Presentation is loading. Please wait.

Presentation is loading. Please wait.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

Published byDina Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications."— Presentation transcript:

1 9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI

2 Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications Example: Kerberos

3 Introduction How to make communication between clients and servers secure ? Authentication ? Communication within a distributed system Setting up a secure channel Protection against Interception, Modification and Fabrication Ensuring Confidentiality Protocols for mutual Authentication and message Integrity

4 Authentication Authentication and Message Integrity should always come together Example of Tinku & Pinky For Authentication a secure channel is set up For Message Integrity secret-key Cryptography by means of session keys is used Keys are securely destroyed when the channel is closed

5 Authentication Based on Shared Secret Key Secret key is already shared between A and B One party challenges other to a response Response is authenticated with shared secret key Challenge-Response protocols Tinku (A) Pinky (B) A RBRB RARA K A,B (R B ) K A,B (R A )

6 Authentication Based on Shared Secret Key Designing protocols that actually works Optimizing number of messages to three Sending secret key along with the message Tinku (A) Pinky (B) A, R A R B,K A,B (R A ) K A,B (R B )

7 Authentication Based on Shared Secret Key The reflection attack C sends message along with the challenge B returns challenge along with the response Chucky (C) Pinky (B) A,R C R B, K A,B (R C ) R B2, K A,B (R B ) A,R B K A,B (R B ) First Session Second Session First Session

8 Authentication Based on Shared Secret Key C tires to establish another session by using the challenge of B B sends another challenge and responds with his key C sets up First session with the key and leaves Second session Chucky (C) Pinky (B) A,R C R B, K A,B (R C ) R B2, K A,B (R B ) A,R B K A,B (R B ) First Session Second Session First Session

9 Authentication Based on Shared Secret Key A better design is to always use different challenges for the initiator and the responder Example: A always used even number and B always uses odd number This solution may subject to other attacks, such as “man-in-the-middle-attack” Doing number of things identically while setting up a secure channel between two parties is not a good idea Tweaking an existing protocol to improve its performance, can easily affect its correctness

10 Authentication Using Key Distribution Center Scalability is one of the problems with shared secret key If the distribution system has N hosts, it is difficult to manage when N is large Key Distribution Center shares a secret key with each host; instead of pairs sharing the key In SSK, the system needs to manage N(N-1)/2 keys; where as in KDC only N keys

11 Authentication Using Key Distribution Center KDC hands out key to both Tinku(A) and Pinky(B) A sends message to KDC and tells about B KDC returns with a message with shared secret key K A,B Tinku (A) KDC, generates K A,B Pinky (B) K A,KDC (K A,B ) K B,KDC (K A,B ) A,B

12 Authentication Using Key Distribution Center The message is encrypted with secret key K A,KDC KDC also sends K A,B to B encrypted with secret key K B,KDC Tinku (A) KDC, generates K A,B Pinky (B) K A,KDC (K A,B ) K B,KDC (K A,B ) A,B

13 Authentication Using Key Distribution Center There are certain drawbacks, like A wants to set up connection with B even before KDC contacts B KDC needs to pass the key to the B before it brings in the loop Instead KDC can just pass the keys to A and lets A to contact B with ticket

14 Authentication Using Public Key Cryptography Does not require KDC A and B has each others public keys with them A sends challenge encrypted with B’s public key B returns the decrypted challenge, along with his own challenge. Tinku (A) Pinky (B) K + B (A,R A ) K + A (R A, R B,K A,B ) K A,B (R B )

15 Authentication Using Public Key Cryptography B generates session key K A,B to use for further communication B’s response to A, B’s challenge, session key are put in a message encrypted with public key of A A returns the response using session key to acknowledge Tinku (A) Pinky (B) K + B (A,R A ) K + A (R A, R B,K A,B ) K A,B (R B )

16 Message Integrity and Confidentiality Message Integrity ensures protection from modification Confidentiality ensures protection from interception Confidentiality can be achieved by encryption through a shared secret key or public key Message Integrity is a difficult task

