David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 12: Public-Key Protocols.

Slides:



Advertisements
Similar presentations
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
Advertisements

Lecture 5: Cryptographic Hashes
David Evans CS655: Programming Languages University of Virginia Computer Science Lecture 20: Total Correctness; Proof-
David Evans CS588: Cryptography University of Virginia Computer Science Lecture 17: Public-Key Protocols.
Computer Security Set of slides 5 Dr Alexei Vernitski.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Cryptology Passwords and Authentication Prof. David Singer Dept. of Mathematics Case Western Reserve University.
1 Introduction CSE 5351: Introduction to cryptography Reading assignment: Chapter 1 of Katz & Lindell.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 11: Birthday Paradoxes.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Cryptography in World War II Jefferson Institute for Lifelong Learning at UVa Spring 2006 David Evans Class 4: Modern Cryptography
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CSE331: Introduction to Networks and Security Lecture 23 Fall 2002.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
ITIS 3200: Introduction to Information Security and Privacy Dr. Weichao Wang.
CS1001 Lecture 24. Overview Encryption Encryption Artificial Intelligence Artificial Intelligence Homework 4 Homework 4.
03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.
David Evans CS150: Computer Science University of Virginia Computer Science Class 36: Public Key Crypto.
Fmdszqujpo! Encryption!. Encryption  Group Activity 1:  Take the message you were given, and create your own encryption.  You can encrypt it anyway.
Practical Techniques for Searches on Encrypted Data Yongdae Kim Written by Song, Wagner, Perrig.
Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.
Tonga Institute of Higher Education Design and Analysis of Algorithms IT 254 Lecture 9: Cryptography.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
IS 302: Information Security and Trust Week 7: User Authentication (part I) 2012.
David Evans CS588: Cryptography University of Virginia Computer Science Lecture 19: Authentication John Daugman,
CIS 450 – Network Security Chapter 8 – Password Security.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
David Evans CS200: Computer Science University of Virginia Computer Science Class 35: Cookie Monsters and Semi-Secure.
David Evans CS200: Computer Science University of Virginia Computer Science Class 35: Cookie Monsters and Semi-Secure.
Lecture 11: Strong Passwords
David Evans CS150: Computer Science University of Virginia Computer Science Class 31: Cookie Monsters and Semi-Secure.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
David Evans CS200: Computer Science University of Virginia Computer Science Class 36: Public-Key Cryptography If you want.
David Evans CS150: Computer Science University of Virginia Computer Science Lecture 35: Cookie Monsters and Semi-Secure.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Cryptography Wei Wu. Internet Threat Model Client Network Not trusted!!
ITIS 1210 Introduction to Web-Based Information Systems Chapter 50 Cryptography, Privacy, and Digital Certificates.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Password authentication Basic idea –User has a secret password –System checks password to authenticate user Issues –How is password stored? –How does system.
Network Security – Special Topic on Skype Security.
The TAOS Authentication System: Reasoning Formally About Security Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.
Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Security CS Introduction to Operating Systems.
Lecture 2: Introduction to Cryptography
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Encryption. Introduction The incredible growth of the Internet has excited businesses and consumers alike with its promise of changing the way we live.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
14-1 Last time Internet Application Security and Privacy Basics of cryptography Symmetric-key encryption.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
Cryptography and Its Algorithms Scott Chappell. What is Cryptography?  Definition: the art of writing or solving codes.
Authentication What you know? What you have? What you are?
Private key
April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading Room.
Lecture 5 Page 1 CS 236 Online More on Cryptography CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 10: Certificates and Hashes.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Department of Computer Science Chapter 5 Introduction to Cryptography Semester 1.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Lecture 11: Authenticating Authentic Authenticaters Background
Lecture 19: Proof-Carrying Code Background just got here last week
Presentation transcript:

David Evans CS588: Security and Privacy University of Virginia Computer Science Lecture 12: Public-Key Protocols

8 Oct 2001University of Virginia CS 5882 Menu Humilation-Free Matchmaking Protocol Proof Carrying Code –Plug for Amy Felty’s talk: 3:30 Today Authentication

8 Oct 2001University of Virginia CS 5883 Finding Problem Set Partners Simple way: –Ask people in the class if they want to work with you Problems: –You face rejection and ridicule if they say no Can you find partners without revealing your wishes unless they are reciprocated? –Identify people who want to work together, but don’t reveal anything about anyone’s desires to work with people who don’t want to work with them

8 Oct 2001University of Virginia CS 5884 Alice is your best match Use a Universally Trusted Third Party Alice Bob Bob would like to work with: Ron Rivest Sandra Bullock Alice Alice: Thomas Jefferson Colleen Hacker Bob MatchMaker.com

8 Oct 2001University of Virginia CS 5885 Use a Universally Trusted Third Party Bob E KU M [E KR B [“Bob would like …”]] MatchMaker.com E KU B [E KR M [“Alice”]]

8 Oct 2001University of Virginia CS 5886 HashMaker.com? Bob writes H(“I am looking for someone who wants to play with Euler’s totient function.”) on the board. No on else can tell Bob’s deepest darkest desires ( H is one-way) If someone else writes the same hash on the board, Bob has found his match How well does this work?

