Innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System Yanjun Zhao.

Slides:

Advertisements

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.

Advertisements

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Akshat Sharma Samarth Shah

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Digital Signatures and Hash Functions. Digital Signatures.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz.

Cryptography and Network Security Chapter 11 Fourth Edition by William Stallings Lecture slides by Lawrie Brown/Mod. & S. Kondakci.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS

CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.

Csci5233 Computer Security1 GS: Chapter 6 Using Java Cryptography for Authentication.

Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.

Solutions for Secure and Trustworthy Authentication Ramesh Kesanupalli

Shambhu Upadhyaya 1 Ad Hoc Networks Routing Security Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 19)

Providing Transparent Security Services to Sensor Networks Hamed Soroush, Mastooreh Salajegheh and Tassos Dimitriou IEEE ICC 2007 Reporter ：呂天龍 1.

Cryptography and Network Security (CS435) Part Fourteen (Web Security)

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Cryptography and Network Security (SSL)

Message Authentication Code July Message Authentication Problem  Message Authentication is concerned with:  protecting the integrity of a message.

Chapter 21 Distributed System Security Copyright © 2008.

1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester

Public Key Encryption.

Ingredients of Information Security. - Who has access the asset? - Is the asset correct? - Is the asset accessible? …uncorrupted? …authentic?

Cryptographic Hash Functions and Protocol Analysis

Biometric Authentication in Distributed Computing Environments Vijai Gandikota Karthikeyan Mahadevan Bojan Cukic.

Kerberos Guilin Wang School of Computer Science 03 Dec

Cryptography and Network Security (CS435) Part Nine (Message Authentication)

1 Thuy, Le Huu | Pentalog VN Web Services Security.

Secure  Message interception (confidentiality)  Message interception (blocked delivery)  Message interception and subsequent replay  Message.

Authentication has three means of authentication Verifies user has permission to access network 1.Open authentication : Each WLAN client can be.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Hashes Lesson Introduction ●The birthday paradox and length of hash ●Secure hash function ●HMAC.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.

IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.

Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.

Web Applications Security Cryptography 1

Reviews Rocky K. C. Chang 20 April 2007.

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

Cryptographic Hash Functions

Cryptographic Hash Function

Cryptographic Hash Functions

Cryptographic Protocols

User-mode Secret Protection (SP) architecture

Presentation transcript:

Innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System Yanjun Zhao

Current Protocols SSL (Secure Sockets Layer) protocol IPSec(Internet Protocol Security) suffer from  intrusion and single-point ofcompromising  DDoS (distributed denial ofservice) attacks.

The Purposes of IDAS protect credential information by distributing shared secret to multiple computers and thus eliminates the single point of compromising. detect the use of partial credential as a user/computer and indicate which part of secret is exposed

Even when an insider compromised all related servers, the credential is only valid for a short period of time and will be self healed in next period. A DDoS resistant protocol must be stateless and efficient as well as stop botnet attacks and “low and slow”attacks.

take a single round trip time, which is faster than any other authentication protocols and is important to the performance of critical applications in a multi-continent network.

A legitimate user shares a p, a hash chain value, and a cryptographic key, k_auth, with the Authentication Server. The p represents a second factor for authentication and can be a password, a token, a biometrics, or smartcard. Partial secrets of the user are provided with two random number seeds: one is for the nonce generation, and the other is for the hash chain seed.

Time-Dependent Secret

Self-healing Feature of the Authentication Sever

HMAC HMAC (RFC 2104) is the standard approach in cryptography to ensure the message integrity. In the context of our authentication protocol, HMAC can be viewed as a fixed-size output produced by two inputs (a message and a secret key). HMAC is computationally infeasible to produce the valid code without the knowledge of the key.

Distribute Secret

The proposed scheme combines the usage of a p, a key, and a hash chain in a computation- efficient manner to achieve a strong security level.

If the p is not used in the protocol, when an adversary compromises the device, the attacker can succeed in impersonating the user. If the HMAC key is not used in the protocol, the update of hash chain value might be tampered by the adversary. Thus, the server and the device will be out of synchronization for authentication. If the hash chain is not used in the protocol, the adversary compromising the server learns the secret HMAC key and p. Then the adversary can succeed in impersonating a user in next authentication session.

The above steps remove the single-point compromising vulnerability of critical user authentication information. It is useless for an attacker to compromises one of the two servers. If a strong inside attacker compromises both servers, one can pretend to be a user for the current period. For the next time period, the attacker loses the required hash chain value and the authentication system self heals.

DDoS Resistant

Reference Chwan-hwa”John” Wu and Tong Liu Simulation for Intrusion-Resilient, DDoS- Resistant Authentication System (IDAS). SpringSim '08: Proceedings of the 2008 Spring Simulation Multiconference