Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.

Slides:



Advertisements
Similar presentations
AUTHENTICATION AND KEY DISTRIBUTION
Advertisements

Chapter 10 Real world security protocols
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Lecture 23 Internet Authentication Applications
Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution of public keys –use of public-key.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Computer Science Public Key Management Lecture 5.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Key Management and Diffie- Hellman Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 12/3/2009 INCS 741: Cryptography 12/3/20091Dr. Monther.
Lecture 23 Internet Authentication Applications modified from slides of Lawrie Brown.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.
Key Management Celia Li Computer Science and Engineering York University.
Cryptography and Network Security (CS435) Part Eight (Key Management)
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Authentication 3: On The Internet. 2 Readings URL attacks
1. 2 Overview In Exchange security is managed by assigning permissions in Active Directory Exchange objects are secured with DACL and ACEs Permissions.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
Kerberos By Robert Smithers. History of Kerberos Kerberos was created at MIT, and was named after the 3 headed guard dog of Hades in Greek mythology Cerberus.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
ECE509 Cyber Security : Concept, Theory, and Practice Key Management Spring 2014.
Kerberos Guilin Wang School of Computer Science 03 Dec
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Computer and Network Security - Message Digests, Kerberos, PKI –
Key Management. Authentication Using Public-Key Cryptography  K A +, K B + : public keys Alice Bob K B + (A, R A ) 1 2 K A + (R A, R B,K A,B ) 3 K A,B.
Protocol Analysis. CSCE Farkas 2 Cryptographic Protocols Two or more parties Communication over insecure network Cryptography used to achieve goal.
Key Management Network Systems Security Mort Anvari.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Cryptography and Network Security Chapter 10 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
1 SUBMITTED BY- PATEL KUMAR C.S.E(8 th - sem). SUBMITTED TO- Mr. DESHRAJ AHIRWAR.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
Network Security and It’s Issues
1 Authentication Celia Li Computer Science and Engineering York University.
Cryptography and Network Security
CS480 Cryptography and Information Security
Chapter 15 Key Management
Presentation transcript:

Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement

Outline Key agreement without using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol –Correction: Also discovered earlier in GCHQ, by Malcolm J. Williamson in Fall 2010/Lecture 322

Key Agreement in Symmetric Crypto For a group of N parties, every pair needs to share a different key –Needs to establish N(N-1)/2 keys Solution: Uses a central authority, a.k.a., Trusted Third Party (TTP) –Every party shares a key with a central server. –How to achieve that in an organization with many users? Fall 2010/Lecture 323

4 Needham-Schroeder Shared-Key Protocol: Use Trusted Third Party Parties: A, B, and trusted server T Setup: A and T share K AT, B and T share K BT Goal: Mutual entity authentication between A and B; key establishment Messages: A  T: A, B, N A (1) A  T: E[K AT ] (N A, B, k, E[K BT ](k,A))(2) A  B: E[K BT ] (k, A) (3) A  B: E[k] (N B ) (4) A  B: E[k] (N B -1)(5) What bad things can happen if there is no N A ? Another subtle flaw in Step 3.

Fall 2010/Lecture 325 Kerberos Implement the idea of Needham- Schroeder protocol Kerberos is a network authentication protocol Provides authentication and secure communication Relies entirely on symmetric cryptography Developed at MIT: two versions, Version 4 and Version 5 (specified as RFC1510) Used in many systems, e.g., Windows 2000 and later as default authentication protocol

Fall 2010/Lecture 326 Kerberos Overview One issue of Needham-Schroeder –Needs the key each time a client talks with a service Solution: Separates TTP into an AS and a TGT. The client authenticates to AS using a long-term shared secret and receives a TGT. –supports single sign-on Later the client can use this TGT to get additional tickets from TGS without resorting to using the shared secret. These tickets can be used to prove authentication to SS. AS = Authentication Server SS = Service Server TGS = Ticket Granting Server TGT = Ticket Granting Ticket

Fall 2010/Lecture 327 Overview of Kerberos

Fall 2010/Lecture 328 Kerberos Drawback Single point of failure: –requires online Trusted Third Party: Kerberos server Security partially depends on tight clock synchronization. Convenience requires loose clock synchronization –Use timestamp in the protocol –The default configuration requires synchronization to with 10 minutes. Useful primarily inside an organization –Does it scale to Internet? What is the main difficulty?

Fall 2010/Lecture 329 Public Keys and Trust Public Key: P A Secret key: S A Public Key: P B Secret key: S B How are public keys stored? How to obtain the public key? How does Bob know or ‘trusts’ that P A is Alice’s public key?

Fall 2010/Lecture 3210 Distribution of Public Keys Public announcement : users distribute public keys to recipients or broadcast to community at large Publicly available directory : can obtain greater security by registering keys with a public directory Both approaches have problems, and are vulnerable to forgeries

Fall 2010/Lecture 3211 Public-Key Certificates A certificate binds identity (or other information) to public key Contents digitally signed by a trusted Public-Key or Certificate Authority (CA) –Can be verified by anyone who knows the public-key authority’s public-key For Alice to send an encrypted message to Bob, obtains a certificate of Bob’s public key

Public Key Certificates Fall 2010/Lecture 3212

Fall 2010/Lecture 3213 X.509 Certificates Part of X.500 directory service standards. –Started in 1988 Defines framework for authentication services: –Defines that public keys stored as certificates in a public directory. –Certificates are issued and signed by an entity called certification authority (CA). Used by numerous applications: SSL, IPSec, SET Example: see certificates accepted by your browser

Fall 2010/Lecture 3214 How to Obtain a Certificate? Define your own CA (use openssl or Java Keytool) –Certificates unlikely to be accepted by others Obtain certificates from one of the vendors: VeriSign, Thawte, and many others

Fall 2010/Lecture 3215 CAs and Trust Certificates are trusted if signature of CA verifies Chain of CA’s can be formed, head CA is called root CA In order to verify the signature, the public key of the root CA should be obtain. TRUST is centralized (to root CA’s) and hierarchical What bad things can happen if the root CA system is compromised? How does this compare with the TTP in Needham/Schroeder protocol?

Fall 2010/Lecture 3216 Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public. K = (g b mod p) a = g ab mod p g a mod p g b mod p K = (g a mod p) b = g ab mod p Pick random, secret a Compute and send g a mod p Pick random, secret b Compute and send g b mod p

Fall 2010/Lecture 3217 Authenticated Diffie-Hellman g a mod n g b mod n g c mod n Alice computes g ac mod n and Bob computes g bc mod n !!! Is C Alice Alice’s certificate? C Alice, g a mod n, Sign Alice (g a mod n) C Bob, g b mod n, Sign Bob (g b mod n) Is C Bob Bob’s certificate?

Fall 2010/Lecture 3218 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric key part)Needham-Schroeder protocol Public Key Certificates

Fall 2010/Lecture 3219 Coming Attractions … Network Security