Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

Similar presentations


Presentation on theme: "1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session."— Presentation transcript:

1 1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session key

2 2 Authentication Objectives and Classification Objectives –Authentication (what was that again?) one-way mutual –Immunity from attacks –efficiency: minimum number of messages exchanged –bootstrapping a session: establishing a session key types of authentication –password authentication (authenticating humans or machines on their behalf) what’s wrong with it? –cryptographic challenge-response secret key public key

3 3 Secret Key One-Way problems one-way authentication, who is not authenticated? why is that a problem? connection hijacking possible dictionary attack possible if Trudy is eavesdropping (if K AB is derived from a password) Bob stores key in clear –what is possible if Bob’s machine is broken into? Alice Bob I’m Alice a challenge R F(K AB,R)

4 4 Alice Bob I’m Alice K AB {R} R Secret Key One-Way: Variant advantages can be used for mutual authentication, how? –replay attack possible if R’s lifetime is not limited problems requires reversible cryptography subject to dictionary attack, without eavesdropping, if R is recognizable

5 5 Secret Key One-Way: Timestamp Based alternatively, with a hash function, send: I’m Alice, timestamp, H(K AB,timestamp) advantages easy integration into password-sending systems efficient: single message, stateless (what does that mean?) problems clocks need to be synchronized, extra protection against replay needed if Alice uses same password to multiple servers, Trudy can authenticate to a different server if acts quickly clock protection needed at Bob Alice Bob I’m Alice, K AB {timestamp}

6 6 Secret Key One-Way: Timestamp Based alternatively, with a hash function, send: I’m Alice, timestamp, H(K AB,timestamp) advantages easy integration into password-sending systems efficient: single message, stateless (what does that mean?) problems clocks need to be synchronized, extra protection against replay needed if Alice uses same password to multiple servers, Trudy can authenticate to a different server if acts quickly clock protection needed at Bob Alice Bob I’m Alice, K AB {timestamp}

7 7 Public Key, One-Way where [] A is Alice’s signature. Can this be done with encryption? problem Trudy can get Alice to sign/decrypt any text he chooses, how? –why is decryption useful? solution don’t use the same key for authentication and other purposes give structure (formatting) (e.g. type field) to challenge so it cannot be mistaken for other things Alice Bob I’m Alice R [R] A

8 8 Secret Keys Mutual Authentication simple solution: run one-way authentication twice in reverse directions can we save a message? problems with simple solution (to be explained next) reflection attack password guessing Alice Bob I’m Alice R1 F(K AB,R1) R2 F(K AB,R2)

9 9 Reflection Attack Trudy opens two connections to Bob and reuses the results of the second connection to complete the first solutions: use dissimilar keys for directions format challenges have initiator authenticate first (more next slide) Trudy Bob I’m Alice, R2 R3, F(K AB,R2) Trudy Bob I’m Alice, R1 R2, F(K AB,R1) F(K AB,R2) 1 st connection 2 nd connection

10 10 Dictionary Attack Against Mutual Authentication Trudy can obtain material for offline password guessing (no eavesdropping) by forcing Bob to encrypt her challenge Solution against dictionary and reflection attacks: Alice Bob R1 F(K AB,R1), R2 F(K AB,R2) I’m Alice password guessing is still possible if Trudy can impersonate Bob (considered harder)

11 11 Mutual Authentication Public Keys [] – signature, {} – encryption why does Alice sign R? (minor) problem, –assume R is going to be used as conversation key, if Trudy records the conversation and, after the conversation is over, overruns Bob (breaks into Bob’s computer and learns his secrets), she can decode the conversation why overrunning Alice won’t help? –we already know the solution, what is it? Alice Bob I’m Alice, [{R} B ] A

12 12 Establishing Session Key secret keys knowing, K AB and R modify them in some way, ex: (K AB +1){R} (K AB +1){R} –why not K AB {R}? –K AB {R+1} ? public keys send additional random nonces(a number that is used only once) {R} A, {R} B and use them to derive a session key.


Download ppt "1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session."

Similar presentations


Ads by Google