Presentation is loading. Please wait.

Presentation is loading. Please wait.

Handshake Protocols COEN 150.

Published byEugenio Revuelta Bustos Modified over 6 years ago

Similar presentations

Presentation on theme: "Handshake Protocols COEN 150."— Presentation transcript:

1 Handshake Protocols COEN 150

2 Threat Model Passive Sniffing Spoofing Standard Attack Modes:
Malicious Mallory can read messages between Alice and Bob. Spoofing Malicious Mallory can create messages that seem to come from either Alice or Bob. Standard Attack Modes: Breaking Cryptography Man-in-the-Middle Replay Attacks Reflection Attack (Open several connections)

3 Simple Password Protocol
Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice. Vulnerable to sniffing and replay attack: Mallory sniffs the exchange. Mallory: Hi, I am Alice. My password is “fiddlesticks”.

4 Shared Secret Alice and Bob share a secret key K. Alice: I am Alice.
Bob: Encrypt random number R. Alice: EK(R) Bob (calculates EK(R) as well.): Welcome Alice.

5 Shared Secret Vulnerable to DOS attack. while(1) {
Mallory: I am Alice. Bob: Encrypt R. Mallory: X. Bob (EK(R) != X): Access denied. }

6 Shared Secret Vulnerable to sniffing and replay attack if R is not random or if R is repeated.

7 Shared Secret Use of Clock: Problems with clock accuracy:
Alice: I am Alice, EK(clock). Bob calculates clock, compares with his value: Welcome Alice. Problems with clock accuracy: Demand tight accuracy: drifting clocks can be bad. Otherwise: replay attack.

8 Shared secret, use of clock
Sniffing + replay attack: Mallory to Bob: KILL, KILL, KILL, KILL. (Bob cannot receive messages because his message buffer is filled up.) Alice: Hi, I’m Alice. EK(clock). Mallory to Alice: KILL, KILL, KILL, KILL. (Alice cannot receive messages because her message buffer is filled up.) Mallory to Bob: Hi, I’m Alice. EK(clock). Bob: Hi, Alice.

9 Shared secret, use of clock
Mallory KILL KILL Hi, I’m Alice, EK(clock) Hi, I’m Alice, EK(clock) Bob Alice

10 Public Key Alice: “I’m Alice.” Bob: “R”. Alice: “EAlice(R)”.
Bob calculates “DAliceEAlice(R) == R”: Hi Alice.

11 Public Key Alice: “I’m Alice.”
Bob creates random challenge R: “EAlice(R)”. Alice: “R”. Bob checks “R == R”: Hi Alice.

12 Public Key: DOS attack Bob spends much more time computing than Trudy!
Trudy: “I’m Alice.” Bob: “R”. Trudy: “X” Bob calculates “DAliceEAlice(X) != R: Access Denied. Bob spends much more time computing than Trudy!

13 Mutual Authentication: Shared Secret
Alice: “I am Alice” Bob: “RB” Alice: EK(RB). RA. Bob calculates EK(RB) himself: EK(RA). Hi Alice. Alice calculates EK(RA) herself: Hi Bob.

14 Mutual Authentication with less messages?
Alice: I am Alice. RA Bob: RB. EK(RA). Alice: Hi Bob. EK(RB). Bob: Hi Alice.

15 Mutual Authentication with less steps is vulnerable to the reflection attack
Session 1 Trudy: I am Alice. RA. Session 1 Bob: RB. EK(RA). Session 2 Trudy: I am Alice. RB. Session 2 Bob: RB’. EK(RB). Session 1 Trudy: Hi Bob. EK(RB). Session 1 Bob: Hi Alice.

16 Warning Signals Requestor should authenticate herself first.
Don’t have requestor and requestee do exactly the same thing. (E.g. use different key pairs.) If you provide encryption service, you set yourself up for a key guessing attack.

17 Public Key: Simple Mutual Authentication
Alice: “I am Alice. RA” Bob: “EBob(RA). RB” Alice DBobEBob (RA)=RA: Hello Bob. EAlice(RB). Bob: DAliceEAlice(RB) = RB: Hello Alice.

18 Key Distribution Centers
Maintains a shared secret for each registered user. To set-up a connection requires the KDC to set up a session key.

19 Key Distribution Center Original Algorithm
Alice to KDC: Alice wants Bob. KDC to Alice: Here is your session key. KDC to Bob: Here is your session key. This needs to be modified.

20 Key Distribution Center: Needham Schroeder Protocol
Alice to KDC: N1, Alice wants Bob. KDC to Alice: KA(N1,KS,Bob,Ticket), where Ticket=KB(KS,Alice). Alice to Bob: Ticket, KS(N2). Bob to Alice: KS(N2-1,N3). Alice to Bob: K(N3-1). N1, N2, N3 are nonces to prevent replay attacks.

21 Key Distribution Center: Needham Schroeder Protocol Variant
Alice to KDC: N1, Alice wants Bob. KDC to Alice: KA(N1,KS,Bob,Ticket), where Ticket=KB(KS,Alice). Alice to Bob: Ticket, KS(N2). Bob to Alice: KS(N2-1),KS(N3). Alice to Bob: K(N3-1). N1, N2, N3 are nonces to prevent replay attacks.

22 Replay attack on modified NS
Alice to KDC: N1, Alice wants Bob. KDC to Alice: KA(N1,KS,Bob,Ticket), where Ticket=KB(KS,Alice). Alice to Bob: Ticket, KS(N2). Bob to Alice: KS(N2-1),KS(N3). Alice to Bob: KS(N3-1). Trudy as Alice to Bob: Ticket, KS(N2) Bob to Alice, but intercepted by Trudy: KS(N2-1), KS(N4) Trudy as Alice to Bob: Ticket, KS(N4). Bob to Alice, but intercepted by Trudy. KS(N4-1), KS(N5). Trudy as Alice to Bob: KS(N4-1).

23 Key Distribution Center
Assume that Alice’s key has become compromised. Trudy can now present herself as Alice to Bob with an old ticket. Tickets need to have an expiration date!!!!!!!!!!!

Download ppt "Handshake Protocols COEN 150."

Similar presentations

COEN 350 Kerberos.

COEN 350 Kerberos.
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
CSC 474 Information Systems Security

CSC 474 Information Systems Security
Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
COEN 350 Kerberos. Provide authentication for a user that works on a workstation. Uses secret key technology Because public key technology still had patent.

COEN 350 Kerberos. Provide authentication for a user that works on a workstation. Uses secret key technology Because public key technology still had patent.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

Similar presentations

Ads by Google