Lecture 4.2: Key Distribution CS 436/636/736 Spring 2014 Nitesh Saxena.

Slides:



Advertisements
Similar presentations
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Advertisements

Chapter 10 Real world security protocols
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Lecture 4: Cryptography III; Security CS 336/536: Computer Network Security Fall 2013 Nitesh Saxena.
Lecture 4: Hash Functions, Message Authentication and Key Distribution CS 392/6813: Computer Security Fall 2008 Nitesh Saxena *Adopted from Previous Lectures.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Lecture 23 Internet Authentication Applications
Chapter 5 Network Security Protocols in Practice Part I
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
CMSC 414 Computer (and Network) Security Lecture 15 Jonathan Katz.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 9: Using and Managing Keys Security+ Guide to Network Security Fundamentals Second Edition.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Unit 1: Protection and Security for Grid Computing Part 2
Configuring Directory Certificate Services Lesson 13.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Chapter 21 Distributed System Security Copyright © 2008.
Module 9: Fundamentals of Securing Network Communication.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.
Authentication 3: On The Internet. 2 Readings URL attacks
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
Lecture 6.2: Protocols - Authentication and Key Exchange II CS 436/636/736 Spring 2012 Nitesh Saxena.
Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Protocols for public-key management. Key management –two problems Distribution of public keys (for public- key cryptography) Distribution of secret keys.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.
Lecture 6.1: Protocols - Authentication and Key Exchange I CS 436/636/736 Spring 2012 Nitesh Saxena.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Lecture 4: Cryptography III; Security CS 336/536: Computer Network Security Fall 2014 Nitesh Saxena.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Computer and Network Security - Message Digests, Kerberos, PKI –
Lecture 5.1: Message Authentication Codes, and Key Distribution
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Computer Communication & Networks
Cryptography and Network Security
Lecture 4.2: Key Distribution
Authentication Applications
Lecture 6.1: Protocols - Authentication and Key Exchange I
Presentation transcript:

Lecture 4.2: Key Distribution CS 436/636/736 Spring 2014 Nitesh Saxena

Fun/Informative Bit: Brain Study to Measure Security Behavior Read More 8/27/2015 Lecture 4.2: Key Distribution 2

Course Administration HW2 was just due We will start grading soon Give out solution soon 8/27/ Lecture 4.2: Key Distribution

Course Administration Mid-Term Exam – On March 13 (Thursday) – In class, from 5pm-7pm Covers lectures up to lectures 4.* (Mar 6) In-class review today Strictly closed-book (no cheat-sheets are allowed) Study topic list provided A sample exam will be provided as we near the exam date 8/27/ Lecture 4.2: Key Distribution

Course Administration Extended office hours for Mid-Term – Will 8/27/ Lecture 4.2: Key Distribution

Outline of Today’s lecture Key Distribution Introduction Protocol for private key distribution Kerberos: Real-world system Public Key distribution 8/27/ Lecture 4.2: Key Distribution

Some questions from last time Can OTP make for a good MAC? Can H(K||m) make for a good MAC? Does HMAC provide non-repudiation? 8/27/ Lecture 4.2: Key Distribution

Key Distribution Cryptographic primitives seen so far assume – In private key setting: Alice and Bob share a secret key which is unknown to Oscar. – In public key setting: Alice has a “trusted” (or authenticated) copy of Bob’s public key. But how does this happen in the first place? Alice and Bob meet and exchange key(s) Not always practical or possible. We need key distribution, first and foremost! Idea: make use of a trusted third party (TTP) 8/27/ Lecture 4.2: Key Distribution

“Private Key” Distribution: an attempt Protocol assumes that Alice and Bob share a session key K A and K B with a Key Distribution Center (KDC). – Alice calls Trent (Trusted KDC) and requests a session key to communicate with Bob. – Trent generates random session key K and sends E K A (K) to Alice and E K B (K) to Bob. – Alice and Bob decrypt with K A and K B respectively to get K. This is a key distribution protocol. Susceptible to replay attack! 9

Session Key Exchange with KDC – Needham- Schroeder Protocol A -> KDC ID A || ID B || N 1 (Hello, I am Alice, I want to talk to Bob, I need a session Key and here is a random nonce identifying this request) KDC -> A E K A ( K || ID B || N 1 || E K B (K || ID A )) Encrypted(Here is a key, for you to talk to Bob as per your request N 1 and also an envelope to Bob containing the same key) A -> B E K B (K || ID A ) (I would like to talk using key in envelope sent by KDC) B -> A E K (N 2 ) (OK Alice, But can you prove to me that you are indeed Alice and know the key?) A -> B E K (f(N 2 )) (Sure I can!) Dennig-Sacco (replay) attack on the protocol 8/27/ Lecture 4.2: Key Distribution

