Presentation is loading. Please wait.

Presentation is loading. Please wait.

A. Steffen, 10.4.2000, KSy_Auth.ppt 1 Zürcher Hochschule Winterthur Kommunikationssysteme (KSy) - Block 9 Secure Network Communication Part III Authentication.

Published byAlexzander Ker Modified over 10 years ago

Similar presentations

Presentation on theme: "A. Steffen, 10.4.2000, KSy_Auth.ppt 1 Zürcher Hochschule Winterthur Kommunikationssysteme (KSy) - Block 9 Secure Network Communication Part III Authentication."— Presentation transcript:

1 A. Steffen, 10.4.2000, KSy_Auth.ppt 1 Zürcher Hochschule Winterthur Kommunikationssysteme (KSy) - Block 9 Secure Network Communication Part III Authentication and Integrity Secure Network Communication Part III Authentication and Integrity Dr. Andreas Steffen 2000 Zürcher Hochschule Winterthur

2 A. Steffen, 10.4.2000, KSy_Auth.ppt 2 Zürcher Hochschule Winterthur Secure Network Communication – Part III Integrity Authentication Certificates

3 A. Steffen, 10.4.2000, KSy_Auth.ppt 3 Zürcher Hochschule Winterthur Integrity of Documents and Messages Detection of corrupted documents and messages Detection of bit errors caused by unreliable transmission links or faulty storage media. Solution: Message Digest acting as a unique fingerprint for the document (similar function as CRC). Protection against unauthorized modification Without protection a forger could create both an alternative document and its corresponding correct message digest. Symmetric Key Solution: Message Authentication Code (MAC) formed by using a keyed message digest function. Asymmetric Key Solution: Digital Signature formed by encrypting the message digest with the document authors private key.

4 A. Steffen, 10.4.2000, KSy_Auth.ppt 4 Zürcher Hochschule Winterthur Message Digests based on One-Way Hash Functions A single bit change in a document should cause about 50% of the bits in the digest to change their value ! 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 Document or message of arbitrary size 1 0 1 Message Digest of fixed size Hash Function One-Way Function 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 Hash Function 1 0 1 0 0 0 1 0 0 1

5 A. Steffen, 10.4.2000, KSy_Auth.ppt 5 Zürcher Hochschule Winterthur Popular Hash Functions SHA - Secure Hash Algorithm, NIST / NSA Document or Message Message Digest or Hash or Fingerprint 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 128 bits MD5 Hash Function 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 160 bits SHA MD5 - Message Digest #5, Ron Rivest, RSA

6 A. Steffen, 10.4.2000, KSy_Auth.ppt 6 Zürcher Hochschule Winterthur Basic Structure of the MD5 / SHA One-Way Hash Functions N x 512 bits IV 128/160 bit Initialization Vector Hash 128/160 bit Hash Value Document Pad L L Pad Padding L 64 bit Document Length MD5/SHA Hash Function HashHash HashHash IVIV IVIV HashHash HashHash HashHash HashHash Block N 512 bits Block N 512 bits Block 2 512 bits Block 2 512 bits Block 1 512 bits Block 1 512 bits

7 A. Steffen, 10.4.2000, KSy_Auth.ppt 7 Zürcher Hochschule Winterthur Message Authentication Codes based on Keyed One-Way Hash Functions Genuine if equal MAC Key 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 Author Keyed Hash Function Recipient 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 MAC Transmission Channel MAC Key Keyed Hash Function

8 A. Steffen, 10.4.2000, KSy_Auth.ppt 8 Zürcher Hochschule Winterthur Inner Key 512 bits Basic Structure of a Keyed One-Way Hash Function (RFC 2104) MD5 / SHA Hash Function Hash MD5 / SHA Hash Function Hash Document Key 0x36..0x36 XOR Outer Key 512 bits 0x5C..0x5C XOR Pad 512 bits Key Length Hash Length MAC Truncate to 96 bits

9 A. Steffen, 10.4.2000, KSy_Auth.ppt 9 Zürcher Hochschule Winterthur Digital Signatures based on Public Key Cryptosystems 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 Author Decryption with Public Key Hash Value Genuine if equal Transmission Channel Recipient 1 0 1 0 1 1 1 0 0 1 0 1 0 0 1 1 0 1 1 1 0 1 0 0 0 1 0 1 0 1 Signature Hash Value Hash Function Encryption with Private Key Signature

