Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.

Slides:



Advertisements
Similar presentations
AUTHENTICATION AND KEY DISTRIBUTION
Advertisements

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 10 Real world security protocols
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Chapter 14 – Authentication Applications
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah
Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Lecture 4: Hash Functions, Message Authentication and Key Distribution CS 392/6813: Computer Security Fall 2008 Nitesh Saxena *Adopted from Previous Lectures.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.
Slide 1 Vitaly Shmatikov CS 378 Key Establishment Pitfalls.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Lecture 4.2: Key Distribution CS 436/636/736 Spring 2014 Nitesh Saxena.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Lecture 5.3: Key Distribution: Public Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.
Netprog: Kerberos1 KERBEROS. Contents: Introduction History Components Authentication Process Strengths Weaknesses and Solutions Applications References.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.
Chapter 21 Distributed System Security Copyright © 2008.
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Kerberos. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open source or in supported commercial software.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
Lecture 6.2: Protocols - Authentication and Key Exchange II CS 436/636/736 Spring 2012 Nitesh Saxena.
Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
Lecture 4.2: Hash Functions: Design* CS 436/636/736 Spring 2012 Nitesh Saxena * some slides borrowed from Gene Tsudik.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Lecture 6.1: Protocols - Authentication and Key Exchange I CS 436/636/736 Spring 2012 Nitesh Saxena.
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
Lecture 5: Protocols - Authentication and Key Exchange CS 436/636/736 Spring 2015 Nitesh Saxena.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE Network Security Dr. Attila Altay Yavuz Authentication Protocols (I): Secure Handshake.
1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.
Lecture 5.1: Message Authentication Codes, and Key Distribution
Lecture 4.1: Hash Functions, and Message Authentication Codes CS 436/636/736 Spring 2014 Nitesh Saxena.
KERBEROS SYSTEM Kumar Madugula.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
1 Example security systems n Kerberos n Secure shell.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Lecture 4.2: Key Distribution
CSCE 715: Network Systems Security
Lecture 5: Protocols - Authentication and Key Exchange
KERBEROS.
Lecture 6.1: Protocols - Authentication and Key Exchange I
Presentation transcript:

Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena

Course Administration HW2 due – Tuesday, 11am – Feb 28 HW1 to be distributed – Please remind if I forget 11/20/ Lecture 5.2: Private Key Distribution

Course Admin Mid-Term Exam – On March 08 (Thursday) – In class, from 11am-12:15pm Covers lectures up to Feb 23 (this week) In-class review on Mar 06 (Tuesday) Strictly closed-book (no cheat-sheets are allowed) A sample exam will be provided as we near the exam date 11/20/ Lecture 5.2: Private Key Distribution

Course Admin Next Lecture will be short – I have to attend our big Security Center event /?instance_id=21 Entertain the guests at the luncheon – We will stop at 11:40am 11/20/2015 Lecture 5.2: Private Key Distribution 4

Outline of Today’s lecture Key Distribution Introduction Protocol for private key distribution Kerberos: Real-world system 11/20/ Lecture 5.2: Private Key Distribution

Some questions from last time Can OTP make for a good MAC? Can H(K||m) make for a good MAC? Does HMAC provide non-repudiation? 11/20/ Lecture 5.2: Private Key Distribution

Key Distribution Cryptographic primitives seen so far assume – In private key setting: Alice and Bob share a secret key which is unknown to Oscar. – In public key setting: Alice has a “trusted” (or authenticated) copy of Bob’s public key. But how does this happen in the first place? Alice and Bob meet and exchange key(s) Not always practical or possible. We need key distribution, first and foremost! Idea: make use of a trusted third party (TTP) 11/20/ Lecture 5.2: Private Key Distribution

“Private Key” Distribution: an attempt Protocol assumes that Alice and Bob share a session key K A and K B with a Key Distribution Center (KDC). – Alice calls Trent (Trusted KDC) and requests a session key to communicate with Bob. – Trent generates random session key K and sends E K A (K) to Alice and E K B (K) to Bob. – Alice and Bob decrypt with K A and K B respectively to get K. This is a key distribution protocol. Susceptible to replay attack! 8

