Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Slides:



Advertisements
Similar presentations
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Advertisements

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications
NETWORK SECURITY.
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Kerberos versions 4 and 5 X.509 Authentication Service
Authentication & Kerberos
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Authentication 3: On The Internet. 2 Readings URL attacks
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
1 KERBEROS: AN AUTHENTICATION SERVICE FOR OPEN NETWORK SYSTEMS J. G. Steiner, C. Neuman, J. I. Schiller MIT.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.
Private key
Key Management Network Systems Security Mort Anvari.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
KERBEROS SYSTEM Kumar Madugula.
Fall 2006CS 395: Computer Security1 Key Management.
Key Management and Distribution Anand Seetharam CST 312.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
1 Example security systems n Kerberos n Secure shell.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Communication & Networks
Chapter 15 Key Management
Digital Certificates and X.509
CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9
CDK: Chapter 7 TvS: Chapter 9
Presentation transcript:

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication

2 4.1 Symmetric Key Distribution Using Symmetric Encryption Possible methods of key sharing between A and B : 1. A selects key, physically delivers to B 2. Third party C selects key, physically delivers to A and B 3. If A and B have previously shared a key, a new key could be chosen by one of them and sent to the other encrypted with the old key 4. If A and B each have an encrypted connection to a trusted third party C, C could generate the key and transmit it to A and B over the encrypted connections

3 3. If A and B have previously shared a key, a new key could be chosen by one of them and sent to the other encrypted with the old key Problem: If an attacker ever succeeds in gaining access to one key, then all subsequent keys are revealed. 4. If A and B each have an encrypted connection to a trusted third party C, C could generate the key and transmit it to A and B over the encrypted connections C is called the Key Distribution Center (KDC)

4 Key Distribution Center (KDC) uses two types of key: ► Session Key – used to protect messages between two users ► Master key – used to protect messages between a user and the KDC Master key A ↔ C Master key B ↔ C Session key A ↔ B

5 4.2 Kerberos

6 Threats: * Darth may gain access to a workstation and masquerade as legitimate user * Darth may alter the network address of a workstation, so that messages appear to come from a different workstation ( "IP address spoofing" ) * Darth may eavesdrop on an exchange and use a replay attack to gain entrance to a server or disrupt operations * Darth may masquerade as a server to legitimate clients (“phishing”) Assume a distributed collection of workstations (clients) and servers, communicating over an insecure network. Users can sit down at any workstation, but most services are restricted to specific users. Users and servers must authenticate themselves to each other securely over the insecure network.

7 Kerberos Version 4 “… makes use of DES in a rather elaborate authentication service. Viewing the protocol as a whole it is difficult to see the need for many of the elements … we build up to the full protocol by looking at several hypothetical dialogs. Each successive dialog adds additional complexity to counter security vulnerabilities revealed in the preceding dialog.”

8 Problem: No authentication of user ID C. Darth could copy message 2 or 3 and later present it to V

9 Fixes: ► User authenticates self to authentication server ► Ticket specifies user to whom it is issued ► User authenticates self to V-server, which checks user name on ticket

10 Problem: Darth could copy ticket in step 2, change ID C to ID D and present ticket to V-server, possibly from a different workstation. Fix: Encrypt ticket so that only V can read it (AS and V share a secret password); add the address of the workstation to the ticket.

11 A Simple Authentication Dialog

12 Simple Authentication Dialog

13 Strengths of the Simple Authentication Dialog: ►Ticket can be used only from the same workstation from which it was requested. ►V-server checks its decryption and that ticket is being presented to correct server by finding its own address ID V. Matching ID C in the ticket with ID C outside verifies that ticket is being used by the person who requested it. ►Ticket issued is encrypted using secret password shared between the authentication server and the V-server, so cannot be forged. ►User has to supply password to log into authentication server.

14 Problems with the Simple Authentication Dialog: Password is sent “in the clear.” User has to login to the authentication server every time (s)he needs service (mail server, print server, etc.). Darth can copy the ticket in step 2 or 3 inherit the workstation AD C and masquerade as ID C We would like to authenticate ourselves just once, when we log in, then be able to ask for tickets to access different servers as we need them. This suggests separating authentication from ticket-granting.

