Presentation is loading. Please wait.

Presentation is loading. Please wait.

G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks."— Presentation transcript:

1 G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks

2 Altogether Now: The Three Questions  What is the problem?  What is new or different?  What are the contributions and limitations?

3 Needham/Schroeder  Early exploration (’78) of how to use encryption to provide authentication  Diffie/Hellman published their paper on public key cryptography only two years earlier  Basis for Kerberos network authentication protocol  Specifically, the symmetric key protocol  “Our protocols should be regarded as examples”  Rightly so, the protocols have known attacks!

4 Getting Our Concepts Right  Assumptions  Computers are secure  I.e., when a user encrypts a message, neither the plaintext nor the key is leaked outside the application  But the network is not  Attackers can arbitrarily read, insert, delete, or modify messages on the network  End-to-end encryption  Encryption must be performed by applications, not at the network level  E.g., key may not be known by the network interface

5 Getting Our Concepts Right (cont.)  Authentication servers (certificate authorities)  Trusted by all participating users  For symmetric-key crypto, user  key  For public-key crypto, user  public key  Not limited to a single server  Group of collaborating servers  Forest of servers (certification authority model)  No server: web of trust in PGP

6 Getting Our Concepts Right (cont.)  Nonces and timestamps  Ensure that messages are unique  Interactive protocols  random number  Offline protocols  timestamp  Prevent replay attacks  Tickets and certificates  Tickets establish a session key (shared secret)  Certificates attest a public key

7 Getting Our Concepts Right (cont.)  Characteristic functions  Now: Collision resistant hash functions  Three properties  h(M) is relatively easy to compute (and typically small)  Given h(M), it is hard to calculate M  It is hard to find two M 1 and M 2 so that h(M 1 )=h(M 2 )  Which one to use?  MD-4, MD-5, RIPEMD, RIPEMD-160, SHA-0, SHA-1, SHA-2

8 Let’s Mount an Attack [Lowe 95]

9 The Public Key Protocol  A  AS: A, B  AS  A: {PKB, B} SKAS  A  B: {N A, A} PKB  B  AS: B, A  AS  B: {PKA, A} SKAS  B  A: {N A, N B } PKA  A  B: {N B } PKB

10 There Really Are Two Protocols  A  AS: A, B  AS  A: {PKB, B} SKAS  A  B: {N A, A} PKB  B  AS: B, A  AS  B: {PKA, A} SKAS  B  A: {N A, N B } PKA  A  B: {N B } PKB  What is the short-coming of the key access protocol?  Let’s mount an attack on the authentication protocol! Obtain public keys Authenticate A and B

11 The Man-in-the-Middle Attack  A  I: {N A, A} PKI  I(A)  B: {N A, A} PKB  B  I(A): {N A, N B } PKA  I  A: {N A, N B } PKA  A  I: {N B } PKI  I(A)  B: {N B } PKB  How can we prevent this attack?

12 Let’s Improve Our Notation

13 The Four Primitives  Encrypt(PK, M)  CT  Decrypt(SK, CT)  M  Sign(SK, M)  σ  Verify(PK, M, σ)  {true, false}

14 What Did We Learn Today?

Download ppt "G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks."

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.

Luu Anh Tuan. Security protocol Intruder Intruder behaviors Overhead and intercept any messages being passed in the system Decrypt messages that are.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Computer Security Key Management

Computer Security Key Management
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)

Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google