10 A. Steffen, 10.4.2000, KSy_Auth.ppt 10 Zürcher Hochschule Winterthur Forging Documents On average 2 m trials are required to find a document having the same hash value as a given one ! Original Document 0 1 0 0 1 1 Hash Value of m bits Hash Function Pay 100 $ to the bearer AQ - 1545323 Hash Function 1 0 1 1 0 1 0 0 1 0 0 1 1 Pay 100000 $ to the bearer XX - XXXXXXX Forged Document Random Text

11 A. Steffen, 10.4.2000, KSy_Auth.ppt 11 Zürcher Hochschule Winterthur The Birthday Paradox What is the probability of another person having the same birthday as you ? Probability p = 1/365 How many people must be a in a room so that the probability of at least another person having the same birthday as you is greater than 0.5 ? n = 253 people How many people must be in a room so that the probability of at least two of them having the same birthday is greater than 0.5 ? n = 23 people

12 A. Steffen, 10.4.2000, KSy_Auth.ppt 12 Zürcher Hochschule Winterthur Birthday Attacks against Hash Functions Looking for Collisions ! Only about 2 m/2 trials are required to find two documents having the same hash value MD5 might be insecure ! Original Document Z Z Z Hash Value of m bits Hash Function Pay 100 $ to the bearer YY - YYYYYYY Hash Function 1 0 1 1 0 1 0 Z Z Z Pay 100000 $ to the bearer XX - XXXXXXX Forged Document Random Text

13 A. Steffen, 10.4.2000, KSy_Auth.ppt 13 Zürcher Hochschule Winterthur Secure Network Communication – Part III Integrity Authentication Certificates

14 A. Steffen, 10.4.2000, KSy_Auth.ppt 14 Zürcher Hochschule Winterthur Server Password File ID Password Insecure Authentication based on Passwords Password Salt Hash Function Hash Hash Function Secret password transmitted over insecure channel ID Password Remote User ID Password Salt helps against dictionary attacks. UNIX uses 12 bits of salts, resulting in 4096 hashed password variants

15 A. Steffen, 10.4.2000, KSy_Auth.ppt 15 Zürcher Hochschule Winterthur Secure Authentication based on Challenge/Response Protocols Insecure ChannelUserServer Keyed Hash Function MAC ID U RURU RURU Key RURU RURU ID U RURU RURU Response MAC No secrets are openly transmitted The random values R S and R U should never be repeated ! RSRS RSRS Key Keyed Hash Function MAC RSRS RSRS RSRS RSRS Challenge random value (Nonce)

16 A. Steffen, 10.4.2000, KSy_Auth.ppt 16 Zürcher Hochschule Winterthur Challenge/Response Protocol based on Digital Signatures Insecure ChannelUserServer RSRS RSRS RSRS RSRS Challenge random value (Nonce) ID U RURU RURU Hash Sig Encryption with Private Key RSRS RSRS Hash ID U RURU RURU Response Sig ID U RURU RURU Decryption with Public Key Hash

17 A. Steffen, 10.4.2000, KSy_Auth.ppt 17 Zürcher Hochschule Winterthur Secure Network Communication – Part III Integrity Authentication Certificates

18 A. Steffen, 10.4.2000, KSy_Auth.ppt 18 Zürcher Hochschule Winterthur Trust Models I PGP Web of Trust Alice Bob Carol Dave Signed by Dave Signed by Bob Signed by Dave Signed by Carol Signed by Alice Signed by Bob Can Carol trust Alice ? Trust Certificate

19 A. Steffen, 10.4.2000, KSy_Auth.ppt 19 Zürcher Hochschule Winterthur Trust Models II Trust Hierarchy with Certification Authorities Verisign Swisskey Amazon Carol Self Signed Verisign Self Signed Swisskey Alice Amazon Bob Amazon Root CA Intermediate CA Client Certificates Trust

20 A. Steffen, 10.4.2000, KSy_Auth.ppt 20 Zürcher Hochschule Winterthur General Structure of an X.509 Certificate * specifies algorithm used to sign certificate, e.g. md5RSA signatureAlgorithm* Hash Function* Hash / Fingerprint Encryption with Issuers Private Key* signature version serialNumber signature* issuer validity subject subjectPublicKeyInfo issuerUniqueID OPTIONAL subjectUniqueID OPTIONAL extensions OPTIONAL

