Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.

Published byFlora Cooper Modified over 9 years ago

Similar presentations

Presentation on theme: "Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena."— Presentation transcript:

1 Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena

2 Course Administration HW2 due – Tuesday, 11am – Feb 28 HW1 to be distributed – Please remind if I forget 11/20/2015 2 Lecture 5.2: Private Key Distribution

3 Course Admin Mid-Term Exam – On March 08 (Thursday) – In class, from 11am-12:15pm Covers lectures up to Feb 23 (this week) In-class review on Mar 06 (Tuesday) Strictly closed-book (no cheat-sheets are allowed) A sample exam will be provided as we near the exam date 11/20/2015 3 Lecture 5.2: Private Key Distribution

4 Course Admin Next Lecture will be short – I have to attend our big Security Center event http://thecenter.uab.edu/ai1ec_event/cyber-summit- 2012/?instance_id=21 Entertain the guests at the luncheon – We will stop at 11:40am 11/20/2015 Lecture 5.2: Private Key Distribution 4

5 Outline of Today’s lecture Key Distribution Introduction Protocol for private key distribution Kerberos: Real-world system 11/20/2015 5 Lecture 5.2: Private Key Distribution

6 Some questions from last time Can OTP make for a good MAC? Can H(K||m) make for a good MAC? Does HMAC provide non-repudiation? 11/20/2015 6 Lecture 5.2: Private Key Distribution

7 Key Distribution Cryptographic primitives seen so far assume – In private key setting: Alice and Bob share a secret key which is unknown to Oscar. – In public key setting: Alice has a “trusted” (or authenticated) copy of Bob’s public key. But how does this happen in the first place? Alice and Bob meet and exchange key(s) Not always practical or possible. We need key distribution, first and foremost! Idea: make use of a trusted third party (TTP) 11/20/2015 7 Lecture 5.2: Private Key Distribution

8 “Private Key” Distribution: an attempt Protocol assumes that Alice and Bob share a session key K A and K B with a Key Distribution Center (KDC). – Alice calls Trent (Trusted KDC) and requests a session key to communicate with Bob. – Trent generates random session key K and sends E K A (K) to Alice and E K B (K) to Bob. – Alice and Bob decrypt with K A and K B respectively to get K. This is a key distribution protocol. Susceptible to replay attack! 8

9 Session Key Exchange with KDC – Needham- Schroeder Protocol A -> KDC ID A || ID B || N 1 (Hello, I am Alice, I want to talk to Bob, I need a session Key and here is a random nonce identifying this request) KDC -> A E K A ( K || ID B || N 1 || E K B (K || ID A )) Encrypted(Here is a key, for you to talk to Bob as per your request N 1 and also an envelope to Bob containing the same key) A -> B E K B (K || ID A ) (I would like to talk using key in envelope sent by KDC) B -> A E K (N 2 ) (OK Alice, But can you prove to me that you are indeed Alice and know the key?) A -> B E K (f(N 2 )) (Sure I can!) Dennig-Sacco (replay) attack on the protocol 11/20/2015 9 Lecture 5.2: Private Key Distribution

10 Session Key Exchange with KDC – Needham- Schroeder Protocol (corrected version with mutual authentication) A -> KDC: ID A || ID B || N 1 (Hello, I am Alice, I want to talk to Bob, I need a session Key and here is a random nonce identifying this request) KDC -> A: E K A ( K || ID B || N 1 || E K B (TS1, K || ID A )) Encrypted(Here is a key, for you to talk to Bob as per your request N 1 and also an envelope to Bob containing the same key) A -> B: E K (TS2), E K B (TS1, K || ID A ) (I would like to talk using key in envelope sent by KDC; here is an authenticator) B -> A: E K (TS2+1) (OK Alice, here is a proof that I am really Bob) 11/20/2015 10 Lecture 5.2: Private Key Distribution

11 Kerberos - Goals Security – Next slide. Reliability Transparency – Minimum modification to existing network applications. Scalability – Modular distributed architecture. 11/20/2015 11 Lecture 5.2: Private Key Distribution

12 Kerberos – Security Goals No cleartext passwords over network. No cleartext passwords stored on servers. Minimum exposure of client and server keys. Compromise of a session should only affect that session Require password only at login. 11/20/2015 12 Lecture 5.2: Private Key Distribution

13 Kerberos - Assumptions Global clock. There is a way to distribute authorization data. – Kerberos provides authentication and not authorization. 11/20/2015 13 Lecture 5.2: Private Key Distribution

14 Kerberos Key Distribution (1) JoeKDC I would like to Talk to the File Server KDC Step 1 Joe to KDC Step 2 KDC Session key for User Session key for service 11/20/2015 14 Lecture 5.2: Private Key Distribution

15 Kerberos Key Distribution (2) Step 3 KDC Session Key for Joe Dear Joe, This key for File server Box 1 Locked With Joe’s key Session Key for File server Dear File server, This key for Use with Joe Box 2 Locked With File Server’s key JoeKDC Step 4 KDC to Joe Box 1Box 2 11/20/2015 15 Lecture 5.2: Private Key Distribution

16 Kerberos Key Distribution (3) Dear Joe, This key for File server Opened Box 1 Session Key for File server Dear File server, This key for Use with Joe Box 2 Locked With File Server’s key Step 5 Joe Step 6 Joe Session Key for File server Dear File server, This key for Use with Joe Box 2 Locked With File Server’s key Dear File server, The time is 3:40 pm Box 3 Locked With Session key 11/20/2015 16 Lecture 5.2: Private Key Distribution

17 Kerberos Key Distribution (4) Joe File Server Step 7 Joe to File server Box 2Box 3 Step 8 File server Dear File server, This key for Use with Joe Unlocked Box 2 Dear File server, The time is 3:40 pm Unlocked Box 3 11/20/2015 17 Lecture 5.2: Private Key Distribution

18 Kerberos Key Distribution (5) For mutual authentication, file server can create box 4 with time stamp and encrypt with session key and send to Joe. Box 2 is called ticket. KDC issues ticket only after authenticating password To avoid entering passwords every time access needed, KDC split into two – authenticating server and ticket granting server. 11/20/2015 18 Lecture 5.2: Private Key Distribution

19 Kerberos– One Slide Overview 11/20/2015 19

20 Version 4 Summary 11/20/2015 20 Lecture 5.2: Private Key Distribution

21 Kerberos - Limitations Every network service must be individually modified for use with Kerberos. Requires a global clock Requires secure Kerberos server. Requires continuously available or online server. 11/20/2015 21 Lecture 5.2: Private Key Distribution

22 Further Reading Stallings Chapter 15 HAC Chapter 12 11/20/2015 22 Lecture 5.2: Private Key Distribution

23 Some questions Can a KDC learn communication between Alice and Bob, to whom it issued keys? What if the KDC server is down or congested? What if the KDC server is compromised? 11/20/2015 23 Lecture 5.2: Private Key Distribution

Download ppt "Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

Similar presentations

Ads by Google