Session Key Exchange with KDC – Needham- Schroeder Protocol A -> KDC ID A || ID B || N 1 (Hello, I am Alice, I want to talk to Bob, I need a session Key and here is a random nonce identifying this request) KDC -> A E K A ( K || ID B || N 1 || E K B (K || ID A )) Encrypted(Here is a key, for you to talk to Bob as per your request N 1 and also an envelope to Bob containing the same key) A -> B E K B (K || ID A ) (I would like to talk using key in envelope sent by KDC) B -> A E K (N 2 ) (OK Alice, But can you prove to me that you are indeed Alice and know the key?) A -> B E K (f(N 2 )) (Sure I can!) Dennig-Sacco (replay) attack on the protocol 11/20/ Lecture 5.2: Private Key Distribution

Session Key Exchange with KDC – Needham- Schroeder Protocol (corrected version with mutual authentication) A -> KDC: ID A || ID B || N 1 (Hello, I am Alice, I want to talk to Bob, I need a session Key and here is a random nonce identifying this request) KDC -> A: E K A ( K || ID B || N 1 || E K B (TS1, K || ID A )) Encrypted(Here is a key, for you to talk to Bob as per your request N 1 and also an envelope to Bob containing the same key) A -> B: E K (TS2), E K B (TS1, K || ID A ) (I would like to talk using key in envelope sent by KDC; here is an authenticator) B -> A: E K (TS2+1) (OK Alice, here is a proof that I am really Bob) 11/20/ Lecture 5.2: Private Key Distribution

Kerberos - Goals Security – Next slide. Reliability Transparency – Minimum modification to existing network applications. Scalability – Modular distributed architecture. 11/20/ Lecture 5.2: Private Key Distribution

Kerberos – Security Goals No cleartext passwords over network. No cleartext passwords stored on servers. Minimum exposure of client and server keys. Compromise of a session should only affect that session Require password only at login. 11/20/ Lecture 5.2: Private Key Distribution

Kerberos - Assumptions Global clock. There is a way to distribute authorization data. – Kerberos provides authentication and not authorization. 11/20/ Lecture 5.2: Private Key Distribution

Kerberos Key Distribution (1) JoeKDC I would like to Talk to the File Server KDC Step 1 Joe to KDC Step 2 KDC Session key for User Session key for service 11/20/ Lecture 5.2: Private Key Distribution

Kerberos Key Distribution (2) Step 3 KDC Session Key for Joe Dear Joe, This key for File server Box 1 Locked With Joe’s key Session Key for File server Dear File server, This key for Use with Joe Box 2 Locked With File Server’s key JoeKDC Step 4 KDC to Joe Box 1Box 2 11/20/ Lecture 5.2: Private Key Distribution

Kerberos Key Distribution (3) Dear Joe, This key for File server Opened Box 1 Session Key for File server Dear File server, This key for Use with Joe Box 2 Locked With File Server’s key Step 5 Joe Step 6 Joe Session Key for File server Dear File server, This key for Use with Joe Box 2 Locked With File Server’s key Dear File server, The time is 3:40 pm Box 3 Locked With Session key 11/20/ Lecture 5.2: Private Key Distribution

Kerberos Key Distribution (4) Joe File Server Step 7 Joe to File server Box 2Box 3 Step 8 File server Dear File server, This key for Use with Joe Unlocked Box 2 Dear File server, The time is 3:40 pm Unlocked Box 3 11/20/ Lecture 5.2: Private Key Distribution

Kerberos Key Distribution (5) For mutual authentication, file server can create box 4 with time stamp and encrypt with session key and send to Joe. Box 2 is called ticket. KDC issues ticket only after authenticating password To avoid entering passwords every time access needed, KDC split into two – authenticating server and ticket granting server. 11/20/ Lecture 5.2: Private Key Distribution

Kerberos– One Slide Overview 11/20/

Version 4 Summary 11/20/ Lecture 5.2: Private Key Distribution

Kerberos - Limitations Every network service must be individually modified for use with Kerberos. Requires a global clock Requires secure Kerberos server. Requires continuously available or online server. 11/20/ Lecture 5.2: Private Key Distribution

Further Reading Stallings Chapter 15 HAC Chapter 12 11/20/ Lecture 5.2: Private Key Distribution

Some questions Can a KDC learn communication between Alice and Bob, to whom it issued keys? What if the KDC server is down or congested? What if the KDC server is compromised? 11/20/ Lecture 5.2: Private Key Distribution

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.