17 Message Integrity and Confidentiality Digital Signatures Message Integrity goes beyond the actual transfer through a secure channel Example of A buying a collection item from B In addition to authentication, digital signatures helps in improving integrity Several ways to place digital signatures Popular form is to use a public-key cryptosystem such as RSA

18 Message Integrity and Confidentiality Digital Signatures A sends message m to B by encrypting with its private key If A wants the content of the message to be secret, B’s public key is used which combines m and the signature of A B receives the message and decrypts with A’s public key A’s private key K - A B’s public key K + B B’s private key K - B A’s public key K + A m m m A’s Computer B’s Computer

19 Message Integrity and Confidentiality Digital Signatures Certain problems are associated with his method If A’s private key is stolen If A changes its private key Encryption costs A’s private key K - A B’s public key K + B B’s private key K - B A’s public key K + A m m m A’s Computer B’s Computer

20 Message Integrity and Confidentiality Digital Signatures Cryptographic Hash function is used to improve the situation A uses Hash function to calculate the message digest with A’s private key A’s message digest along with the original message is sent to B

21 Message Integrity and Confidentiality Digital Signatures B decrypts the message digest with A’s public key Compares the original message with the decrypted message If both are same it understands that no modifications are done and the signature is authentic

22 Secure Group Communication How to enable Secure communication for more than two parties ? It is necessary to enable secure communication between more than just two parties The sever is replicated to improve the fault tolerance and performance The replicated sever for which all the replicas exist, should be protected against modification, fabrication, interception

23 Secure Group Communication Confidential Group Communication To ensure confidentiality, a simple scheme of letting all group members to share same secret key This key is used to encrypt and decrypt all the messages transmitted by the members All the members need to be trusted to keep the key a secret This prerequisite alone makes the use of single key more vulnerable to attacks

24 Secure Group Communication Confidential Group Communication Another solution is to maintain separate shared secret key between each pair of group members When one attack happens others can stop sending the messages but still use their secret keys However, instead of maintaining one key, it is necessary to maintain N(N-1)/2 keys which is a difficult problem

25 Secure Group Communication Confidential Group Communication Using public-key cryptosystem the situation can be improved Each member has its own (private key, public key) pair, in which public key can be used by all members for sending confidential messages N key pairs are need for N members Unfaithful members can be removed from group without compromising the other keys

26 Secure Group Communication Secure Replicated Servers

27 Example: Kerberos A logs into A’s work station and its identity is sent to Authentication Server by the work station (AS) AS authenticates the user and provides a key to set up a secure channel This key is known only to AS and Ticket Granting System (TGS)

28 Example: Kerberos Work station asks for the password When the correct password is entered, then the key is ready to use A requests for the connection with B to TGS A secure channel is established

29 Future Work Optimization of Knowledge Distribution Center can be improved by developing more reliable protocols More data need to maintained in replicated servers rather than having it in single server Efficiency of algorithms can be improved for encrypting and decrypting the messages More reliable channels should be made for Group Communications

30 References Andrew S. Tanenbaum, Maarten Van Steen, “Distributed Systems: Principles and Paradigms”, Prentice-Hall,NJ,USA. Andrew S. Tanenbaum, Maarten Van Steen, “Distributed Systems: Principles and Paradigms”, Prentice-Hall,NJ,USA. https://en.wikipedia.org/wiki/Cryptographic_hash_function https://en.wikipedia.org/wiki/Public-key_cryptography http://www.cs.yale.edu/homes/jf/BFIK-SIP.pdf http://csis.pace.edu/~marchese/CS865/Lectures/Chap9/Chap9New/Chapter9.html https://www.cs.columbia.edu/~smb/classes/f06/l03.pdf https://en.wikipedia.org/wiki/Cryptosystem https://en.wikipedia.org/wiki/Symmetric-key_algorithm

31 Any Questions ?

32 Thank you !!

Download ppt "9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Distributed Systems CS 15-440 Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.

Distributed Systems CS Security – Part I Lecture 21, Nov 28, 2011 Majd F. Sakr, Vinay Kolar, Mohammad Hammoud.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
Cryptography Basic (cont)

Cryptography Basic (cont)
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google