Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Slides:



Advertisements
Similar presentations
Technical Presentation AIAC Group 11. System Rationale System Architecture Secure Channel Establishment Username/Password Cartão Cidadão Digital.
Advertisements

Secure Mobile IP Communication
1 CCSDS Security Architecture Key Management 13 th April 2005 Athens.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Digital Signatures and Hash Functions. Digital Signatures.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
Lesson Title: Introduction to Cryptography Dale R. Thompson Computer Science and Computer Engineering Dept. University of Arkansas
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
FIT3105 Smart card based authentication and identity management Lecture 4.
CS 239: Advanced Security Spring 04 Security in Pervasive and Ubiquitous Environments Sam Irvine
W O R L D W I D E L E A D E R I N S E C U R I N G T H E I N T E R N E T IKE Tutorial.
Hybrid Signcryption with Outsider Security
Internet Protocol Security (IPSec)
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
ASYMMETRIC CIPHERS.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
Digital Signatures Slides by Kent Seamons and Tim van der Horst Last Updated: Oct 7, 2013.
Information Security for Managers (Master MIS)
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
SYSTEM ADMINISTRATION Chapter 13 Security Protocols.
Cryptography COS 461: Computer Networks Princeton University 1.
Comparative studies on authentication and key exchange methods for wireless LAN Authors: Jun Lei, Xiaoming Fu, Dieter Hogrefe and Jianrong Tan Src:
Lesson 20-Wireless Security. Overview Introduction to wireless networks. Understanding current wireless technology. Understanding wireless security issues.
1 Lecture 14: Real-Time Communication Security real-time communication – two parties interact in real time (as opposed to delayed communication like )
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
Practices in Security Bruhadeshwar Bezawada. Key Management Set of techniques and procedures supporting the establishment and maintenance of keying relationships.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
© Synergetics Portfolio Security Aspecten.
Security Protocols and E-commerce University of Palestine Eng. Wisam Zaqoot April 2010 ITSS 4201 Internet Insurance and Information Hiding.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
ECE 454/CS 594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall.
Basic Cryptography 1. What is cryptography? Cryptography is a mathematical method of protecting information –Cryptography is part of, but not equal to,
Chapter 4 Application Level Security in Cellular Networks.
Karlstad University IP security Ge Zhang
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Doc.: IEEE /495r1 Submission July 2001 Jon Edney, NokiaSlide 1 Ad-Hoc Group Requirements Report Group met twice - total 5 hours Group size ranged.
Summary of Distributed Computing Security Yifeng Zou Georgia State University
Symmetric Cryptography, Asymmetric Cryptography, and Digital Signatures.
Cryptography Chapter 7 Part 3 Pages 812 to 833. Symmetric Cryptography Security Services – Only confidentiality, not authentication or non- repudiation.
A Quick Tour of Cryptographic Primitives Anupam Datta CMU Fall A: Foundations of Security and Privacy.
1 CCSDS Security Working Group Spring Meeting – Rome Key Management June 13 th 2006.
Potential vulnerabilities of IPsec-based VPN
IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.
Web Services Security Patterns Alex Mackman CM Group Ltd
1 Number Theory and Advanced Cryptography 9. Authentication Protocols Chih-Hung Wang Sept Part I: Introduction to Number Theory Part II: Advanced.
Network Security Celia Li Computer Science and Engineering York University.
SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.
IPSec – IP Security Protocol By Archis Raje. What is IPSec IP Security – set of extensions developed by IETF to provide privacy and authentication to.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
CIA AAA. C I A Confidentiality I A Confidentiality Integrity A.
KAIS T Comparative studies on authentication and key exchange methods for wireless LAN Jun Lei, Xiaoming Fu, Dieter Hogrefe, Jianrong Tan Computers.
Chapter eight: Authentication Protocols 2013 Term 2.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
Database Management Systems, 3ed, R. Ramakrishnan and J. Gehrke1 Database architecture and security Workshop 4.
@Yuan Xue 285: Network Security CS 285 Network Security Digital Signature Yuan Xue Fall 2012.
Authentication and handoff protocols for wireless mesh networks
Web Applications Security Cryptography 1
TASHKENT UNIVERSITY OF INFORMATION TECHNOLOGIES NAMED AFTER MUHAMMAD AL-KHWARIZMI THE SMART HOME IS A BASIC OF SMART CITIES: SECURITY AND METHODS OF.
Secure Sockets Layer (SSL)
Security Requirements
Kerberos Kerberos is an authentication protocol for trusted hosts on untrusted networks.
Lecture 36.
Lecture 36.
Presentation transcript:

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees – PFS? – Mutual authentication – Identity hiding for supplicant/end-user – No key re-use – Fast re-key – Fast handoff – Efficiency not an overarching concern: Protocol runs only 1/2^N-1 packets, on average – DOS resistance

Credentials flexibility Local security policy dictates types of credentials used by end-users Legacy authentication compatibility extremely important in market Examples: – username/password – Tokens (SecurID, etc) – X.509 certificates

Algorithms Algorithms must provide confidentiality and integrity of the authentication and key agreement. Public-key encryption/signature – RSA – ECC – DSA PFS support – D-H

Freshness Most cryptographic primitives require strong random material that is fresh. – Not a protocol issue, per se, but a design requirement nonetheless

Mutual Authentication Both sides of authentication/key agreement must be certain of identity of other party. Symmetric RSA/DSA schemes (public-keys on both sides) Asymmetric schemes – Legacy on end-user side – RSA/DSA on authenticator side

Identity hiding Important to hide end-user identity in some situations (public shared networks, for example). – DISTINCT from hiding MAC address IPSEC has gone down this road, and has much experience. Not as easy as it soundsactive attacks make it harder.

Fast rekey/fast handoff Ability to create fresh keying material without undergoing slow authentication path (requiring username/password again, for example). In mobile environments, ability to transition without re-doing initial authentication.

Efficiency CPU efficiency not a serious concern, since this protocol will be used relatively infrequently. On-the-wire efficiency may be important in low-bandwidth scenarios, but again protocol is not run that often, compared to MACsec.

DOS resistance Modern key-agreement protocols fertile ground for DOS attacks. Look to other schemes (IKE, for example) to provide guidance. No perfect anti-DOS schemes – Increase unpleasantnesss for attacker – Detect and throw away bogosity at the earliest, cheapest point in the protocol.