Presentation is loading. Please wait.

Presentation is loading. Please wait.

Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties Jari Arkko & Pekka Nikander Presented by Riku Honkanen.

Published byEmmeline Logan Modified over 9 years ago

Similar presentations

Presentation on theme: "Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties Jari Arkko & Pekka Nikander Presented by Riku Honkanen."— Presentation transcript:

1 Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties Jari Arkko & Pekka Nikander Presented by Riku Honkanen

2 Presentation Outline ”Cryptographically strong authentication between previously unknown parties without relying on trusted third parties” Why weak authentication? Weak authentication techniques –Classification –Concrete techniques –Technique Analysis Economic impacts & probabilities

3 If there are no real-world identities/effects Imperfect security is sometimes enough Higher cost of strong authentication Current & potential applications: –Personal area networks –Secure Shell (SSH) –Session Initiation Protocol (SIP) –Multi-homing –Mobilitity Why Weak Authentication?

4 Spatial Separation –Ensuring that the peer is on a certain path Temporal Separation –Peers relate past & current communications Asymmetric Costs –Cost of attack is higher than cost of defense Application Semantics –Cryptographic properties of identifiers Technique Categories (1/2)

5 Combined and Transitive Techniques –The mentioned categories can be combined for improved security Time and location as main dimensions Technique Categories (2/2) Time Location One time use Same peer Same peer, different location Over a specific path

6 Concrete Techniques Anonymous Encryption - temporal –e.g. unauthenticated Diffie-Hellman secures a single session Challenge-Response - spatial –Freshness and peer on a certain path Leap-of-Faith – temporal, spatial, asymmetric cost –Unauthenticated at start of first connection –Following connections authenticated Cryptographically Generated Addresses – spatial & application Opportunistic IPSec

7 Anonymous Encryption –Vulnurable for man-in-the-middle attack in the beginning of the session –Benefits community more than a single user Challenge-Response –Probability of a certain path having an attacker Leap-of-Faith –Uncertainty gets smaller when number of connections increases between specific peers Technique Analysis

8 Economic Impacts & Probabilities Cost of attack vs. cost of defense –Weak authentication may be enough to raise the cost of the attack to multiples of cost of the defense Probability of the attack –Weak authentication may lower the probability of an attacker being present significantly Economics and probabilities should be understood before application protocol design

9 Weak authentication is good enough for some applications Basic WA techniques can provide significant advantage with low cost Importance of uncertainty, probability and economic impact analysis –the results may be surprising Summary

Download ppt "Weak Authentication: How to Authenticate Unknown Principals without Trusted Parties Jari Arkko & Pekka Nikander Presented by Riku Honkanen."

Similar presentations

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –

Authentication and Key Agreement – Flexibility in credentials – Modern, publically analysed/available cryptographic primitives – Freshness guarantees –
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
SCSC 455 Computer Security Virtual Private Network (VPN)

SCSC 455 Computer Security Virtual Private Network (VPN)
1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.

1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.
Introduction Cloud characteristics Security and Privacy aspects Principal parties in the cloud Trust in the cloud 1. Trust-based privacy protection 2.Subjective.

Introduction Cloud characteristics Security and Privacy aspects Principal parties in the cloud Trust in the cloud 1. Trust-based privacy protection 2.Subjective.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.

Cryptography and Authentication Lab ECE4112 Group4 Joel Davis Scott Allen Quinn.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.

Secure Shell – SSH Tam Ngo Steve Licking cs265. Overview Introduction Brief History and Background of SSH Differences between SSH-1 and SSH- 2 Brief Overview.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Dr. Sarbari Gupta Electrosoft Services Tel: (703)757-9096 Security Characteristics of Cryptographic.

Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Cryptographic Technologies

Cryptographic Technologies
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

Similar presentations

Ads by Google