Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

Similar presentations


Presentation on theme: "CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz."— Presentation transcript:

1 CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz

2 Administrative stuff  HW4 on the way…

3 Adding mutual authentication  Double challenge-response in 3 rounds (4 if include initial “hello” message)  Variant in which user sends nonce first? –Insecure… –To improve security, make protocol asymmetric –No such attack on previous protocol Security principle: let initiator prove its identity first –Also vulnerable to off-line password guessing without eavesdropping

4 Public-key based  Ex 6: Double challenge-response  Issues: –How does each party learn the other party’s public key? –How does a party obtain its own secret key (i.e., if logging-in remotely) Can download information, protected by a password

5 Using timestamps?  Ex 7: User sends MAC(time), server responds with MAC(time+1)  Vulnerabilities? –Symmetric protocol…

6 Establishing a session key  One-way Challenge-response; compute session key as F K (R+1) –Secure if F is a pseudorandom permutation…? –(Potential attack…)

7 Public-key based…  Include E pk (session-key) in protocol?  Encrypt session-key and sign the result? –No forward secrecy… –Potentially vulnerable to replay attacks  User sends E(R 1 ); server sends E(R 2 ); session key is R 1 +R 2 –Reasonable…

8 Authenticated Diffie-Hellman  Add signatures/MACs and nonces to Diffie- Hellman protocol –Note: achieves forward secrecy –What if we had used encryption instead?


Download ppt "CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz."

Similar presentations


Ads by Google