8 Oct 2001University of Virginia CS 5887 Untrusted Third Party Bob E H(W) [ W ] HashMatcher.com Use the hash of the wish as the encryption key so some symmetric cipher: HashMatcher can’t determine the wish Someone with the same exact wish will match exactly

8 Oct 2001University of Virginia CS 5888 Untrusted Third Party Bob E H(W) [ W ] HashMatcher.com

8 Oct 2001University of Virginia CS 5889 How can we send a message to HashMaker without it knowing who sent it? To: HashMaker From: Anonymous To: Router4 To: Router3 To: Router2 To: Router1 From: Bob

8 Oct 2001University of Virginia CS Onion Routing R5 R4 R3 R2 R1 Bob HashMatcher.com Pick n random routers, R i 1 …R i n R i k gets a message M k : E KU R ik (To: R i k+1 || M k+1 )

8 Oct 2001University of Virginia CS Onion Routing R5 R4 R3 R2 R1 Bob HashMatcher.com Pick 1 random router: R 2 Send R 2 : E KU R 2 (To: HashMatcher.com || M)

8 Oct 2001University of Virginia CS Onion Routing R5 R4 R3 R2 R1 Bob HashMatcher.com Pick 2 random routers: R 2, R 5 Send R 2 : E KU R2 [To: R5 || E KU R5 [To: HashMatcher.com || M]

8 Oct 2001University of Virginia CS Finding Problem Set Partners If Bob wants to work with Alice, he constructs W = “Alice + Bob” (all students agree to list names in this way in alphabetical order) Using onion rounting, sends HashMaker: E H(W) [ W ] Using onion rounting, queries HashMaker is there is a matching item –If so, Alice want to work with him

8 Oct 2001University of Virginia CS Problems with this Protocol Cathy could send W = “Alice + Bob” Anyone can query “ x + Bob” for all students to find out who Bob wants to work with (or who wants to work with Bob, can’t tell the difference) If Sandra B. wants to work with Bob too, how do matches reflect preferences without revealing them? Challenge Problem #2: Design a good matchmaking protocol

8 Oct 2001University of Virginia CS Proof-Carrying Code Amy Felty, University of Ottawa Foundational Proof-Carrying Code for Software Safety Today at 3:30 (right here)

8 Oct 2001University of Virginia CS Proof-Carrying Code Program Certifying Compiler Native Code Proof Code Producer Code Consumer Native CodeProof Proof Checker CPU Ok Policy

8 Oct 2001University of Virginia CS Tamper with Code Program Certifying Compiler Native Code Proof Code Producer Code Consumer Tampered CodeProof Proof Checker CPU Wily Hacker No! Policy

8 Oct 2001University of Virginia CS Tamper with Both Program Certifying Compiler Native Code Proof Code Producer Code Consumer Tampered CodeTampered Proof Proof Checker CPU No! Wily P. Hacker Ok But it means the desired property still holds! Policy

8 Oct 2001University of Virginia CS How many PCC systems in active use? Million 10 Million > 20 Million Java byte code verifier is a limited implementation of PCC: Bytecodes include extra information on typing, stack use, etc. Bytecode verifier checks it to enforce low-level code safety properties Peter Lee claims most linkers are instances of PCC also.

8 Oct 2001University of Virginia CS Authentication

8 Oct 2001University of Virginia CS How do you authenticate? Something you know –Password Something you have –SecureID, physical key Something you are –Biometrics (voiceprint, fingerprint, etc.) Decent authentication requires combination of at least 2 of these

8 Oct 2001University of Virginia CS Early Password Schemes UserIDPassword algoreinternalcombustion clintonbuddy georgewgorangers Login: algore Password: tipper Failed login. Guess again. Login does direct password lookup and comparison.

8 Oct 2001University of Virginia CS Login: algore Password: internalcombustion Terminal Trusted Subsystem Eve Login Process login sends

8 Oct 2001University of Virginia CS Authentication Problems Need to store the passwords somewhere – dangerous to rely on this being secure –Encrypt them? But then, need to hide key Need to transmit password from user to host –Use a secure line (i.e., no remote logins) –Encrypt the transmission (what key?)

