Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

Slides:

Advertisements

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Advertisements

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Public Key Management and X.509 Certificates

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Diffie-Hellman Key Exchange

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

Chapter 13 Digital Signature

Chapter 31 Network Security

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

1 Cryptography Basics. 2 Cryptography Basic terminologies Symmetric key encryption Asymmetric key encryption Public Key Infrastructure Digital Certificates.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.

Network Security – Part 2 (Continued) Lecture Notes for May 8, 2006 V.T. Raja, Ph.D., Oregon State University.

IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

Public Key Encryption and the RSA Public Key Algorithm CSCI 5857: Encoding and Encryption.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

EE515/IS523 Think Like an Adversary Lecture 4 Crypto in a Nutshell Yongdae Kim.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

Privacy versus Authentication Confidentiality (Privacy) –Interceptors cannot read messages Authentication: proving the sender’s identity –The Problem of.

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Digital Signatures, Message Digest and Authentication Week-9.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

Lecture 2: Introduction to Cryptography

Cryptography: Digital Signatures Message Digests Authentication

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says “I am Alice” Failure scenario?? “I am Alice”

A A E E D D C C B B # Symmetric Keys = n*(n-1)/2 F F

Information Integrity and Message Digests CSCI 5857: Encoding and Encryption.

Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.

© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.

Electronic Mail Security Prepared by Dr. Lamiaa Elshenawy

Message Authentication Codes CSCI 5857: Encoding and Encryption.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

CS480 Cryptography and Information Security Huiping Guo Department of Computer Science California State University, Los Angeles 14. Digital signature.

Attacks on Public Key Encryption Algorithms

Computer Communication & Networks

Cryptographic Hash Function

NET 311 Information Security

Presentation transcript:

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption

Outline Replay attacks and solutions –Timestamps –Nonces Storing passwords –Hashing/salting passwords files Challenge-response authentication –Symmetric keys –Public keys

3 Replay Attacks Adversary records message from sender to recipient Resends message to recipient (claiming to be sender) Any signatures, digests, etc. will be correct! M = “Give Darth a $1,000 raise -- Alice” M, h(k, M)

4 Timestamp Solution Include timestamp in message –Adversary cannot alter if part of digest –Verifier can reject second message with same timestamp Problems if timestamp not accurate –Clocks not synchronized, no universal time scheme used –Example: different time zones could cause multiple legitimate messages with same timestamp! M = “Give Darth a $1,000 raise -- Alice” M | time, h(k, M | time ) Accept Reject

5 Nonce Solution Claimant generates random number not sent before Verifier keeps list of previous nonces sent by claimant If current message nonce is in that list, this is a replay previous nonces New nonce N M M | N, h(k, M | N) Alice’s previous nonces N M search

6 Nonce Solution Simpler approach for claimant: Generate random number without keeping track of whether sent before –Very unlikely to generate same number twice If current message nonce already sent, verifier can challenge by requesting another nonce Randomly generated nonce N M M | N, h(k, M | N) Alice’s previous nonces N M search Challenge if nonce already used

7 Passwords Universal method for claimant to prove identity Attacks on passwords: –Adversary may hack into password file –Adversary may try large number of common passwords

8 Hashing the Passwords Store hash of passwords instead of passwords –Can verify given password hashes to same value in file –Cannot recover user’s password from its hash (or even create one with same hash) “Even if I know h(P A ), I still can’t figure out P A ”

9 Salting the Passwords Attacker can use “possible message” attack on commonly used passwords –Hashing list of commonly used passwords –Search stolen password file for matching hash value –Tables of common passwords hashed with common algorithms (SHA-2) widely available! PasswordPassword hashed with SHA-2 hello …… “I can just search for these to find someone’s password”

Solution: “Lengthen” passwords with extra bits –“Salt” = random bits added to end, indexed to claimant –Digest = h(password + salt) Hashes no longer match precomputed tables 10 Salting the Passwords

11 Passwords and Keys Problem: How can a passphrase be converted into a binary key Solution: Use hash algorithm to convert a passphrase into a key –Convert passphrase into binary ASCII/Unicode string –Apply hash algorithm (possibly truncating to desired key size) –Has good avalanche effect (2 similar passphrases have very different hashes) … Help!

12 Challenge-Response Authentication Problem with passwords: Claimant sending a secret to the verifier –May be intercepted –May be sold Better idea: –Claimant proves know secret without sending it to verifier –Verifier asks question that can only be answered by claimant with that knowledge Challenge: One-time value sent to claimant –Random number, timestamp, nonce Response: Result of function applied to value –Function includes secret that only claimant knows Alice’s password $$$

13 Symmetric Key Challenge-Response Both Alice and Bob verifier know secret symmetric key K –Alice sends request for access –Bob sends nonce R B as challenge –Alice encrypts nonce with symmetric key K A-B –Bob decrypts with K A-B –If result is original nonce R B, then identity verified –Note that actual secret knowledge K A-B never sent! “I can’t answer the challenge unless I know K A-B ”

14 Public Key Challenge-Response Alice has public key K A and corresponding private key –Alice sends request for access –Bob encrypts nonce R B with K A and sends as challenge –Alice decrypts nonce with her private key, and sends back to Bob –If result is original nonce R B, then identity verified “I can’t answer the challenge unless I know Alice’s private key ”

15 Signature Challenge-Response Alice has public key K A and corresponding private key –Alice sends request for access –Bob sends nonce R B as challenge –Alice signs nonce with her private key, and sends back to Bob –Bob verifies signature with Alice’s public key and nonce value “I can’t answer the challenge unless I know Alice’s private key ”