Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication 3: On The Internet. 2 Readings URL attacks

Published byOphelia McCoy Modified over 8 years ago

Similar presentations

Presentation on theme: "Authentication 3: On The Internet. 2 Readings URL attacks"— Presentation transcript:

1 Authentication 3: On The Internet

2 2 Readings URL attacks http://www.technicalinfo.net/papers/URLEmbeddedAttacks.html http://www.technicalinfo.net/papers/URLEmbeddedAttacks.html Web security using CGI scripts http://www.w3.org/Security/Faq/wwwsf4.html http://www.w3.org/Security/Faq/wwwsf4.html Tempest: http://www.giac.org/practical/gsec/Cassi_Goodman_GSEC.pdf http://www.giac.org/practical/gsec/Cassi_Goodman_GSEC.pdf

3 3 Topics URL Obscuring Kerberos X.509 Digital Certificate Standard

4 4 URL Obscuring Uniform Resource Locator is used to find a web site. If you are sent a URL from an untrusted source, it may be obscured in a number of ways to look like a familiar, trusted site. Characters can be put into URLs to change the meaning.

5 5 URL Obscuring For example, you receive an email saying click on this link: http://www.friendlysite.com@129.210.32.1 You think you are going to “friendlysite”; however, the @ means that everything before it is the username and you really go to 129.210.32.1

6 6 Challenges for E-Commerce Many clients want services from a number of different servers. Servers need to know that the client is who he says he is. Key concerns are confidentiality and timeliness To provide confidentiality must encrypt identification and session key info which requires the use of previously shared private or public keys Need timeliness to prevent replay attacks. Can be provided by using sequence numbers or timestamps or challenge/response

7 7 Kerberos Developed at MIT. Users wish to access services on many servers. Three threats exist: –User pretend to be another user. –User alter the network address of a workstation to get another’s services. –User eavesdrop on exchanges and use a replay attack to get unauthorized services.

8 8 Problem with CR Protocol Alice and Bob want to use a challenge-response protocol to authenticate each other. They can encrypt and decrypt message with DES and their shared key, K AB. Alice sends her identity A and a random number R A to Bob. Bob responds with the number encrypted with the key he shares with Alice, K AB {R A } along with another random number R B. Alice responds by encrypting Bob’s number K AB {R B } and sending it to Bob. If that was Eve pretending to be Alice, she has a plaintext,cypertext pair to crack the key K AB.

9 9 Kerberos Kerberos provides a centralized authentication server to authenticate users to servers and servers to users. Users can share password with AS, but need not be known by all servers. Relies on conventional encryption, making no use of public-key encryption. Two versions: version 4 and 5. Version 4 uses DES

10 10 Simplified Version Client, C, asks authentication server, AS, for a “ticket” to identify him to vendor, V. Client supplies his password which is known by AS. AS gives C a ticket which can only be read by the vendor, V. Client, C, contacts vendor,V, giving him the ticket which V accepts because he trusts AS.

11 11 Kerberos Terms: C = Client AS = authentication server V = server or vendor ID c = identifier of user on C ID v = identifier of V P c = password of user on C ADc = network address of C K v = secret encryption key shared by AS and V TS = timestamp || = concatenation

12 12 Simple Authentication Dialog (1)C  AS: ID c || P c || ID v (2)AS  C:Ticket (3)C  V: ID c || Ticket Ticket = E K v [ ID c || AD c || ID v]

13 13 Problems with Simple Dialog Lifetime needs to be associated with the ticket –If too short, repeatedly asked for password –If too long, greater chance of replay attack –The threat is that an opponent will steal the ticket and use it before it expires Client password sent in the clear Every time client wants to use a new service (or reuse one) he must go to AS.

