Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication Advanced Software Engineering (CSE870) Instructor: Dr. B. Cheng Contact info: chengb at cse dot msu dot edu Eduardo Diaz Dan Fiedler Andres.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Authentication Advanced Software Engineering (CSE870) Instructor: Dr. B. Cheng Contact info: chengb at cse dot msu dot edu Eduardo Diaz Dan Fiedler Andres."— Presentation transcript:

1 Authentication Advanced Software Engineering (CSE870) Instructor: Dr. B. Cheng Contact info: chengb at cse dot msu dot edu Eduardo Diaz Dan Fiedler Andres Ramirez Eduardo Diaz Dan Fiedler Andres Ramirez

2 Road Map  Introduction to Authentication  Needham-Schroeder, Otway-Rees, Kerberos  Commonalities  Additional Requirements  Class Diagrams  State Diagrams  Conclusions  Introduction to Authentication  Needham-Schroeder, Otway-Rees, Kerberos  Commonalities  Additional Requirements  Class Diagrams  State Diagrams  Conclusions

3 Authentication  Meet:  Alice (Staff)  Bob (MISys)  Meet:  Alice (Staff)  Bob (MISys)

4 Authentication  Purpose  Key exchange.  Allow Alice to secretly communicate with Bob using a shared cryptographic key.  Methods  Private keys, shared keys, public keys…  Potential Problems  Trustworthy?  Safe handling of private keys?  Purpose  Key exchange.  Allow Alice to secretly communicate with Bob using a shared cryptographic key.  Methods  Private keys, shared keys, public keys…  Potential Problems  Trustworthy?  Safe handling of private keys?

5 Needham-Schroeder 1.Alice Cathy: {Alice || Bob || rand 1 } 2.Cathy Alice: {Alice || Bob || rand 1 } Ksess || {Alice || Ksess} kbob } kalice 3. Alice Bob: {Alice || ksess} kbob 4. Bob Alice: {rand 2 } ksess 5. Alice Bob: {rand 2 - 1} ksess 1.Alice Cathy: {Alice || Bob || rand 1 } 2.Cathy Alice: {Alice || Bob || rand 1 } Ksess || {Alice || Ksess} kbob } kalice 3. Alice Bob: {Alice || ksess} kbob 4. Bob Alice: {rand 2 } ksess 5. Alice Bob: {rand 2 - 1} ksess

6 Needham Schroeder  Motive?  Prevent replay attacks  A valid data transmission is retransmitted maliciously.  Nonces  Randomly generated numbers to identify exchanges.  Key idea: Cathy is trusted by Alice and Bob.  Motive?  Prevent replay attacks  A valid data transmission is retransmitted maliciously.  Nonces  Randomly generated numbers to identify exchanges.  Key idea: Cathy is trusted by Alice and Bob.

7 Otway-Rees 1.Alice Bob: num || Alice || Bob || { rand 1 || num || Alice|| Bob} kalice 2. Bob Cathy: num || Alice || Bob || {rand 1 || num || Alice || Bob} kalice || {rand 2 || num || Alice || Bob} kbob 3. Cathy Bob: num || {rand 1 || k sess } kalice || {rand 2 || k sess } kbob 4. Bob Alice: num || {rand 1 || k sess } kalice 1.Alice Bob: num || Alice || Bob || { rand 1 || num || Alice|| Bob} kalice 2. Bob Cathy: num || Alice || Bob || {rand 1 || num || Alice || Bob} kalice || {rand 2 || num || Alice || Bob} kbob 3. Cathy Bob: num || {rand 1 || k sess } kalice || {rand 2 || k sess } kbob 4. Bob Alice: num || {rand 1 || k sess } kalice

8 Otway-Rees  Motivation  Needham-Schroeder assumes all cryptographic keys are secure… in practice generated pseudorandomly… but it can be predicted.  Num  Verify that num agrees through the exchanges.  Key Idea  Cathy is again the trustworthy element.  Motivation  Needham-Schroeder assumes all cryptographic keys are secure… in practice generated pseudorandomly… but it can be predicted.  Num  Verify that num agrees through the exchanges.  Key Idea  Cathy is again the trustworthy element.

9 Kerberos 1.Alice Cerberus: Alice || Barnum 2.Cerberus Alice: {k alice,barnum } kalice || T alice,barnum 3.Alice Barnum: Guttenberg || A alice,barnum || T alice,barnum 4.Barnum Alice: Alice || {k alice,guttenberg } kalicebarnum || T alice,guttenberg 5.Alice Guttenberg: A alice,guttenberg || T alice,guttenberg 6. Guttenberg Alice: {t+1} kalice,guttenberg 1.Alice Cerberus: Alice || Barnum 2.Cerberus Alice: {k alice,barnum } kalice || T alice,barnum 3.Alice Barnum: Guttenberg || A alice,barnum || T alice,barnum 4.Barnum Alice: Alice || {k alice,guttenberg } kalicebarnum || T alice,guttenberg 5.Alice Guttenberg: A alice,guttenberg || T alice,guttenberg 6. Guttenberg Alice: {t+1} kalice,guttenberg

10 Kerberos  What is T?  T alice,barnum = Barnum || {Alice || Alice Address || valid time || k alice,barnum } kbarnum  What is A?  {Alice || generation time || kt} kalice,barnum  Kt… not used.  What is T?  T alice,barnum = Barnum || {Alice || Alice Address || valid time || k alice,barnum } kbarnum  What is A?  {Alice || generation time || kt} kalice,barnum  Kt… not used.

11 Kerberos  Motivation  Separate authentication of the user to ticket granting server and resource being requested.  2 Servers  Authenticate first  Obtain ticket second  Key Idea:  Time windows  Separation of trusted parties  Motivation  Separate authentication of the user to ticket granting server and resource being requested.  2 Servers  Authenticate first  Obtain ticket second  Key Idea:  Time windows  Separation of trusted parties

12 Commonalities  Message Passing  Authentication Requests  Encryption / Decryption  Key Passing  … other than that, not much!  Each protocol has slight variants.  Message Passing  Authentication Requests  Encryption / Decryption  Key Passing  … other than that, not much!  Each protocol has slight variants.

13 Additional Requirements  Same as other groups plus:  Incorporate 2 design patterns  1 must be a security design pattern  Strategy Design Pattern (encryption algorithms)  Single Access Point (entry and logging)  Instantiate the framework at MISys  At the whitebox level  Same as other groups plus:  Incorporate 2 design patterns  1 must be a security design pattern  Strategy Design Pattern (encryption algorithms)  Single Access Point (entry and logging)  Instantiate the framework at MISys  At the whitebox level

14 Whitebox Class Diagram

15 N.S. Class Diagram

16 O.R. Class Diagram

17 Kerberos Class Diagram

18 Whitebox Class Diagram-MISys

19 State Diagrams, NS

20 State Diagrams, N.S.

21 State Diagram, O.R.

22

23 State Diagram, Kerberos

24 Graybox Class Diagram

25 BlackBox Class Diagram

26 Conclusions  Questions?

Download ppt "Authentication Advanced Software Engineering (CSE870) Instructor: Dr. B. Cheng Contact info: chengb at cse dot msu dot edu Eduardo Diaz Dan Fiedler Andres."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
Computer Security Key Management

Computer Security Key Management
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

Similar presentations

Ads by Google