EMBEDDED SECURITY EEN 417 Fall 2013 9/6/13, Dr. Eric Rozier, V1.0, ECE Thanks to Edward Lee and Sanjit Seshia of UC Berkeley.

Slides:



Advertisements
Similar presentations
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Advertisements

Lecture 6 User Authentication (cont)
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.
It’s always better live. MSDN Events Security Best Practices Part 2 of 2 Reducing Vulnerabilities using Visual Studio 2008.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
A New Two-Server Approach for Authentication with Short Secrets John Brainard, Ari Juels,Burt Kaliski and Michael Szydlo RSA Laboratories To appear in.
CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 10 Authenticating Users By Whitman, Mattord, & Austin© 2008 Course Technology.
Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.
Authentication System
Strong Password Protocols
Authentication Approaches over Internet Jia Li
Chapter 10: Authentication Guide to Computer Network Security.
Csci5233 Computer Security1 Bishop: Chapter 12 Authentication.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Lecture 11: Strong Passwords
Le Trong Ngoc Security Fundamentals Entity Authentication Mechanisms 4/2011.
Lecture 19 Page 1 CS 111 Online Authentication for Operating Systems What is authentication? How does the problem apply to operating systems? Techniques.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Cisco’s Secure Access Control Server (ACS)
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
CSCE 522 Identification and Authentication. CSCE Farkas2Reading Reading for this lecture: Required: – Pfleeger: Ch. 4.5, Ch. 4.3 Kerberos – An Introduction.
1 Lect. 20. Identification. 2  Entity Authentication (Identification) Over the communication network, one party, Alice, shows to another party, Bob,
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.
Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Pertemuan #9 Security in Practice Kuliah Pengaman Jaringan.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.
Authentication Lesson Introduction ●Understand the importance of authentication ●Learn how authentication can be implemented ●Understand threats to authentication.
Authentication What you know? What you have? What you are?
King Mongkut’s University of Technology Network Security 8. Password Authentication Methods Prof. Reuven Aviv, Jan Password Authentication1.
Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.
COEN 351 Authentication. Authentication is based on What you know Passwords, Pins, Answers to questions, … What you have (Physical) keys, tokens, smart-card.
1 Authentication Protocols Rocky K. C. Chang 9 March 2007.
CSCE 201 Identification and Authentication Fall 2015.
Chapter 12: Authentication Basics Passwords Challenge-Response Biometrics Location Multiple Methods Computer Security: Art and Science © Matt.
My topic is…………. - It is the fundamental building block and the primary lines of defense in computer security. - It is a basic for access control and.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Host and Application Security Lesson 8: You are you… mostly.
Dr. Nermin Hamza.  Attacks:  Traffic Analysis : traffic analysis occurs when an eavesdroppers observes message traffic on network. Not understand the.
Intrusion Resilience via the Bounded-Storage Model Stefan Dziembowski Warsaw University and CNR Pisa.
7/10/20161 Computer Security Protection in general purpose Operating Systems.
پروتكلهاي احرازاصالت Authentication protocols
SSH: SECURE LOGIN CONNECTIONS OVER THE INTERNET
Strong Password Authentication Protocols
Exercise: Password Auditing
Computer Security Authentication
Computer Security Protection in general purpose Operating Systems
COEN 351 Authentication.
Presentation transcript:

EMBEDDED SECURITY EEN 417 Fall /6/13, Dr. Eric Rozier, V1.0, ECE Thanks to Edward Lee and Sanjit Seshia of UC Berkeley

SECURITY

What is Security? Compare with: –Reliability = the fraction of time that a system performs its specified function for a specified period of time under stated operating conditions ) What’s different: New kinds of functions Worst-case adversarial conditions

What is Security? Secrecy/Privacy Can secret data be leaked to an attacker? Integrity Can the system be modified by the attacker? Availability Is the system always able to perform its function? (Is “denial-of-service” possible?)

About this Lecture Security is increasingly a major concern for embedded systems designers  Voiced by representatives from GM, Boeing, and United Technologies in recent workshop in St. Louis Need to know about the security pitfalls in design & implementation of embedded systems Security is a full topic, we can’t do it justice in this course. EEN 595 – Computer Security – Dr. Zonouz

Authentication For a user/process – Establish and verify identity – Make access control decisions For a data stream – Validate integrity – Has it been modified by an untrusted actor?

General Process Get authentication information Validate Set access control restrictions Allow access

Authentication Three factors – Something you have Key, card – Something you know Password – Something you are Biometrics

Multi-Factor Authentication Factors can be combined – ATM system: 2-factor ATM card PIN

Password Authentication Protocol Reusable passwords Database stores mappings – Username:password Prompt client for key value pair – Look up in the database and see if they match

Challenge-Handshake Authentication Protocol Shared secret Hash of challenge and secret proves knowledge of the shared secret. Server Client Challenge Hash(Challenge, Secret) OK

Problems with PAP What if the password file has insufficient protections? Even if trusted sources see your password, it may be the key to several systems! – Hash passwords – Use salt on hashes to prevent dictionary attacks

Another Solution One-time passwords – What if the user had a different password each time? – Generate a list of passwords!

Another Solution One-time passwords – What if the user had a different password each time? – Generate a list of passwords! Produces a limited number of authenticated sessions Relies on one-way functions

One time passwords Alice wants to get into Wonderland Wonderland isn’t happy with reusable passwords. Pick a random number, R and a one-way function f(x) – x1 = f(R) – x2 = f(x1) = f(f(R)) – … – x100 = f(x99) = f(f(x98)) = …

One time passwords Store x101 in a database for Alice Alice presents the last number on her list, x100. Host computes and compares to x101. Next time Alice gives x99. Why do it this way?

RSA SecureID

Ask for password (something you know) Ask for RSA SecureID value (something you have)

RSA SecureID Token computes key – Time of day – Known seed (shared secret!) Server knows token given a user – Computers key from seed and time of day

RSA SecureID f(seed, PIN, time) Intruders lack: seed, f(), PIN Stealing card, or PIN isn’t enough

More in Laboratory 1!