Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

Published byKyra Godley Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate."— Presentation transcript:

1 1 Security Handshake Pitfalls

2 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate each other –Establish sessions keys –This process may involve many flaws

3 3 Login with shared secret Approaches –Using K Alice-Bob as a secret key to encrypt R: K Alice-Bob {R} –Hashing R and K Alice-Bob: h(K Alice-Bob, R) –Different time uses different R Discussions –Authentication is not mutual: Trudy can convince Alice that she is Bob –Off-line password guessing attack – assuming K Alice-Bob is derived from a password –Trudy can compromise the database at Bob and later impersonate Alice

4 4 All the previous weakness remains Minor security difference –Alice has to be able to reverse what Bob has done to R –If K Alice-Bob is derived from a password, it is vulnerable to a dictionary attack Login with shared secret cont’d

5 5 Alice and Bob have reasonably synchronized clocks more efficient Impersonate Alice within the acceptable clock skew If Trudy can set Bob’s clock back – reuse overheard timestamps

6 6 Authentication with One-Way Public Key Advantage –Database at Bob need not be protected from unauthorized disclosure Weakness –Trudy can trick Alice into signing/decrypting: Trudy can forge Alice’s signature on some quantity

7 7 Mutual Authentication Inefficient

8 8 Mutual Authentication Reflection Attack

9 9 General Principle –Do not have Alice and Bob do exactly the same thing Different Keys: have the key used to authenticate Alice be different from the key used to authenticate Bob Different Challenges: the challenge from the initiator (Alice) looks different from the challenge from the responder

10 10 Mutual Authentication Password Guessing without eavesdropping: send a message to Bob,… How to fix?

11 11 Mutual Authentication Public Keys –Assume Alice and Bob know each other’s public keys

12 12 Mutual Authentication Timestamps –Require synchronized clocks –Alice and Bob have to encrypt different timestamps

13 13 Integrity/Encryption for Data In order to provide integrity and/or encryption protection of the data following the authentication exchange, it is necessary for Alice and Bob to encrypt and/or add integrity –Require a session key established during mutual authentication

14 14 Establishment of Session Keys Shared Secret based authentication –After the authentication.. –Use K Alice-Bob {R} as the session key? Has been used as the third message in the authentication handshake –Use (K Alice-Bob +1){R} as the session key –Use K Alice-Bob {R+1} as the session key? Trudy impersonates Bob :

15 15 Nonce Types Timestamps –Require reasonably synchronized clocks Large random numbers –Tend to make the best nonce –Cannot be guessed/predicted Sequence number

16 16 Nonce Types R has to be unpredictable: suppose Eve impersonates Alice

17 Nonce Types R has to be unpredictable: Eve first impersonates Bob, then impersonates Alice 17

18 Nonce Types 18

19 19 Privacy and Integrity Replay attack –Use long sequence numbers Sequence number space rollover –Key rollover: changing keys in the middle of a conversation

20 20 Mediated Authentication Trudy may claim to be Alice and send “I am Alice” –Will not do Trudy any good It is possible that Alice’s messages get to Bob first, so Bob does not know how to decrypt it –Using a Ticket Must be followed by a mutual authentication exchange – confirm that Alice and Bob have the same key

21 21 Needham-Schroeder Protocol Classic protocol for authentication with KDC –Many others have been modeled after it (e.g. Kerberos)

22 22 Needham-Schroeder Protocol Nonce: a number that is used only once –A sequence number or a large random number –Deal with replay attacks Reflection Attack –Bob -> Alice: K AB {N 2 -1, N 3 } –Assume N i multiple of encryption blocksize –ECB: Message splicing: put together own plus revealed –With CBC, no need to decrement N 2, N 3 A Vulnerability –When Trudy gets a previous key used by Alice, Trudy may reuse a previous ticket issued to Bob for Alice –Essential Reason Ticket to Bob stays valid even if Alice changes her key

23 23 Expanded Needham-Schroeder The additional two messages assure Bob that the initiator has talked to KDC since Bob generates N B

24 24 Kerberos V4 Based on Needham-Schroeder, but with timestamps Save exchange of nonce

Download ppt "1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
CSC 474 Information Systems Security

CSC 474 Information Systems Security
Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Computer Security Key Management

Computer Security Key Management
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google