21 A. Steffen, 10.4.2000, KSy_Auth.ppt 21 Zürcher Hochschule Winterthur General Structure of an X.509 Certificate ASN.1 using Distinct Encoding Rules (DER) TBSCertificate ::= SEQUENCE { version [0] Version DEFAULT v1(0), serialNumber CertificateSerialNumber, signature AlgorithmIdentifier, issuer Name, validity Validity, subject Name, subjectPublicKeyInfo SubjectPublicKeyInfo, issuerUniqueID [1] Unique Identifier OPTIONAL, subjectUniqueID [2] Unique Identifier OPTIONAL, extensions [3] Extensions OPTIONAL } Certificate ::= SEQUENCE { tbsCertificate TBSCertificate, signatureAlgorithm AlgorithmIdentifier, signature BIT STRING }

22 A. Steffen, 10.4.2000, KSy_Auth.ppt 22 Zürcher Hochschule Winterthur X.509 Certificate Handling Netscape 4.7 Browser Netscape Menu: Communicator / Tools / Security Info

23 A. Steffen, 10.4.2000, KSy_Auth.ppt 23 Zürcher Hochschule Winterthur X.509 Certificate Handling - Netscape Certification Path

24 A. Steffen, 10.4.2000, KSy_Auth.ppt 24 Zürcher Hochschule Winterthur X.509 Certificate Handling - Netscape Encrypted and Signed E-Mail (S/MIME)

25 A. Steffen, 10.4.2000, KSy_Auth.ppt 25 Zürcher Hochschule Winterthur X.509 Certificate Handling Microsoft Internet Explorer 5.0 Explorer Menu: Tools / Internet Options

26 A. Steffen, 10.4.2000, KSy_Auth.ppt 26 Zürcher Hochschule Winterthur X.509 Certificate Handling – Internet Explorer Certification Path

27 A. Steffen, 10.4.2000, KSy_Auth.ppt 27 Zürcher Hochschule Winterthur X.509 Certificate Structure V1 Fields and V3 Extensions

28 A. Steffen, 10.4.2000, KSy_Auth.ppt 28 Zürcher Hochschule Winterthur Public Key Infrastructure (PKI) Certification Authority Governed by a Certificate Practice Statement (CPS) Issues and signs Client and Server Certificates Maintains a Certificate Revocation List (CRL) Offers LDAP / WWW based Directory Services Private Key Management Secure Generation and/or Distribution of Private Keys Browser or Java Applet generated Keys Hardware generated Keys (Intel 810/820 Chipset, Smart Cards) Secure Storage of Private Keys Smart Cards, USB Modules, SIM Cards (Sonera) Key Recovery of lost private keys

Download ppt "A. Steffen, 10.4.2000, KSy_Auth.ppt 1 Zürcher Hochschule Winterthur Kommunikationssysteme (KSy) - Block 9 Secure Network Communication Part III Authentication."

Similar presentations

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.

Chapter 10 Encryption: A Matter of Trust. Awad –Electronic Commerce 1/e © 2002 Prentice Hall 2 OBJECTIVES What is Encryption? Basic Cryptographic Algorithm.
3. Protection of Information Assets (25%)

3. Protection of Information Assets (25%)
ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.

ISA 662 IKE Key management for IPSEC Prof. Ravi Sandhu.
Symmetric Encryption Prof. Ravi Sandhu.

Symmetric Encryption Prof. Ravi Sandhu.
PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.

PKI Introduction Ravi Sandhu 2 © Ravi Sandhu 2002 CRYPTOGRAPHIC TECHNOLOGY PROS AND CONS SECRET KEY SYMMETRIC KEY Faster Not scalable No digital signatures.
Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Hashes and Message Digests

Hashes and Message Digests
Doc.: IEEE 802.11-98/178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE 802.11e Security IEEE 802.11 Task Group.

Doc.: IEEE /178 Submission July 2000 A. Prasad, A. Raji Lucent TechnologiesSlide 1 A Proposal for IEEE e Security IEEE Task Group.
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
1 Pretty Good Privacy (PGP) Security for Electronic Email.

1 Pretty Good Privacy (PGP) Security for Electronic .
PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.

PUBLIC KEY CRYPTOSYSTEMS Symmetric Cryptosystems 6/05/2014 | pag. 2.
Kommunikationssysteme (KSy) - Block 8

Kommunikationssysteme (KSy) - Block 8
Block Cipher Modes of Operation and Stream Ciphers

Block Cipher Modes of Operation and Stream Ciphers
ECE454/CS594 Computer and Network Security

ECE454/CS594 Computer and Network Security
Authentication Applications

Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.

Slide 14-1 Copyright © 2004 Pearson Education, Inc. Operating Systems: A Modern Perspective, Chapter 5 14 Protection and Security.

Similar presentations

Ads by Google