Authentication 3: On The Internet. 2 Readings URL attacks

Slides:



Advertisements
Similar presentations
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Advertisements

Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
Chapter 10 Real world security protocols
Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications
NETWORK SECURITY.
Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
IIIT Security Workshop1 Chapter Authentication Applications ADAPTED FROM THE PRESENTATION by Henric Johnson Blekinge Institute of Technology,Sweden
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Kerberos versions 4 and 5 X.509 Authentication Service
CSCE 815 Network Security Lecture 9 Digital Signatures & Authentication Applications Kerberos February 13, 2003.
Client/Server Computing Model of computing in which very powerful personal computers (clients) are connected in a network with one or more server computers.
Security Overview Hofstra University University College for Continuing Education - Advanced Java Programming Lecturer: Engin Yalt May 24, 2006.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.
Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.
Authentication Applications
Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Authentication applications
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Information Security Depart. of Computer Science and Engineering 刘胜利 ( Liu Shengli) Tel:
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography, Authentication and Digital Signatures
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
1 Authentication Applications Behzad Akbari Fall 2010 In the Name of the Most High.
Chapter 21 Distributed System Security Copyright © 2008.
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Module 4 Network & Application Security: Kerberos – X509 Authentication service – IP security Architecture – Secure socket layer – Electronic mail security.
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
31/03/2005Authentication Applications 1 Authentication Applications: Kerberos, X.509 and Certificates REYHAN AYDOĞAN.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.
Computer Communication & Networks
Cryptography and Network Security
KERBEROS.
Authentication Applications
Kerberos and X.509 Fourth Edition by William Stallings
Authentication Applications
Presentation transcript:

Authentication 3: On The Internet

2 Readings URL attacks Web security using CGI scripts Tempest:

3 Topics URL Obscuring Kerberos X.509 Digital Certificate Standard

4 URL Obscuring Uniform Resource Locator is used to find a web site. If you are sent a URL from an untrusted source, it may be obscured in a number of ways to look like a familiar, trusted site. Characters can be put into URLs to change the meaning.

5 URL Obscuring For example, you receive an saying click on this link: You think you are going to “friendlysite”; however, means that everything before it is the username and you really go to

6 Challenges for E-Commerce Many clients want services from a number of different servers. Servers need to know that the client is who he says he is. Key concerns are confidentiality and timeliness To provide confidentiality must encrypt identification and session key info which requires the use of previously shared private or public keys Need timeliness to prevent replay attacks. Can be provided by using sequence numbers or timestamps or challenge/response

7 Kerberos Developed at MIT. Users wish to access services on many servers. Three threats exist: –User pretend to be another user. –User alter the network address of a workstation to get another’s services. –User eavesdrop on exchanges and use a replay attack to get unauthorized services.

8 Problem with CR Protocol Alice and Bob want to use a challenge-response protocol to authenticate each other. They can encrypt and decrypt message with DES and their shared key, K AB. Alice sends her identity A and a random number R A to Bob. Bob responds with the number encrypted with the key he shares with Alice, K AB {R A } along with another random number R B. Alice responds by encrypting Bob’s number K AB {R B } and sending it to Bob. If that was Eve pretending to be Alice, she has a plaintext,cypertext pair to crack the key K AB.

9 Kerberos Kerberos provides a centralized authentication server to authenticate users to servers and servers to users. Users can share password with AS, but need not be known by all servers. Relies on conventional encryption, making no use of public-key encryption. Two versions: version 4 and 5. Version 4 uses DES

10 Simplified Version Client, C, asks authentication server, AS, for a “ticket” to identify him to vendor, V. Client supplies his password which is known by AS. AS gives C a ticket which can only be read by the vendor, V. Client, C, contacts vendor,V, giving him the ticket which V accepts because he trusts AS.

