Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Published byMagdalen Barbara Jordan Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz"— Presentation transcript:

1 1 Network Security Lecture 7 Overview of Authentication Systems http://web.uettaxila.edu.pk/CMS/coeCCNbsSp09/index.asp Waleed Ejaz waleed.ejaz@uettaxila.edu.pk

2 2 Overview 1. Passwords 2. Address based authentication 3. Key Distribution Center (KDC) 4. Certification Authorities (CAs) 5. Multiple Trust Domains 6. Session Keys 7. Delegation

3 3 Passwords Do not store passwords in clear. Store hashes. ⇒ Subject to offline attack Encrypt the hash storage. ⇒ Where do you keep the master key? Do not transmit passwords in clear. Use password as a key to encrypt a challenge. ⇒ Cryptographic Authentication

4 4 Address based Authentication /etc/hosts.equiv file in UNIX. John Smith can do on B whatever he is allowed to do on A. ⇒ Users need to have the same name on all machines. Per user.rhosts files. Lists that can access this account. Issue: Attacker can gain access to all machines Attacker can change IP addresses of machines and can access remote resources of all users on that machine. Attacker can use source route to send messages to D (from A).

5 5 Machine Vs Person Authentication Machines can store long secret keys. Person's password can be used to decrypt a long secret key or private key.

6 6 Secret Keys for an N-System Network n system need n(n-1)/2 pairs of secret keys Each system remembers n-1 keys. If a new system comes in n new key are generated. If a system leaves, n-1 keys are removed.

7 7 Key Distribution Center (KDC) Each node is configured with KDC's key KDC has all the keys. KDC sends a key encrypted with A's key and B's key to A. Issues:  If KDC is compromised, all systems are compromised.  KDC is single point of failure or performance bottleneck.  KDC has to be on-line all the time.

8 8 Certification Authorities Unsigned public keys can be tampered. Public Keys are signed by CAs ⇒ Certificates. Each system is configured with CA's public key. CA's don't have to be on-line. A compromised CA cannot decrypt conversations.

9 9 Certificate Revocations List (CRL) The lists are published regularly. Certificates are checked in a recent CRL. Certificate contains user's name, public key, expiration time, a serial number, and CA's signature on the content.

10 10 KDC in Multiple Trust Domains

11 11 KDC in Multiple Trust Domains(contd.) Some pairs of KDCs have a secret key Issue: Every pair of KDC needs a shared key ⇒ KDC hierarchy

12 12 CA’s in Multiple Domains Each CA has a certificate from the other. Alice with Boris's certificate and Boris's CA's certificate issued by Alice's CA can authenticate Boris

13 13 Session Keys Public key is used to exchange a secret key. Each session should start with a new secret key.

14 14 Delegation Authentication forwarding A signed message with time limit and details of privileges

15 15 Summary Passwords should not be stored or transmitted in clear ⇒ Use to generate keys Address based authentication is not safe. Key Distribution Center (KDC): Single point of failure Certification Authorities (CAs) sign public keys. Multiple Trust Domains: Hierarchy of KDCs or CAs

16 16 Questions!

Download ppt "1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz"

Similar presentations

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication.

Computer Science CSC 474Dr. Peng Ning1 CSC 474 Information Systems Security Topic 3.1 Overview of Authentication.
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Public Key Infrastructure (PKI)

Public Key Infrastructure (PKI)
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Public Key Management and X.509 Certificates

Public Key Management and X.509 Certificates
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.

Cryptography in e-Business Guest Lecture, November 13, 2006, Olin College Steven R. Gordon Prof. of Info Tech Management Babson College.

Similar presentations

Ads by Google