Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and."— Presentation transcript:

1 Intro To Secure Comm. Exercise 2

2 Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and you trust the phone company to have secured phone lines (no eaves dropping on the line).  All the users must use “good” passwords. 1.What is a “good” password? 2.What is the problem with “good” passwords? 3.How can you build a device that can help the user? Hint: the device may generate the passwords

3 Solution  A good password is one that is immune to common dictionary- attacks, and is pseudo random  Good passwords are hard to remember so users tend to write them down  The device may be PRF K (USER|DATE|TIME) MD5(K|USER|DATE|TIME)

4 Problem  You wish your users to login to a remote computer  You wish that ADV getting hold of that computer won’t be able to retrieve the stored passwords easily  What method would you use to store the passwords?

5 Solution  The simplest solution would be to store a hash of the passwords.

6 Problem  What hash attributes do we require for this scheme?

7 Solution  We would like OWF So that ADV can’t efficiently find a pre image for our passwords  We would like CRHF So that ADV can’t efficiently find a collision to our password

8 Problem  Authentication possibilities Something You know Something You have Something You are  Give examples for the above  What may be the problems?

9 Solution – Something you know  Password/secrets are things you suppose to know and no other  The cost is minimal, however we usually choose intuitive things to know.  When secrets are not intuitive we tend to forget them/write them down so we don’t forget them.

10 Solution – Something you have  Usually smart cards are things we have and no one else.  Problems are higher cost  We tend to forget the devices if they are small  We tend not to use them if they are big  They may be stolen, and then what?

11 Solution – Something you are  Biometrics is a common way to identify a person (eye, finger print …)  Costs a lot (smart devices, training time)  May not have high precision, i.e. long retries, forgeries

12 Suggested solution  Hybrid approach  A small device which incorporates a PIN or a password to operate  Something like a SecureID device, Portable phone with a key…

13 Problem  Devise a simple secure way to prove the knowledge of the secret (password) without ADV being able to know the password

14 Solution  Send h(password) to server  Against what types of ADV is it secure?  What may be the problem with the following protocol in case of an eavesdropper/spoofer ADV?

15 Solution 2  ADV may not have to know the password in order to login, he just has to listen to it and send it to the server.

16 Problem  Find a way to simply defend against an eavesdropper/spoofer ADV

17 Solution  Use S/KEY password scheme Each user has n successful login attempts. At startup, the server receives h(x) n Each login the server receives h(x) n-i The server validates h(h(x) n-i )=h(x) n-(i-1)  Against what type of attack is this protocol not immune to? What are its weaknesses?

18 Solution  The protocol is not immune against a spoofer/eavesdropper which spoofs the server  When establishing a new chain of hashes, the spoofer can intercept the transmission and send it as it was his own (or send h(x) n+1 ).

19 Problem  Common antivirus programs have the feature of “immune”\”sign” a file.  In case the file is changed the software knows it immediately.  Common method is using a hash function to create a digest for the file.  What are the requirements from the hash function?

20 Solution  The hash function must be at least WCRHF.  This is because the file may already be known to the virus and the virus will need to find a collision in order to fool the antivirus program.  What other methods would you use to ensure that the file wasn’t tempered with?

21 Problem  The following scenario is suggested for establishing session keys Alice and Bob share a secret (key phrase/password) Alice generates Session key K and send E P (K) to Bob Bob receives E P (K), deciphers and uses K as the new session key.  What are the threats to the model?  Is this solution secure against an eavesdropper?

22 Solution  The solution is problematic when a password is used.  Passwords are susceptible to dictionary attack.  The eavesdropper may discover p and thus the session key k (and may discover any other session keys)  Suggest a better protocol

23 Solution  Alice Generates pub A and priv A.  Alice sends E P (pub A ) to Bob  Bob deciphers and sends to Alice Pub A (k)  Alice sends to Bob E k (challengeA)  Bob responds E k (challengeA||challengeB)  Alice responds (challengeB)  What cryptographic method is E?

24 Solution  The cryptographic method is a MAC  Why not simply use an encryption method?

25 Problem  Some designs attempt to provide message authentication by sending the encryption of the message concatenated with its hash (or simply with an error detection code).  Namely, they send Encrypt(Message||Hash(Message)), and hope that in so doing, they achieve encryption and authentication together.  Show that this design is insecure (an attacker can modify a message and it would still be considered authentic).  Hint: this is easy to show, when using one-time-pad or OFB mode encryption.

26 Solution  Assuming OTP is used and ADV knows some information about the message.  ADV knows the algorithm, so knows which hash function is used.  Knowing so, he can figure out the key encrypting the message (known plain text).  Since he knows the message and hash of the message, he can figure out the key encrypting the hash.  ADV can now calculate new message and new hash for the message and replace them.

27 Solution  ADV’s playout: k m =mc m (revealing the key of m) k h(m) =h(m) c h(m) Forge: m’k m ||h(m’)k h(m)  This is a poor MAC because it isn’t even immune to KMA.

Download ppt "Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and."

Similar presentations

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Intro To Secure Comm. Exercise 3. Problem The following scenario is suggested for establishing session keys  Alice and Bob share a secret (key phrase/password)

Intro To Secure Comm. Exercise 3. Problem The following scenario is suggested for establishing session keys  Alice and Bob share a secret (key phrase/password)
CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.

CSC 386 – Computer Security Scott Heggen. Agenda Authentication Passwords Reducing the probability of a password being guessed Reducing the probability.
Computer Security Set of slides 5 Dr Alexei Vernitski.

Computer Security Set of slides 5 Dr Alexei Vernitski.
Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.

Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it.
1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.

1 Cryptanalysis-tolerant CPA crypt. ● Suppose E, E’ are two encryption schemes which on of them is CPA - secure  E.g., a standard and a proprietary, a.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.

CS426Fall 2010/Lecture 81 Computer Security CS 426 Lecture 8 User Authentication.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.

Authentication. Terminology  Authentication التثبت من الهوية  Access Control (authorization) التحكم في الوصول  Note the difference between the two.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.

Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.

Announcements: 1. HW6 due now 2. HW7 posted Questions? This week: Discrete Logs, Diffie-Hellman, ElGamal Discrete Logs, Diffie-Hellman, ElGamal Hash Functions.
1 Intro To Encryption Exercise 11. 2 Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The.

1 Intro To Encryption Exercise Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Similar presentations

Ads by Google