14 14 Solution: Kerberos Version 4 Add a Ticket Granting server When client logs in at start of session/day, he gets a ticket-granting ticket (TGT) from the Authentication Server. He supplies his password once per session/day. TGT is used to get a service ticket from a Ticket Granting Server each time service is needed (read mail, get a file, use print server). Authenticator is K c,v {ID c ||AD c ||TS}

15 15

16 16 Kerberos Version 4 Authentication Service Exhange: To obtain Ticket-Granting Ticket (1)C  AS: IDc || IDtgs ||TS 1 AS  C: E Kc [K c,tgs || ID tgs || TS 2 || Lifetime 2 || Ticket tgs ] Client/Server Authentication Exhange: To Obtain Service (5) C  V: Ticket v || Authenticator c (6) V  C: EKc,v[TS5 +1] Ticket-Granting Service Echange: To obtain Service-Granting Ticket (3) C  TGS: IDv ||Ticket tgs ||Authenticatorc (4) TGS  C: E Kc [K c,¨v || IDv || TS 4 || Ticket v ] Ticket tgs = E Ktgs [K c,tgs || IDc || ADc || IDtgs || TS 2 || lifetime] Ticket v = E Kv [K c,v || IDc || ADc || IDv || TS || lifetime]

17 17 Kerberos in Use Currently have two Kerberos versions: 4 : restricted to a single realm 5 : allows inter-realm authentication Kerberos v5 is an Internet standard specified in RFC1510, and used by many utilities To use Kerberos: need to have Kerberised applications running on all participating systems

18 Digital Certificates and PKI

19 19 Public Key Encryption Public key cryptography solves symmetric key encryption problem of having to exchange secret key Uses two mathematically related digital keys – public key (widely disseminated) and private key (kept secret by owner) Both keys are used to encrypt and decrypt message Once key is used to encrypt message, same key cannot be used to decrypt message For example, sender uses recipient’s public key to encrypt message; recipient uses his/her private key to decrypt it

20 20

21 21 Hash Signatures Application of hash function (mathematical algorithm) by sender prior to encryption produces hash digest that recipient can use to verify integrity of data Double encryption with sender’s private key (digital signature) helps ensure authenticity and nonrepudiation

22 22

23 23 Digital Envelopes Addresses weaknesses of public key encryption (computationally slow, decreases transmission speed, increases processing time) and symmetric key encryption (faster, but more secure) Uses symmetric key encryption to encrypt document but public key encryption to encrypt and send symmetric key

24 24 X.509 Authentication Standard A standard for a distributed set of servers that maintains a database about users. Based on public key cryptography, digital signatures and certificates. Each certificate contains the public key of a user and is signed with the private key of a CA. Used in S/MIME, IP Security, SSL/TLS and SET. RSA is recommended.

25 25 X.509 A public key certificate is associated with each user in the system. Certificates are created by some trusted certification authority (CA) and placed in the directory. Any user with the public key of the CA can recover a user public key in the directory that was certified by the CA. No party other than the CA can modify the certificate without detection. Certificates are unforgeable.

26 26 Digital Signature Idea

27 27 Digital Certificate Digital document that includes:  Name of subject or company  Subject’s public key  Digital certificate serial number  Expiration date  Issuance date  Digital signature of certification authority (trusted third party (institution) that issues certificate  Other identifying information

28 28

29 29 PKI Public Key Infrastructure (PKI): refers to the CAs and digital certificate procedures that are accepted by all parties. PKI applies mainly to protecting messages in transit. PKI is not effective against insider fraud. Protection of private keys by individuals may be haphazard. No guarantee that verifying computer of merchant is secure. CAs are unregulated, self-selecting organizations.

30 30 Certificate Revocation Each certificate has a period of validity. Usually a new certificate is issued just before the old one expires. Sometimes the certificates must be revoked before they expire: –The users secret key is assumed to be compromised. –The user is no longer certified by this CA. –The CA’s certificate is assumed to be compromised.

31 31 Certificate Revocation Lists Each CA maintains a list of revoked but not yet expired certificates. Each list (CRL) is signed by the CA and posted to the directory. A user who receives a certificate is responsible for checking the CRL to determine its validity.

32 32 Serial number is unique to a CA

33 33 Secure Session with SSL

34 34 For More Info General hacking http://www.insecure.org/ PKI in practice http://www.pki-page.org/http://www.pki-page.org/ Government PKI standards http://csrc.nist.gov/pki/ http://csrc.nist.gov/pki/

Download ppt "Authentication 3: On The Internet. 2 Readings URL attacks"

Similar presentations

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden

Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Authentication Applications

Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
NETWORK SECURITY.

NETWORK SECURITY.
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.

CSCE 815 Network Security Lecture 10 KerberosX.509 February 13, 2003.
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Similar presentations

Ads by Google