Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to."— Presentation transcript:

1 Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to protect one conversation –Long term key is used to distribute the session keys –Reduce the amount of traffic encrypted by each secret

2 Key exchange protocols Protocols 1: using symmetric cryptography –We assume that every node shares a key with KDC –Steps (1)Alice requests a key from KDC (2)KDC encrypts the key with Alice and Bob’s keys respectively and sends both messages to Alice (3)Alice forward Bob’s copy to Bob

3 Problems of protocol 1 –Alice knows both the plaintext and cipher text for Bob. It becomes a known-plaintext attack for Bob –When Alice sends a copy to Bob, how can Bob makes sure this is a fresh key or the other party is actually Alice?

4 Protocol 2: Using public key –We assume that everyone has a public private key pair –Steps (1)Alice generates a session key and encrypts it with Bob’s public key (2)Bob decrypts the message and gets the session key (3)Now they can talk safely

5 If the public keys of the nodes do not have certificate with them, they can be fake keys. And a min-in-the-middle attack can be conducted. How the min-in-the-middle attacks are conducted. How can the Interlock protocol mitigate the attack –What will be a good interlock: hash of the message, hash of the encryption result?

6 Man-in-the-Middle Attack AliceCathy I need Bob’s public key Eve Cathy I need Bob’s public key Eve Cathy Bob’s pub key e B Alice Bob’s pub key e E Eve Alice Bob { k s } e E Eve Bob { k s } e B Eve intercepts request Eve intercepts message

7 Interlock protocol (right way) AliceCathy I need Bob’s public key Eve Cathy I need Bob’s public key Eve Cathy Bob’s pub key e B Alice Bob’s pub key e E Eve Alice Bob Hash ( { msg} e E ) Eve Bob What should I send? Eve intercepts request Eve intercepts message

8 Interlock protocol (wrong way) AliceCathy I need Bob’s public key Eve Cathy I need Bob’s public key Eve Cathy Bob’s pub key e B Alice Bob’s pub key e E Eve Alice Bob Hash ( msg ) Eve Bob Eve intercepts request Eve intercepts message Hash ( msg )

9 Improvement to protocol 2: –Public keys for Alice and Bob should be protected by the certificate from a TTP

10 Authentication Authentication: prove that you are who you claim to be Method 1: –The system stores your password, and compares it with the characters you type in every time you login –Problem: if the attacker gets access to the file, you are cooked.

11 Method 2: –The system stores the hash result of the password, now if the attacker sees the hash value, it cannot recover the plaintext. –Problem: It is still not safe under dictionary attacks The system can add a random number after the password, which is called salt Public salt and private salt. Salt protects the overall system, but not specific users The same key combined with different salt will look differently in the system

12 Key management in some UNIX systems –don't use the shadow password files –the passwords are stored encrypted in the file /etc/passwd –Format of the stored record Account; coded password data; homedir; Gigawalt; fURfuu4.4hY0U; /home/gigawalt

13

14 Method 3: Using public-private key –The system knows the public key and the user keeps the private key –During login, the system sends a random number to user and user encrypts it with the private key –System decrypts with public key and verifies the user –Problems: Blind signature Chosen plaintext attack

15 Authentication Method 4: one key a time protocol –Hash chain –Unlimited one key a time system (2 possible solutions) Both sides know a secret k A knows R1, and B knows hash(k, R1) During first login, A sends R1 and hash(k, R2)

Download ppt "Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to."

Similar presentations

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.

COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Computer Security Set of slides 5 Dr Alexei Vernitski.

Computer Security Set of slides 5 Dr Alexei Vernitski.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Interlock Protocol - Akanksha Srivastava 2002A7PS589.

Interlock Protocol - Akanksha Srivastava 2002A7PS589.
NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.

NSRC Workshop Some fundamental security concerns... Confidentiality - could someone else read my data? Integrity - has my data been changed? Authentication.
Computer Security Key Management

Computer Security Key Management
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 29 Cryptography and Network.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.

1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Chapter 9: Key Management

Chapter 9: Key Management

Similar presentations

Ads by Google