1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Slides:



Advertisements
Similar presentations
Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication.
Advertisements

Chapter 14 – Authentication Applications
SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Public Key Infrastructure (PKI)
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
Lecture III : Communication Security, Services & Mechanisms Internet Security: Principles & Practices John K. Zao, PhD SMIEEE National Chiao-Tung University.
Online Security Tuesday April 8, 2003 Maxence Crossley.
Public Key Management Brent Waters. Page 2 Last Time  Saw multiple one-way function candidates for sigs. OWP (AES) Discrete Log Trapdoor Permutation.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key in the first place? Solutions: Deffie-Hellman trusted key distribution.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Use of Kerberos-Issued Certificates at Fermilab Kerberos  PKI Translation Matt Crawford & Dane Skow Fermilab.
Chapter 9 Overview of Authentication System
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale CS 591 – Wireless & Network Security Lecture.
1 Key Establishment Symmetric key problem: How do two entities establish shared secret key over network? Solution: trusted key distribution center (KDC)
Key Distribution CS 470 Introduction to Applied Cryptography
Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
AQA Computing A2 © Nelson Thornes 2009 Section Unit 3 Section 6.4: Internet Security Digital Signatures and Certificates.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®
Public Key Infrastructure (X509 PKI) Presented by : Ali Fanian.
Lecture 11: Strong Passwords
© Oxford University Press 2011 DISTRIBUTED COMPUTING Sunita Mahajan Sunita Mahajan, Principal, Institute of Computer Science, MET League of Colleges, Mumbai.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Module 9: Fundamentals of Securing Network Communication.
Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.
V0.0CPSC415 Biometrics and Cryptography1 Placement of Encryption Function Lecture 3.
Who’s watching your network The Certificate Authority In a Public Key Infrastructure, the CA component is responsible for issuing certificates. A certificate.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Module 2: Introducing Windows 2000 Security. Overview Introducing Security Features in Active Directory Authenticating User Accounts Securing Access to.
Fermilab CA Infrastructure EDG CA Managers Mtg June 13, 2003.
Cryptography and Network Security Chapter 14
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Key Management and Distribution Anand Seetharam CST 312.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
INFSO-RI Enabling Grids for E-sciencE Sofia, 17 March 2009 Security, Authentication and Authorisation Mike Mineter Training, Outreach.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Key management issues in PGP
Cryptography and Network Security
CMSC 414 Computer and Network Security Lecture 15
Tutorial on Creating Certificates SSH Kerberos
Presentation transcript:

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

2 Overview 1. Passwords 2. Address based authentication 3. Key Distribution Center (KDC) 4. Certification Authorities (CAs) 5. Multiple Trust Domains 6. Session Keys 7. Delegation

3 Passwords Do not store passwords in clear. Store hashes. ⇒ Subject to offline attack Encrypt the hash storage. ⇒ Where do you keep the master key? Do not transmit passwords in clear. Use password as a key to encrypt a challenge. ⇒ Cryptographic Authentication

4 Address based Authentication /etc/hosts.equiv file in UNIX. John Smith can do on B whatever he is allowed to do on A. ⇒ Users need to have the same name on all machines. Per user.rhosts files. Lists that can access this account. Issue: Attacker can gain access to all machines Attacker can change IP addresses of machines and can access remote resources of all users on that machine. Attacker can use source route to send messages to D (from A).

5 Machine Vs Person Authentication Machines can store long secret keys. Person's password can be used to decrypt a long secret key or private key.

6 Secret Keys for an N-System Network n system need n(n-1)/2 pairs of secret keys Each system remembers n-1 keys. If a new system comes in n new key are generated. If a system leaves, n-1 keys are removed.

7 Key Distribution Center (KDC) Each node is configured with KDC's key KDC has all the keys. KDC sends a key encrypted with A's key and B's key to A. Issues:  If KDC is compromised, all systems are compromised.  KDC is single point of failure or performance bottleneck.  KDC has to be on-line all the time.

8 Certification Authorities Unsigned public keys can be tampered. Public Keys are signed by CAs ⇒ Certificates. Each system is configured with CA's public key. CA's don't have to be on-line. A compromised CA cannot decrypt conversations.

9 Certificate Revocations List (CRL) The lists are published regularly. Certificates are checked in a recent CRL. Certificate contains user's name, public key, expiration time, a serial number, and CA's signature on the content.

10 KDC in Multiple Trust Domains

11 KDC in Multiple Trust Domains(contd.) Some pairs of KDCs have a secret key Issue: Every pair of KDC needs a shared key ⇒ KDC hierarchy

12 CA’s in Multiple Domains Each CA has a certificate from the other. Alice with Boris's certificate and Boris's CA's certificate issued by Alice's CA can authenticate Boris

13 Session Keys Public key is used to exchange a secret key. Each session should start with a new secret key.

14 Delegation Authentication forwarding A signed message with time limit and details of privileges

15 Summary Passwords should not be stored or transmitted in clear ⇒ Use to generate keys Address based authentication is not safe. Key Distribution Center (KDC): Single point of failure Certification Authorities (CAs) sign public keys. Multiple Trust Domains: Hierarchy of KDCs or CAs

16 Questions!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.