Presentation is loading. Please wait.

Presentation is loading. Please wait.

Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.

Published bySheena Little Modified over 9 years ago

Similar presentations

Presentation on theme: "Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication."— Presentation transcript:

1 Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication

2 Topic 11: Key Distribution and Agreement 2 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric key part)Needham-Schroeder protocol Public Key Certificates HTTP Secure

3 Outline and Objectives Key distribution among multiple parties Kerberos Distribution of public keys, with public key certificates Diffie-Hellman Protocol TLS/SSL/HTTPS Topic 11: Key Distribution and Agreement 3

4 Key Agreement among Multiple Parties For a group of N parties, every pair needs to share a different key –What is the number of keys? Solutions –Symmetric Encryption - Use a central authority, a.k.a. (TTP). –Asymmetric Encryption – PKI. Topic 11: Key Distribution and Agreement 4

5 5 Needham-Schroeder Shared-Key Protocol Parties: A, B, and trusted server T Setup: A and T share K AT, B and T share K BT Goal: Mutual entity authentication between A and B; key establishment Messages: A  T: A, B, N A (1) A  T: E[K AT ] (N A, B, k, E[K BT ](k,A))(2) A  B: E[K BT ] (k, A) (3) A  B: E[k] (N B ) (4) A  B: E[k] (N B -1)(5) What bad things can happen if there is no N A ? Another subtle flaw in Step 3.

6 Topic 11: Key Distribution and Agreement 6 Kerberos Implements the idea of Needham- Schroeder protocol Kerberos is a network authentication protocol Provides authentication and secure communication Relies entirely on symmetric cryptography Developed at MIT: http://web.mit.edu/kerberos/www http://web.mit.edu/kerberos/www Used in many systems, e.g., Windows 2000 and later as default authentication protocol

7 Topic 11: Key Distribution and Agreement 7 Kerberos Overview One issue of Needham-Schroeder – Needs [K AT ] for every communication. Kerberos solution: Separates TTP into an AS and a TGS. The client authenticates to AS using a long-term shared secret and receives a TGT [SSO]. Use this TGT to get additional tickets from TGS without resorting to using the shared secret. AS = Authentication Server SS = Service Server TGS = Ticket Granting Server TGT = Ticket Granting Ticket

8 Kerberos Protocol - 1 Topic 11: Key Distribution and Agreement 8 C (client) SS (server) AS (authentication server) TGS (ticket-granting server) 1 2 3 4 5 6

9 Kerberos Protocol – 2 (Simplified) Topic 11: Key Distribution and Agreement 9 1. C  AS: TGS || N C 2. AS  C: { K C,TGS || C} K AS,TGS || {K C,TGS || N C || TGS} K AS,C (Note that the first part of message 2 is the ticket granting ticket (TGT) for the TGS) 3. C  TGS: SS || N’ C || {K C,TGS || C} K AS,TGS || {C||T 1 } K C,TGS 4. TGS  C: {K C,SS || C} K TGS,SS || {K C,SS || N’ C || SS} K C,TGS (Note that the first part in message 4 is the ticket for the server S). 5. C  SS: {K C,SS || C} K TGS,SS || {C || T 2 } K C,SS 6. SS  C: {T 3 } K C,SS

10 Topic 11: Key Distribution and Agreement 10 Kerberos Drawback Single point of failure: Security partially depends on tight clock synchronization. Useful primarily inside an organization –Does it scale to Internet? What is the main difficulty?

11 Topic 11: Key Distribution and Agreement 11 Public Keys and Trust Public Key: P A Secret key: S A Public Key: P B Secret key: S B How are public keys stored? How to obtain the public key? How does Bob know or ‘trusts’ that P A is Alice’s public key?

