Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

Published byVirginia Maxwell Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session."— Presentation transcript:

1 1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session key

2 2 Authentication Objectives and Classification Objectives –Authentication (what was that again?) one-way mutual –Immunity from attacks –efficiency: minimum number of messages exchanged –bootstrapping a session: establishing a session key types of authentication –password authentication (authenticating humans or machines on their behalf) what’s wrong with it? –cryptographic challenge-response secret key public key

3 3 Secret Key One-Way problems one-way authentication, who is not authenticated? why is that a problem? connection hijacking possible dictionary attack possible if Trudy is eavesdropping (if K AB is derived from a password) Bob stores key in clear –what is possible if Bob’s machine is broken into? Alice Bob I’m Alice a challenge R F(K AB,R)

4 4 Alice Bob I’m Alice K AB {R} R Secret Key One-Way: Variant advantages can be used for mutual authentication, how? –replay attack possible if R’s lifetime is not limited problems requires reversible cryptography subject to dictionary attack, without eavesdropping, if R is recognizable

5 5 Secret Key One-Way: Timestamp Based alternatively, with a hash function, send: I’m Alice, timestamp, H(K AB,timestamp) advantages easy integration into password-sending systems efficient: single message, stateless (what does that mean?) problems clocks need to be synchronized, extra protection against replay needed if Alice uses same password to multiple servers, Trudy can authenticate to a different server if acts quickly clock protection needed at Bob Alice Bob I’m Alice, K AB {timestamp}

6 6 Secret Key One-Way: Timestamp Based alternatively, with a hash function, send: I’m Alice, timestamp, H(K AB,timestamp) advantages easy integration into password-sending systems efficient: single message, stateless (what does that mean?) problems clocks need to be synchronized, extra protection against replay needed if Alice uses same password to multiple servers, Trudy can authenticate to a different server if acts quickly clock protection needed at Bob Alice Bob I’m Alice, K AB {timestamp}

7 7 Public Key, One-Way where [] A is Alice’s signature. Can this be done with encryption? problem Trudy can get Alice to sign/decrypt any text he chooses, how? –why is decryption useful? solution don’t use the same key for authentication and other purposes give structure (formatting) (e.g. type field) to challenge so it cannot be mistaken for other things Alice Bob I’m Alice R [R] A

8 8 Secret Keys Mutual Authentication simple solution: run one-way authentication twice in reverse directions can we save a message? problems with simple solution (to be explained next) reflection attack password guessing Alice Bob I’m Alice R1 F(K AB,R1) R2 F(K AB,R2)

9 9 Reflection Attack Trudy opens two connections to Bob and reuses the results of the second connection to complete the first solutions: use dissimilar keys for directions format challenges have initiator authenticate first (more next slide) Trudy Bob I’m Alice, R2 R3, F(K AB,R2) Trudy Bob I’m Alice, R1 R2, F(K AB,R1) F(K AB,R2) 1 st connection 2 nd connection

10 10 Dictionary Attack Against Mutual Authentication Trudy can obtain material for offline password guessing (no eavesdropping) by forcing Bob to encrypt her challenge Solution against dictionary and reflection attacks: Alice Bob R1 F(K AB,R1), R2 F(K AB,R2) I’m Alice password guessing is still possible if Trudy can impersonate Bob (considered harder)

11 11 Mutual Authentication Public Keys [] – signature, {} – encryption why does Alice sign R? (minor) problem, –assume R is going to be used as conversation key, if Trudy records the conversation and, after the conversation is over, overruns Bob (breaks into Bob’s computer and learns his secrets), she can decode the conversation why overrunning Alice won’t help? –we already know the solution, what is it? Alice Bob I’m Alice, [{R} B ] A

12 12 Establishing Session Key secret keys knowing, K AB and R modify them in some way, ex: (K AB +1){R} (K AB +1){R} –why not K AB {R}? –K AB {R+1} ? public keys send additional random nonces(a number that is used only once) {R} A, {R} B and use them to derive a session key.

Download ppt "1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session."

Similar presentations

Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
Slide 1 Vitaly Shmatikov CS 378 Attacks on Authentication.

Slide 1 Vitaly Shmatikov CS 378 Attacks on Authentication.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.

UCB Security Jean Walrand EECS. UCB Outline Threats Cryptography Basic Mechanisms Secret Key Public Key Hashing Security Systems Integrity Key Management.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google