Session Key Exchange with KDC – Needham- Schroeder Protocol (corrected version with mutual authentication) A -> KDC: ID A || ID B || N 1 (Hello, I am Alice, I want to talk to Bob, I need a session Key and here is a random nonce identifying this request) KDC -> A: E K A ( K || ID B || N 1 || E K B (TS1, K || ID A )) Encrypted(Here is a key, for you to talk to Bob as per your request N 1 and also an envelope to Bob containing the same key) A -> B: E K (TS2), E K B (TS1, K || ID A ) (I would like to talk using key in envelope sent by KDC; here is an authenticator) B -> A: E K (TS2+1) (OK Alice, here is a proof that I am really Bob) 8/27/ Lecture 4.2: Key Distribution

Kerberos - Goals Security – Next slide. Reliability Transparency – Minimum modification to existing network applications. Scalability – Modular distributed architecture. 8/27/ Lecture 4.2: Key Distribution

Kerberos – Security Goals No cleartext passwords over network. No cleartext passwords stored on servers. Minimum exposure of client and server keys. Compromise of a session should only affect that session Require password only at login. 8/27/ Lecture 4.2: Key Distribution

Kerberos - Assumptions Global clock. There is a way to distribute authorization data. – Kerberos provides authentication and not authorization. 8/27/ Lecture 4.2: Key Distribution

Kerberos Key Distribution (1) JoeKDC I would like to Talk to the File Server KDC Step 1 Joe to KDC Step 2 KDC Session key for User Session key for service 8/27/ Lecture 4.2: Key Distribution

Kerberos Key Distribution (2) Step 3 KDC Session Key for Joe Dear Joe, This key for File server Box 1 Locked With Joe’s key Session Key for File server Dear File server, This key for Use with Joe Box 2 Locked With File Server’s key JoeKDC Step 4 KDC to Joe Box 1Box 2 8/27/ Lecture 4.2: Key Distribution

Kerberos Key Distribution (3) Dear Joe, This key for File server Opened Box 1 Session Key for File server Dear File server, This key for Use with Joe Box 2 Locked With File Server’s key Step 5 Joe Step 6 Joe Session Key for File server Dear File server, This key for Use with Joe Box 2 Locked With File Server’s key Dear File server, The time is 3:40 pm Box 3 Locked With Session key 8/27/ Lecture 4.2: Key Distribution

Kerberos Key Distribution (4) Joe File Server Step 7 Joe to File server Box 2Box 3 Step 8 File server Dear File server, This key for Use with Joe Unlocked Box 2 Dear File server, The time is 3:40 pm Unlocked Box 3 8/27/ Lecture 4.2: Key Distribution

Kerberos Key Distribution (5) For mutual authentication, file server can create box 4 with time stamp and encrypt with session key and send to Joe. Box 2 is called ticket. KDC issues ticket only after authenticating password To avoid entering passwords every time access needed, KDC split into two – authenticating server and ticket granting server. 8/27/ Lecture 4.2: Key Distribution

Kerberos– One Slide Overview 8/27/

Version 4 Summary 8/27/ Lecture 4.2: Key Distribution

Kerberos - Limitations Every network service must be individually modified for use with Kerberos. Requires a global clock Requires secure Kerberos server. Requires continuously available or online server. 8/27/ Lecture 4.2: Key Distribution

Further Reading Stallings Chapter 15 HAC Chapter 12 8/27/ Lecture 4.2: Key Distribution

Some questions Can a KDC learn communication between Alice and Bob, to whom it issued keys? What if the KDC server is down or congested? What if the KDC server is compromised? 8/27/ Lecture 4.2: Key Distribution

Public Key Distribution Public announcements (such as ) – Can be forged Public directory – Can be tampered with Public-key certification authority (CA) (such as verisign) – This is what we use in practice – CA issues certificates to the users 25 8/27/2015 Lecture 4.2: Key Distribution

Naming and Certificates Certification authority’s vouch for the identity of an entity - Distinguished Names (DN). /O=UAB/OU=CIS/CN=Nitesh Saxena – Although CN may be same, DN is different. Policies of certification – Authentication policy What level of authentication is required to identify the principal. – Issuance policy Given the identity of principal will the CA issue a certificate? 26 8/27/2015 Lecture 4.2: Key Distribution

Types of Certificates CA’s vouch at some level the identity of the principal. Example – Verisign: – Class 1 – address – Class 2 – Name and address verified through database. – Class 3- Background check. 27 8/27/2015 Lecture 4.2: Key Distribution