12 Topic 11: Key Distribution and Agreement 12 Distribution of Public Keys Public announcement : users distribute public keys to recipients or broadcast to community at large. Publicly available directory : can obtain greater security by registering keys with a public directory. Both approaches have problems, and are vulnerable to forgeries

13 Topic 11: Key Distribution and Agreement 13 Public-Key Certificates A certificate binds identity (or other information) to public key Contents digitally signed by a trusted Public-Key or Certificate Authority (CA) –Can be verified by anyone who knows the public-key authority’s public-key. For Alice to send an encrypted message to Bob, obtains a certificate of Bob’s public key

14 Public Key Certificates Topic 11: Key Distribution and Agreement 14

15 Topic 11: Key Distribution and Agreement 15 X.509 Certificates Part of X.500 directory service standards. –Started in 1988 Defines framework for authentication services: –Defines that public keys stored as certificates in a public directory. –Certificates are issued and signed by an entity called certification authority (CA). Used by numerous applications: SSL, IPSec, SET Example: see certificates accepted by your browser

16 Topic 11: Key Distribution and Agreement 16 How to Obtain a Certificate? Define your own CA (use openssl or Java Keytool) –Certificates unlikely to be accepted by others Obtain certificates from one of the vendors: VeriSign, Thawte, and many others

17 Topic 11: Key Distribution and Agreement 17 CAs and Trust Certificates are trusted if signature of CA verifies Chain of CA’s can be formed, head CA is called root CA In order to verify the signature, the public key of the root CA should be obtain. TRUST is centralized (to root CA’s) and hierarchical What bad things can happen if the root CA system is compromised? How does this compare with the TTP in Needham/Schroeder protocol?

18 Topic 11: Key Distribution and Agreement 18 Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public. K = (g b mod p) a = g ab mod p g a mod p g b mod p K = (g a mod p) b = g ab mod p Pick random, secret (a) Compute and send g a mod p Pick random, secret (b) Compute and send g b mod p

19 Topic 11: Key Distribution and Agreement 19 Authenticated Diffie-Hellman g a mod n g b mod n g c mod n Alice computes g ac mod n and Bob computes g bc mod n !!! Is C Alice Alice’s certificate? C Alice, g a mod n, Sign Alice (g a mod n) C Bob, g b mod n, Sign Bob (g b mod n) Is C Bob Bob’s certificate?

20 Secure communication 20Topic 11: Key Distribution and Agreement

21 21 Transport Layer Security (TLS) Predecessors: Secure socket layer (SSL): Versions 1.0, 2.0, 3.0 TLS 1.0 (SSL 3.1); Jan 1999 TLS 1.1 (SSL 3.2); Apr 2006 TLS 1.2 (SSL 3.3); Aug 2008 Standard for Internet security –Originally designed by Netscape –Goal: “... provide privacy and reliability between two communicating applications” Two main parts –Handshake Protocol Establish shared secret key using public-key cryptography Signed certificates for authentication –Record Layer Transmit data using negotiated key, encryption function

22 Usage of SSL/TLS Applied on top of transport layer (typically TCP) Used to secure HTTP (HTTPS), SMTP, etc. One or both ends can be authenticated using public key and certificates –Typically only the server is authenticated Client & server negotiate a cipher suite, which includes –A key exchange algorithm, e.g., RSA, Diffie-Hellman, SRP, etc. –An encryption algorithm, e.g., RC4, Triple DES, AES, etc. –A MAC algorithm, e.g., HMAC-MD5, HMC-SHA1, etc. Topic 11: Key Distribution and Agreement 22

23 Viewing HTTPS web sites Browser needs to communicate to the user the fact that HTTPS is used –E.g., a golden lock indicator on the bottom or on the address bar –Check some common websites –When users correctly process this information, can defeat phishing attacks –Security problems exist People don’t know about the security indicator People forgot to check the indicator Browser vulnerabilities enable incorrect indicator to be shown Use confusing URLs, e.g., –https:// homebanking.purdueefcu.com@host.evil.com/homebanking.purdueefcu.com@host.evil.com/ Stored certificate authority info may be changed Topic 11: Key Distribution and Agreement 23

24 Topic 11: Key Distribution and Agreement 24 Coming Attractions … Software vulnerabilities

Download ppt "Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CP3397 ECommerce.

CP3397 ECommerce.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptography and Network Security

Cryptography and Network Security
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security Steve Ko Computer Sciences and Engineering University at Buffalo.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.

SSL & SharePoint IT:Network:Applications. Agenda Secure Socket Layer Encryption 101 SharePoint Customization SharePoint Integration.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.

Web Security CS-431. HTTP Authentication Protect web content from those who don’t have a “need to know” Require users to authenticate using a userid/password.
Introduction to Cryptography

Introduction to Cryptography
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

Similar presentations

Ads by Google