Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Slides:



Advertisements
Similar presentations
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Advertisements

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Analysis of Key Agreement Protocols Brita Vesterås Supervisor: Chik How Tan.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:
Cryptography, Authentication and Digital Signatures
Authentication: keys, MAC, hashes, message digests, digital signatures.
Lecture 11: Strong Passwords
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
IS511 Introduction to Information Security Lecture 4 Cryptography 2
Chapter 21 Distributed System Security Copyright © 2008.
Chapter 31 Cryptography And Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.
Csci5233 computer security & integrity 1 Cryptography: an overview.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Digital Signatures, Message Digest and Authentication Week-9.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Cryptography: Digital Signatures Message Digests Authentication
1 Normal executable Infected executable Sequence of program instructions Entry Original program Entry Jump Replication and payload Viruses.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Computer and Network Security - Message Digests, Kerberos, PKI –
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Replay Attacks.
Network Security Celia Li Computer Science and Engineering York University.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
1 Network Security Maaz bin ahmad.. 2 Outline Attacks, services and mechanisms Security attacks Security services Security Mechanisms A model for Internetwork.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Computer Communication & Networks
Secure Sockets Layer (SSL)
Cryptographic Hash Function
CS480 Cryptography and Information Security
Presentation transcript:

Alexander Potapov

 Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way authentication protocol attack  The Diffie-Hellman key exchange attack  Authentication protocol using a KDC

 Authentication deals with the question of whether you are actually communicating with a specific process.  Authorization is concerned with what that process is permitted to do.

 Authentication deals with the question of whether you are actually communicating with a specific process.  Authorization is concerned with what that process is permitted to do. Example:  Is this actually Scott's process (authentication)?  Is Scott allowed to delete this file (authorization)? Scott Server Delete file Request

 Existing cryptographic keys  Method of session key generation

 The principals already share a secret key  An off-line server is used. Principals possess certified public keys  An on-line server is used. Each principal shares a key with a trusted server

 The principals already share a secret key  An off-line server is used. Principals possess certified public keys  An on-line server is used. Each principal shares a key with a trusted server

 The principals already share a secret key  An off-line server is used. Principals possess certified public keys  An on-line server is used. Each principal shares a key with a trusted server

 A key transport protocol  A key agreement protocol One of the principals generates the key and this key is then transferred to all protocol users (K s in this example)

 A key transport protocol  A key agreement protocol Session key is a function of inputs by all protocol users

 Confidentiality  Data integrity  Data origin authentication  Non-repudiation Ensures that data is only available to those authorised to obtain it. Usually achieved through encryption/decryption.

 Confidentiality  Data integrity  Data origin authentication  Non-repudiation Ensures that data has not been altered by unauthorised entities. Usually achieved: Use of hash functions in combination with encryption Use of message authentication code to create a separate check field

 Confidentiality  Data integrity  Data origin authentication  Non-repudiation Guarantees the origin of data. Normally achieved by the same mechanisms like we have in data integrity.

 Confidentiality  Data integrity  Data origin authentication  Non-repudiation Ensures that entities cannot deny sending data that they have committed to. Typically provided using a digital signature mechanism.

 Timestamps  Nonces (random challenges)  Counters User of the session key should be able to verify that key is new and not replayed from old sessions. On recipients side if message is within an acceptable window of the current time then the message is regarded as fresh.

 Timestamps  Nonces (random challenges)  Counters User of the session key should be able to verify that key is new and not replayed from old sessions. The message is fresh because the message cannot have been formed before the nonce was generated.

 Timestamps  Nonces (random challenges)  Counters User of the session key should be able to verify that key is new and not replayed from old sessions. The sender and recipient maintain a synchronized counter whose value is sent with the message and then incremented.

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary captures the information sent in the protocol Eavesdropping

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary alters the information sent in the protocol Modification

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary records information seen in the protocol and then sends it to the same, or a different, principal, possibly during a later protocol run Replay

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary engages in a run of the protocol prior to a run by the legitimate principals Preplay

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary sends protocol message back to the principal who sent them Reflection

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary prevents or hinders legitimate principals from completing the protocol Denial of service

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary replaces a protocol message field of one type with a message field of another type Typing attacks

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary gains some useful leverage from the protocol to help in cryptanalysis Cryptanalysis

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary chooses or modifies certificate information to attack one or more protocol runs Certificate manipulation

 Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary chooses a new protocol to interact with a known protocol Protocol interaction

A, B are the identities of Alice and Bob. R i - the challenge, where the subscript identifies the challenger. K i - are keys, where i indicates the owner.

Second session is opened (message 3), supplying the R B taken from message 2. Bob encrypts it and sends back K AB (R B ) in message 4.

Both HMACs include values chosen by the sending party, something which Trudy cannot control. HMAC – hashed message authentication code Data structured is hashed into the HMAC, for example using SHA-1. Based on received information, Alice can compute the HMAC herself.

n and g are two agreed large numbers x and y are large (say, 512-bit) private numbers generated by both sides The trouble is, given only g mod n, it is hard to find x. All currently- known algorithms simply take too long, even on massively parallel supercomputers. x

Alice thinks she is talking to Bob so she establishes a session key (with Trudy). So does Bob. Every message that Alice sends on the encrypted session is captured by Trudy, stored, modified if desired, and then (optionally) passed on to Bob. Similarly, in the other direction.

KDC - Key distribution center K s - generated session key By snooping on the network, Trudy copies message 2 and the money-transfer request that follows it. Later, she replays both of them to Bob.

½ messages – ticket request (R A assures that message 2 is fresh, and not a replay) Message 4 - Bob sends back it to prove to Alice that she is talking to the real Bob

Protocols for authentication and key establishment Colin Boyd, Anish Mathuria Computer networks Andrew S. Tanenbaum