Presentation is loading. Please wait.

Presentation is loading. Please wait.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Similar presentations


Presentation on theme: "Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way."— Presentation transcript:

1 Alexander Potapov

2  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way authentication protocol attack  The Diffie-Hellman key exchange attack  Authentication protocol using a KDC

3  Authentication deals with the question of whether you are actually communicating with a specific process.  Authorization is concerned with what that process is permitted to do.

4  Authentication deals with the question of whether you are actually communicating with a specific process.  Authorization is concerned with what that process is permitted to do. Example:  Is this actually Scott's process (authentication)?  Is Scott allowed to delete this file (authorization)? Scott Server Delete file Request

5  Existing cryptographic keys  Method of session key generation

6  The principals already share a secret key  An off-line server is used. Principals possess certified public keys  An on-line server is used. Each principal shares a key with a trusted server

7  The principals already share a secret key  An off-line server is used. Principals possess certified public keys  An on-line server is used. Each principal shares a key with a trusted server

8  The principals already share a secret key  An off-line server is used. Principals possess certified public keys  An on-line server is used. Each principal shares a key with a trusted server

9  A key transport protocol  A key agreement protocol One of the principals generates the key and this key is then transferred to all protocol users (K s in this example)

10  A key transport protocol  A key agreement protocol Session key is a function of inputs by all protocol users

11  Confidentiality  Data integrity  Data origin authentication  Non-repudiation Ensures that data is only available to those authorised to obtain it. Usually achieved through encryption/decryption.

12  Confidentiality  Data integrity  Data origin authentication  Non-repudiation Ensures that data has not been altered by unauthorised entities. Usually achieved: Use of hash functions in combination with encryption Use of message authentication code to create a separate check field

13  Confidentiality  Data integrity  Data origin authentication  Non-repudiation Guarantees the origin of data. Normally achieved by the same mechanisms like we have in data integrity.

14  Confidentiality  Data integrity  Data origin authentication  Non-repudiation Ensures that entities cannot deny sending data that they have committed to. Typically provided using a digital signature mechanism.

15  Timestamps  Nonces (random challenges)  Counters User of the session key should be able to verify that key is new and not replayed from old sessions. On recipients side if message is within an acceptable window of the current time then the message is regarded as fresh.

16  Timestamps  Nonces (random challenges)  Counters User of the session key should be able to verify that key is new and not replayed from old sessions. The message is fresh because the message cannot have been formed before the nonce was generated.

17  Timestamps  Nonces (random challenges)  Counters User of the session key should be able to verify that key is new and not replayed from old sessions. The sender and recipient maintain a synchronized counter whose value is sent with the message and then incremented.

18  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary captures the information sent in the protocol Eavesdropping

19  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary alters the information sent in the protocol Modification

20  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary records information seen in the protocol and then sends it to the same, or a different, principal, possibly during a later protocol run Replay

21  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary engages in a run of the protocol prior to a run by the legitimate principals Preplay

22  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary sends protocol message back to the principal who sent them Reflection

23  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary prevents or hinders legitimate principals from completing the protocol Denial of service

24  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary replaces a protocol message field of one type with a message field of another type Typing attacks

25  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary gains some useful leverage from the protocol to help in cryptanalysis Cryptanalysis

26  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary chooses or modifies certificate information to attack one or more protocol runs Certificate manipulation

27  Eavesdropping  Modification  Replay  Preplay  Reflection  Denial of service  Typing attacks  Cryptanalysis  Certificate manipulation  Protocol interaction The adversary chooses a new protocol to interact with a known protocol Protocol interaction

28 A, B are the identities of Alice and Bob. R i - the challenge, where the subscript identifies the challenger. K i - are keys, where i indicates the owner.

29 Second session is opened (message 3), supplying the R B taken from message 2. Bob encrypts it and sends back K AB (R B ) in message 4.

30 Both HMACs include values chosen by the sending party, something which Trudy cannot control. HMAC – hashed message authentication code Data structured is hashed into the HMAC, for example using SHA-1. Based on received information, Alice can compute the HMAC herself.

31 n and g are two agreed large numbers x and y are large (say, 512-bit) private numbers generated by both sides The trouble is, given only g mod n, it is hard to find x. All currently- known algorithms simply take too long, even on massively parallel supercomputers. x

32 Alice thinks she is talking to Bob so she establishes a session key (with Trudy). So does Bob. Every message that Alice sends on the encrypted session is captured by Trudy, stored, modified if desired, and then (optionally) passed on to Bob. Similarly, in the other direction.

33 KDC - Key distribution center K s - generated session key By snooping on the network, Trudy copies message 2 and the money-transfer request that follows it. Later, she replays both of them to Bob.

34 ½ messages – ticket request (R A assures that message 2 is fresh, and not a replay) Message 4 - Bob sends back it to prove to Alice that she is talking to the real Bob

35 Protocols for authentication and key establishment Colin Boyd, Anish Mathuria Computer networks Andrew S. Tanenbaum


Download ppt "Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way."

Similar presentations


Ads by Google