Presentation is loading. Please wait.

Presentation is loading. Please wait.

Prepared by They Yu Shu Lee Ern Yu.  Motivation  Previous Work  Remaining Issues  Improvement.

Published byStephen Bradley Modified over 9 years ago

Similar presentations

Presentation on theme: "Prepared by They Yu Shu Lee Ern Yu.  Motivation  Previous Work  Remaining Issues  Improvement."— Presentation transcript:

1 Prepared by They Yu Shu Lee Ern Yu

2  Motivation  Previous Work  Remaining Issues  Improvement

3  Current security schemes for iSCSI:  IPsec  File System Based Encryption (NTFS, EXT3 and etc.)  CHAP, Kerberos, SRP  Current security schemes doesn ’ t worked well on mobile devices.  Limited processing power and resources  Frequently changes of IP address  May not support IPsec or file system that provide data protection mechanism

4  Embedded a light-weight encryption scheme using Dragon Encryption algorithm and HMAC- SHA256 into iSCSI layer  Data transfer between initiator and target are secured.

5

6

7  Phase 1 Authentication and Key Exchange?  Dragon is a symmetric key encryption algorithm  The default authentication scheme (CHAP) does not secure enough

8

9 1. After the Link Establishment phase is complete, the authenticator sends a “challenge” message to the peer. 2. The peer responds with a value calculated using a “one-way hash” function. 3. The authenticator checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise the connection SHOULD be terminated. 4. At random intervals, the authenticator sends a new challenge to the peer, and repeats steps 1 to 3. AuthenticatorPeer Challenge Respond Accept or Reject

10 CodeIdentifierLength Data … Figure 1: A captured CHAP Challenge packet Figure 2: A captured CHAP response packet

11  Information we gathered so far  Username  Server name  Client and server IP  The ID used to compute response  Challenge and associated response  Try dictionary Attack

12  Requirement in RFC 1994:-  The client MUST answer any challenge it receives Challenge Response Accept Challenge Response Accept

13  Propose to use EC-SRP (Elliptic Curve Cryptography - Secure Remote Password) in the In-Band Initiator-Target Authentication phase.

14  A password authentication and key exchange protocol.  SRP (Secure Remote Password) is already used for iSCSI Authentication  EC-SRP is SRP implementation using ECC (Elliptic Curve Cryptography)  EC-SRP need lesser amount of processing power.

15  Further enhance the research paper “A Lightweight Virtual Storage Security Scheme for Mobile Devices”  Propose to use EC-SRP (Elliptic Curve Cryptography - Secure Remote Password) in the In-Band Initiator-Target Authentication phase.  Comparison between various type of Secure Remote Password (SRP) with EC-SRP

16  Bruce Schneier and Mudge. Cryptoanalysis of Microsoft’s Point-to- Point Tunneling Protocol (PPTP).  An implementation of the attack described in this paper. http://stealth.7350.org/7350pppd.tgz.  J. Satran, K. Meth, C. Sapuntzakis, M. Chadalapaka, E. Zeidner.: Internet Small Computer Systems Interface (iSCSI), Request For Comments 3720, April 2004.  A. Menezes and S.A. Vanstone. Elliptic curve cryptosystems and their implementations. Journal of Cryptology, 6(4):209{224, 1993.  D. Jablon. Extended password methods immune to dictionary attack. In WETICE '97 Enterprise Security Workshop, Cambridge, MA, June 1997.

17

Download ppt "Prepared by They Yu Shu Lee Ern Yu.  Motivation  Previous Work  Remaining Issues  Improvement."

Similar presentations

Authentication.

Authentication.
Encrypting Wireless Data with VPN Techniques

Encrypting Wireless Data with VPN Techniques
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.

Rick Graziani PPP authentication protocols 1. Link establishment - (LCPs) 2. Authentication - Optional (LCPs) 3. Link quality determination.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.

S4C4 PPP. Protocols Point to Point Protocol Link Control Protocol Network Control Program Password Authentication Protocol Challenge Handshake Authentication.
1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.

1 Chapter 2: Networking Protocol Design Designs That Include TCP/IP Essential TCP/IP Design Concepts TCP/IP Data Protection TCP/IP Optimization.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT 09.11.2005.

NAT TRAVERSAL FOR IPSEC Research Seminar on Datacommunications Software HIIT
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Ariel Eizenberg arielez@cs.huji.ac.il PPP Security Features Ariel Eizenberg arielez@cs.huji.ac.il.

Ariel Eizenberg PPP Security Features Ariel Eizenberg
PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.

PPP (Point to Point protocol).  On WAN connection, the protocol depends on the WAN technology and communicating equipment:  Examples:  HDLC –  The.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Remote Networking Architectures

Remote Networking Architectures
Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.

Point-to-Point Protocol (PPP) Security Connecting to remote access servers (RASs) PPP authentication PPP confidentiality Point-to-Point Tunneling Protocol.
Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei.

Microsoft Challenge Handshake Authentication Protocol CS265 Spring 2005 ChungShun Wei.
NetComm Wireless VPN Functionality Feature Spotlight.

NetComm Wireless VPN Functionality Feature Spotlight.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Strong Password Protocols

Strong Password Protocols

Similar presentations

Ads by Google