Replay Attacks.

Slides:

Advertisements

Similar presentations

IP Security have considered some application specific security mechanisms –eg. S/MIME, PGP, Kerberos, SSL/HTTPS however there are security concerns that.

Advertisements

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

Virtual Private Networks (VPNs)

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

1 Security in Wireless Protocols Bluetooth, , ZigBee.

Analysis of Direct Anonymous Attestation (DAA) Sudip Regmi Ilya Pirkin.

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Crypto – chapter 16 - noack Introduction to network stcurity Chapter 16 - Stallings.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

13.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 13 Digital Signature.

Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.

Chapter 13 Digital Signature

Research on Non-repudiation service By Yi Zhang. Motivation of Non-repudiation In paper-based business Electronic business transactions Less physical.

Chapter 31 Network Security

Chapter 3.  Chapter 1 introduced the threat environment  Chapter 2 introduced the plan-protect- respond cycle and covered the planning phase  Chapters.

Acknowledgements: William Stallings.William Stallings All rights Reserved Session 4 Public Key Cryptography (Part 2) Network Security Essentials Application.

Programming Satan’s Computer

Lecture 24 Secure Communications CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Ian Goldberg.

SYSTEM ADMINISTRATION Chapter 13 Security Protocols.

Public-key Cryptography Strengths and Weaknesses Matt Blumenthal.

Security Security is a measure of the system’s ability to protect data and information from unauthorized access while still providing access to people.

IT 221: Introduction to Information Security Principles Lecture 6:Digital Signatures and Authentication Protocols For Educational Purposes Only Revised:

1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.

Dr. L. Christofi1 Local & Metropolitan Area Networks ACOE322 Lecture 8 Network Security.

Lecture 24 Secure Communications CS 450/650 Fundamentals of Integrated Computer Security Slides are modified from Ian Goldberg.

Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.

Karlstad University IP security Ge Zhang

CMSC 414 Computer and Network Security Lecture 5 Jonathan Katz.

IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.

Digital Signatures and Authentication Protocols Chapter 13.

Encryption / Security Victor Norman IS333 / CS332 Spring 2014.

(c) Mitsubishi Electric Corp. 1 User Scenarios & Security Considerations in APPAGG part 2/ Nobuhiro Electric.

Chapter 2 Advanced Cryptography (Part C)

Security Digital Cash Onno W. Purbo

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

1 The Elements of Cryptography Chapter 7 Panko, Corporate Computer and Network Security Copyright 2004 Prentice-Hall.

Digital Signatures, Message Digest and Authentication Week-9.

1 The Elements of Cryptography Chapter 7 Copyright 2003 Prentice-Hall.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

1 CMPT 471 Networking II Authentication and Encryption © Janice Regan,

IP security Ge Zhang Packet-switched network is not Secure! The protocols were designed in the late 70s to early 80s –Very small network.

PGP & IP Security  Pretty Good Privacy – PGP Pretty Good Privacy  IP Security. IP Security.

IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.

Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.

Network Security Introduction

INTRODUCTION TO COMPUTER & NETWORK SECURITY INSTRUCTOR: DANIA ALOMAR.

IPSec is a suite of protocols defined by the Internet Engineering Task Force (IETF) to provide security services at the network layer. standard protocol.

1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

8-1Network Security Virtual Private Networks (VPNs) motivation:  institutions often want private networks for security.  costly: separate routers, links,

1 Cryptography CSS 329 Lecture 12: Kerberos. 2 Lecture Outline Kerberos - Overview - V4 - V5.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

What Makes a Network Vulnerable?

CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9

CDK: Chapter 7 TvS: Chapter 9

Presentation transcript:

Replay Attacks

Replay Attack First, attacker intercepts a message Not difficult to do

Replay Attack Later, attacker retransmits (replays) the message to the original destination host Does not have to be able to read a message to replay it

Replay Attack Why replay attacks? To gain access to resources by replaying an authentication message In a denial-of-service attack, to confuse the destination host

Thwarting Replay Attacks Put a time stamp in each message to ensure that the message is “fresh” Do not accept a message that is too old Place a sequence number in each message Do not accept a duplicated message Message Time Stamp Sequence Number

Thwarting Replay Attacks In request-response applications, Sender of request generates a nonce (random number) Places the nonce in the request Server places the nonce in the response Neither party accepts duplicate nonces Request Response Nonce Nonce

Thwarting Replay Attacks To prevent changes in the message being replayed Message integrity is needed Requires a digital signature or equivalent See HMAC under IPsec Message Digital Signature Or HMAC