –use asymmetric keys.

CSE331 Fall Primary Controls, continued Chosen text: –embed self-chosen random numbers (“confounders”) in responses –use “zero knowledge” techniques. Forced delays: –use nonces with short timeouts –use timestamps in addition to other techniques.

CSE331 Fall Usurpation Attacks Identification protocols provide assurances corroborating the identity of an entity only at a given instant in time. Techniques to assure ongoing authenticity: –Periodic re-identification. –Tying identification to an ongoing integrity service. For example: key establishment and encryption.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.