15 “The new service, TGS, issues tickets to users who have been authenticated to AS. Thus, the user first requests a ticket-granting ticket (Ticket tgs ) from the AS. The client module in the user workstation saves this ticket. Each time the user requires access to a new service, the client applies to the TGS, using this ticket to authenticate itself. The TGS then grants a ticket (Ticket v ) for the particular service [if the client is authorized to use that service!] The client saves each service-granting ticket and uses it to authenticate the user to a server each time a particular service is requested.” More Secure Authentication Dialog

16 More Secure Authentication Dialog Password overwritten immediately after use.

17 “Two additional problems remain.” 1. Lifetime of tickets 2. Authentication of server to client (“phishing”) Must prove that the person using the TGS ticket is the same person to whom it was issued.

18 Kerberos Version 4 Authentication Dialog Fixing problem #1 – lifetime of ticket. Must prove that the person using the TGS ticket is the same person to whom it was issued. The idea will be for the AS to provide both client and TGS with a secret piece of information (the session key) in a secure manner; when contacting the TGS the client will demonstrate knowledge of this secret information, proving that it is the unit to which the AS sent the TGS ticket. Fixing problem #2 – phishing An additional (sixth) step will be added during which the server will prove its identity by demonstrating knowledge of a secret. This will be repeated to obtain secure access to the V-server.

19

20

21

22 Two aspects: ► distribution of public keys At first thought there is no problem: just put your public key on a bulletin board! Problem: somebody else posts a key, stating it to be yours. Need a trusted third party to certify that the public key is yours, and distribute it. ► use of public-key encryption to share secret keys for symmetric cryptography. 4.3 Key Distribution Using Asymmetric Encryption The trusted third party is called a Certificate Authority, which issues Public Key Certificates (next section).

23 Fig 4.3 Public-Key Certificate Use

24 This uses a digital signature to authenticate the certificate. Figure 3.2 The certificate can then be used to facilitate other digital signatures. Alice Bob

25 Public-Key Distribution of Secret (symmetric cryptography) Keys Bob and Alice may be geographically distant – how to exchange key? ► Diffie-Hellman (but no authentication) ► use public-key encryption 1. Bob prepares a message 2. He encrypts it using symmetric algorithm, using one-time “session key” 3. He encrypts the session key with Alice’s public key 4. He attaches the encrypted session key to the encrypted message and sends both to Alice 5. Alice uses her private key to decrypt the session key (only Alice can do this) 6. Alice reverses the symmetric encryption of the message.

X.509 Certificates Kerberos achieves authentication of user without making use of public- key cryptography. X.509 uses public-key cryptography for this purpose. We used public-key certificates in the previous section Here we give details of the generation and standard form of a public-key certificate, X.509

27 Figure 4.4 X.509 Formats hash

28 “little, if any, utility” Certificate binds these two together The only encryption in the certificate hash

29

30 Characteristics of the X.509 Certificate User certificates generated by a CA have the following characteristics: ► Any user with access to the public key of the CA can verify the user public key that was certified. ► No party other than the certification authority can modify the certificate without this being detected. How do you get the CA’s public key?

31 Tools => Options => Advanced => View Certificates

32

33

34

35 Revocation of Certificate Although the certificate includes an expiration date, it may be necessary to revoke a certificate before then (eg. private key revealed). CA needs to publish periodic revocation lists. Must be signed by CA! hash

36 Reasons for Revocation of Certificates ► Confidentiality of the user’s private key has been compromised. ► The user is no longer certified by this CA ► The CA’s certificate is assumed to be compromised (CA’s private key has been released) From Peterson and Davie: “.. If all certificates had unlimited life spans, the Certificate Revocation List would always be getting longer, since you could never take a certificate off the CRL for fear that some copy of the revoked certificate might be used. However, by attaching an expiration date to a certificate when it is issued, we can limit the length of time that a revoked certificate has to stay on the CRL.”

37 End Chapter 4 Skim X.509 Version 3 Omit 4.5 Public-Key Infrastructure Omit 4.6 Federated Identity Management

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.