Public Key Certificate Public Key Certificate – Signed messages specifying a name (identity) and the corresponding public key. Signed by whom – Certification Authority (CA), an organization that issues public key certificates. We assume that everyone is in possession of a trusted copy of the CA’s public key. CA could be – Internal CA. – Outsourced CA. – Trusted Third-Party CA. 28 8/27/2015 Lecture 4.2: Key Distribution

Public Key Certificate 29 Note: Mechanism of certification and content of certificate, will vary but at the minimum we have verification and contains ID and Public Key. 8/27/2015 Lecture 4.2: Key Distribution

Certificate Verification/Validation 30 8/27/2015 Lecture 4.2: Key Distribution

Certificate Revocation CA also needs some mechanism to revoke certificates – Private key compromised. – CA mistake in issuing certificate. – Particular service the certificate grants access to may no longer exist. – CA compromised. Expiration time solves the problems only partially. Certification Revocation Lists (CRL) – a list of every certificate that has been revoked but not expired. – CRL’s quickly grow large! CRL’s distributed periodically. – What about time period between revocation and distribution of CRL? Other mechanisms – OCSP (online certificate status protocol) 31 8/27/2015 Lecture 4.2: Key Distribution

X.509 Clearly, there is a need for standardization – X.509. Originally 1988, revised 93 and 95. X.509 is part of X.500 series that defines a directory service. Defines a framework for authentication services by X.500 directory to its users. Used in S/MIME, IPSEC, SSL etc. Does not dictate use of specific algorithm (recommends RSA). 32 8/27/2015 Lecture 4.2: Key Distribution

X.509 Certificate 33 8/27/2015 Lecture 4.2: Key Distribution

Advantages of CA Over KDC CA does not need to be on-line all the time! CA can be very simple computing device. If CA crashes, life goes on (except CRL). Certificates can be stored in an insecure manner!! Compromised CA cannot decrypt messages. Scales well. 34 8/27/2015 Lecture 4.2: Key Distribution

Internet Certificate Hierarchy 35 Internet Policy Registration Authority Policy Certification Authorities Certification Authority Individuals/roles/orgs. 8/27/2015 Lecture 4.2: Key Distribution

Types of certificates Organizational Certificates Principal’s affiliation with an organization Residential certificates Principal’s affiliation with an address Persona Certificates Principal’s Identity Principal need not be a person. It could be a role. 36 8/27/2015 Lecture 4.2: Key Distribution

Public-key Infrastructure (PKI) Combination of digital certificates, public-key cryptography, and certificate authorities. A typical enterprise's PKI encompasses – issuance of digital certificates to users and servers – end-user enrollment software – integration with corporate certificate directories – tools for managing, renewing, and revoking certificates; and related services and support Verisign, Thawte and Entrust – PKI providers. Your own PKI using Mozilla/Microsoft certificate servers 37 8/27/2015 Lecture 4.2: Key Distribution

Problems with PKI – Private Key Where and how is private key stored? – Host – encrypted with pass phrase – Host – encrypted by OS or application – Smart Card Assumes secure host or tamper proof smartcard. 38 8/27/2015 Lecture 4.2: Key Distribution

Problems with PKI - Conflicts X.509, and PGP remain silent on conflicts. They assume CA’s will ensure that no conflicts arise. But in practice conflicts may exist – – John A. Smith and John B. Smith may live at the same address. 39 8/27/2015 Lecture 4.2: Key Distribution

Trustworthiness of Issuer A certificate is the binding of an external identity to a cryptographic key and a distinguished name. If the issuer can be fooled, all who rely upon the certificate can be fooled  How do you trust CA from country XYZ (your favorite prejudice). 40 8/27/2015 Lecture 4.2: Key Distribution

Further Reading Kerberos RFC: RFC-1510 X.509 page charter.html charter.html Ten Risks of PKI /27/2015 Lecture 4.2: Key Distribution

Some questions Can a KDC learn communication between Alice and Bob, to whom it issued keys? Can a CA learn communication between Alice and Bob, to whom it issued certificates? What happens if the CA is online all the time? Alice uses her private key, public key pairs and a CA issued certificate. She learnt that Eve might have leaned her key. What should she do? 42 8/27/2015 Lecture 4.2: Key Distribution

Some Questions Sometimes when you access an https web- site, you get a security warning. What is that warning for? Sometimes when you connect to an SSH server, you get a security warning. What is that warning for? What is a self-signed certificate? 43 8/27/2015 Lecture 4.2: Key Distribution

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.