11 Kerberos Terms: C = Client AS = authentication server V = server or vendor ID c = identifier of user on C ID v = identifier of V P c = password of user on C ADc = network address of C K v = secret encryption key shared by AS and V TS = timestamp || = concatenation

12 Simple Authentication Dialog (1)C  AS: ID c || P c || ID v (2)AS  C:Ticket (3)C  V: ID c || Ticket Ticket = E K v [ ID c || AD c || ID v]

13 Problems with Simple Dialog Lifetime needs to be associated with the ticket –If too short, repeatedly asked for password –If too long, greater chance of replay attack –The threat is that an opponent will steal the ticket and use it before it expires Client password sent in the clear Every time client wants to use a new service (or reuse one) he must go to AS.

14 Solution: Kerberos Version 4 Add a Ticket Granting server When client logs in at start of session/day, he gets a ticket-granting ticket (TGT) from the Authentication Server. He supplies his password once per session/day. TGT is used to get a service ticket from a Ticket Granting Server each time service is needed (read mail, get a file, use print server). Authenticator is K c,v {ID c ||AD c ||TS}

15

16 Kerberos Version 4 Authentication Service Exhange: To obtain Ticket-Granting Ticket (1)C  AS: IDc || IDtgs ||TS 1 AS  C: E Kc [K c,tgs || ID tgs || TS 2 || Lifetime 2 || Ticket tgs ] Client/Server Authentication Exhange: To Obtain Service (5) C  V: Ticket v || Authenticator c (6) V  C: EKc,v[TS5 +1] Ticket-Granting Service Echange: To obtain Service-Granting Ticket (3) C  TGS: IDv ||Ticket tgs ||Authenticatorc (4) TGS  C: E Kc [K c,¨v || IDv || TS 4 || Ticket v ] Ticket tgs = E Ktgs [K c,tgs || IDc || ADc || IDtgs || TS 2 || lifetime] Ticket v = E Kv [K c,v || IDc || ADc || IDv || TS || lifetime]

17 Kerberos in Use Currently have two Kerberos versions: 4 : restricted to a single realm 5 : allows inter-realm authentication Kerberos v5 is an Internet standard specified in RFC1510, and used by many utilities To use Kerberos: need to have Kerberised applications running on all participating systems

Digital Certificates and PKI

19 Public Key Encryption Public key cryptography solves symmetric key encryption problem of having to exchange secret key Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) Both keys are used to encrypt and decrypt message Once key is used to encrypt message, same key cannot be used to decrypt message For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it

20

21 Hash Signatures Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data Double encryption with sender’s private key (digital signature) helps ensure authenticity and nonrepudiation

22

23 Digital Envelopes Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure) Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key

24 X.509 Authentication Standard A standard for a distributed set of servers that maintains a database about users. Based on public key cryptography, digital signatures and certificates. Each certificate contains the public key of a user and is signed with the private key of a CA. Used in S/MIME, IP Security, SSL/TLS and SET. RSA is recommended.

25 X.509 A public key certificate is associated with each user in the system. Certificates are created by some trusted certification authority (CA) and placed in the directory. Any user with the public key of the CA can recover a user public key in the directory that was certified by the CA. No party other than the CA can modify the certificate without detection. Certificates are unforgeable.

26 Digital Signature Idea

27 Digital Certificate Digital document that includes:  Name of subject or company  Subject’s public key  Digital certificate serial number  Expiration date  Issuance date  Digital signature of certification authority (trusted third party (institution) that issues certificate  Other identifying information

28

29 PKI Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties. PKI applies mainly to protecting messages in transit. PKI is not effective against insider fraud. Protection of private keys by individuals may be haphazard. No guarantee that verifying computer of merchant is secure. CAs are unregulated, self-selecting organizations.

30 Certificate Revocation Each certificate has a period of validity. Usually a new certificate is issued just before the old one expires. Sometimes the certificates must be revoked before they expire: –The users secret key is assumed to be compromised. –The user is no longer certified by this CA. –The CA’s certificate is assumed to be compromised.

31 Certificate Revocation Lists Each CA maintains a list of revoked but not yet expired certificates. Each list (CRL) is signed by the CA and posted to the directory. A user who receives a certificate is responsible for checking the CRL to determine its validity.

32 Serial number is unique to a CA

33 Secure Session with SSL

34 For More Info General hacking PKI in practice Government PKI standards