8 Oct 2001University of Virginia CS Encrypted Passwords UserIDPassword algoreE (“internalcombustion”, K) clintonE (“buddy”, K) georgewE (“gorangers”, K) Hmmm.... D (E (“buddy”, K), K) = “buddy”

8 Oct 2001University of Virginia CS Hashed Passwords UserIDPassword algoreH (“internalcombustion”) clintonH (“buddy”) georgewH (“gorangers”)

8 Oct 2001University of Virginia CS Encrypted Passwords Try 1 Login: algore Password: internalcombustion Terminal Trusted Subsystem login sends <“algore”, H(“internalcombustion”)> Trusted subsystem compares to stored value.

8 Oct 2001University of Virginia CS Encrypted Passwords Try 2 Login: algore Password: internalcombustion Terminal Trusted Subsystem login sends Trusted subsystem computes H(“internalcombustion”) and compares to stored value.

8 Oct 2001University of Virginia CS First UNIX Password Scheme [Wilkes68] (recall DES was 1976) Encryption based on M-209 cipher machine (US Army WWII) Easy to invert unknown plaintext and known key, used password as key: –Instead of E K (password) used hash function E Password (0) PDP-11 could check all 5 or less letter lower-case passwords in 4 hours!

8 Oct 2001University of Virginia CS Making Brute Force Attacks Harder Use a slower encryption (hashing) algorithm –Switched to DES: H(p) = DES p (0) Even slower: run DES lots of times –UNIX uses DES p 25 (0) … DES p (DES p (DES p (DES p (0)))) Require longer passwords –DES key is only 56 bits: only uses first 7.5 characters (ASCII) –95 printable characters, 95 8 = 6.6 * 10 15

8 Oct 2001University of Virginia CS Dictionary Attacks Try a list of common passwords –All 1-4 letter words –List of common (dog) names –Words from dictionary –Phone numbers, license plates –All of the above in reverse Simple dictionary attacks retrieve most user-selected passwords Precompute H(x) for all dictionary entries

8 Oct 2001University of Virginia CS % of users are dumb Single ASCII character0.5% Two characters2% Three characters14% Four alphabetic letters14% Five same-case letters21% Six lowercase letters18% Words in dictionaries or names15% Other (possibly good passwords)14% (Morris/Thompson 79)

8 Oct 2001University of Virginia CS Making Dictionary Attacks Harder Force/convince users to pick better passwords –Test selected passwords against a known dictionary –Enforce rules on non-alphabet characters, length, etc. Don’t let attacker see the password file

8 Oct 2001University of Virginia CS Problems with User Rules Users get annoyed If you require hard to remember passwords, users write them down Attackers know the password selection rules too – reduces search space!

8 Oct 2001University of Virginia CS True Anecdote One installation: machines generated random 8-letter passwords Used PDP-11 pseudo-random number generator with 2 15 possible values Time to try all possible passwords on PDP-11: One minute! Good news: at least people don’t have to remember the 8 random letters

8 Oct 2001University of Virginia CS Everybody loves Buddy UserIDPassword algoreDES 25 internal combustion (0) clintonDES 25 buddy (0) georgewDES 25 goranger s (0) hillarycDES 25 buddy (0)

8 Oct 2001University of Virginia CS Salt of the Earth UserIDSaltPassword algore1125DES+ 25 (0, “internal”, 1125 ) clinton2437DES+ 25 (0, “buddy”, 2437) georgew932DES+ 25 (0, “goranger”, 932) hillaryc1536DES+ 25 (0, “buddy”, 1536) How much harder is the off-line dictionary attack? DES+ (m, key, salt) is DES except with salt-dependent E-tables. Salt: 12 random bits (This is the standard UNIX password scheme.)

8 Oct 2001University of Virginia CS Security of UNIX Passwords Paper by Robert Morris (Sr.) and Ken Thompson, 1979 (link on manifest) Demonstration of guessability of Unix passwords by Robert Morris, Jr. (Internet Worm, 1988) L0ftcrack breaks ALL alphanumeric passwords in under 24 hours on Pentium II/450 (Windows NT)

8 Oct 2001University of Virginia CS What about Eve? Login: algore Password: internalcombustion Terminal Trusted Subsystem login sends Trusted subsystem computes DES+ 25 (0, “internal”, 12) and compares to stored value. Eve

8 Oct 2001University of Virginia CS ssh hh hh.... Be very quiet so Eve can’t hear anything –Encrypt the communication between the terminal and the server –How? (Next class…) Stay for Amy Felty’s Talk

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.