Presentation is loading. Please wait.

Presentation is loading. Please wait.

Identify Friend or Foe (IFF) Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. E(N,K) SAAF Impala Russian MIG 1 Military needs many specialized.

Published byCecil Gibson Modified over 8 years ago

Similar presentations

Presentation on theme: "Identify Friend or Foe (IFF) Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. E(N,K) SAAF Impala Russian MIG 1 Military needs many specialized."— Presentation transcript:

1

2 Identify Friend or Foe (IFF) Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. E(N,K) SAAF Impala Russian MIG 1 Military needs many specialized protocols Many cases, it could recognize friends as enemies, or ….

3 MIG in the Middle Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. N 3. N 4. E(N,K) 5. E(N,K) 6. E(N,K) SAAF Impala Russian MiG 2

4 Authentication Protocols Chapter 9 Simple Authentication protocols 3

5 Authentication Alice must prove her identity to Bob Alice and Bob can be humans or computers May also require Bob to prove he’s Bob (mutual authentication) May also need to establish a session key May have other requirements, such as Use only public keys Use only symmetric keys Use only a hash function Anonymity, plausible deniability, etc., etc. Chapter 9 Simple Authentication protocols 4

6 Authentication Authentication on a stand-alone computer is relatively simple “Secure path” is the primary issue Main concern is an attack on authentication software (we discuss software attacks later) Authentication over a network is much more complex Attacker can passively observe messages Attacker can replay messages Active attacks may be possible (insert, delete, change messages) Chapter 9 Simple Authentication protocols 5

7 Simple Authentication Simple and may be OK for standalone system But insecure for networked system Subject to a replay attack (next 2 slides) Bob must know Alice’s password Chapter 9 Simple Authentication protocols Alice Bob “I’m Alice” Prove it My password is “frank” 6

8 Authentication Attack Chapter 9 Simple Authentication protocols Alice Bob “I’m Alice” Prove it My password is “frank” Trudy 7

9 Authentication Attack This is a replay attack How can we prevent a replay? Chapter 9 Simple Authentication protocols Bob “I’m Alice” Prove it My password is “frank” Trudy 8

10 Simple Authentication More efficient… But same problem as previous version Replay attack Chapter 9 Simple Authentication protocols Alice Bob I’m Alice, My password is “frank” 9

11 Better Authentication Better since it hides Alice’s password From both Bob and attackers But still subject to replay Chapter 9 Simple Authentication protocols Alice Bob “I’m Alice” Prove it h(Alice’s password) 10

12 Challenge-Response To prevent replay, challenge-response used Suppose Bob wants to authenticate Alice Challenge sent from Bob to Alice Only Alice can provide the correct response Challenge chosen so that replay is not possible How to accomplish this? Password is something only Alice should know… For freshness, a “number used once” or nonce Chapter 9 Simple Authentication protocols 11

13 Challenge-Response Chapter 9 Simple Authentication protocols Bob “I’m Alice” Nonce h(Alice’s password, Nonce) Nonce is the challenge The hash is the response Nonce prevents replay, insures freshness Password is something Alice knows Note that Bob must know Alice’s password Alice 12

14 Challenge-Response What can we use to achieve this? Hashed pwd works, crypto might be better Will be discussed for Symmetric key, Public key, and so on Chapter 9 Simple Authentication protocols Bob “I’m Alice” Nonce Something that could only be Alice from Alice (and Bob can verify) 13

15 Symmetric Key Notation Encrypt plaintext P with key K C = E(P,K) Decrypt ciphertext C with key K P = D(C,K) Here, we are concerned with attacks on protocols, not directly on the crypto We assume that crypto algorithm is secure Chapter 9 Simple Authentication protocols 14

16 Symmetric Key Authentication Alice and Bob share symmetric key K AB Key K AB known only to Alice and Bob Authenticate by proving knowledge of shared symmetric key How to accomplish this? Must not reveal key Must not allow replay attack Chapter 9 Simple Authentication protocols 15

17 Authentication with Sym Key Chapter 9 Simple Authentication protocols Alice, K AB Bob, K AB “I’m Alice” E(R,K AB ) Secure method for Bob to authenticate Alice Alice does not authenticate Bob Can we achieve mutual authentication? R 16

18 Mutual Authentication? What’s wrong with this picture? “Alice” could be Trudy (or anybody else)! Chapter 9 Simple Authentication protocols Alice Bob “I’m Alice”, R E(R,K AB ) 17

19 Mutual Authentication Since we have a secure one-way authentication protocol… The obvious thing to do is to use the protocol twice Once for Bob to authenticate Alice Once for Alice to authenticate Bob This has to work… Chapter 9 Simple Authentication protocols 18

20 Mutual Authentication This provides mutual authentication Is it secure? See the next slide… Chapter 9 Simple Authentication protocols Alice Bob “I’m Alice”, R A R B, E(R A,K AB ) E(R B,K AB ) 19

21 Mutual Authentication Attack Chapter 9 Simple Authentication protocols Bob 1. “I’m Alice”, R A 2. R B, E(R A,K AB ) Trudy Bob 3. “I’m Alice”, R B 4. R C, E(R B,K AB ) Trudy 5. E(R B,K AB ) 20

22 Mutual Authentication Our one-way authentication protocol not secure for mutual authentication Protocols are subtle! The “obvious” thing may not be secure Also, if assumptions or environment changes, protocol may not work This is a common source of security failure For example, Internet protocols Chapter 9 Simple Authentication protocols 21

23 Sym Key Mutual Authentication Do these “insignificant” changes help? Yes! Chapter 9 Simple Authentication protocols Alice Bob “I’m Alice”, R A R B, E(“Bob”,R A,K AB ) E(“Alice”,R B,K AB ) 22

24 Authentication and TCP Chapter 9 Simple Authentication protocols 23

25 TCP-based Authentication TCP not intended for use as an authentication protocol But IP address in TCP connection often used for authentication One mode of IPSec uses IP address for authentication This can cause problems Chapter 9 Simple Authentication protocols 24

26 TCP 3-way Handshake Chapter 9 Simple Authentication protocols Alice Bob SYN, SEQ a SYN, ACK a+1, SEQ b ACK b+1, data Recall the TCP three way handshake Initial SEQ number must be random Why? See the next slide… 25

27 TCP Authentication Attack Chapter 9 Simple Authentication protocols Alice Bob Trudy 1. SYN, SEQ = t (as Trudy) 2. SYN, ACK = t+1, SEQ = b 1 3. SYN, SEQ = t (as Alice) 4. SYN, ACK = t+1, SEQ = b 2 5. ACK = b 2 +1, data 5. 26

28 TCP Authentication Attack Chapter 9 Simple Authentication protocols Random SEQ numbers Initial SEQ numbers Mac OS X If initial SEQ numbers not very random… …possible to guess initial SEQ number… …and previous attack will succeed 27

29 TCP Authentication Attack Trudy cannot see what Bob sends, but she can send packets to server Bob, while posing as Alice Trudy must prevent Alice from receiving Bob’s packets (or else connection will terminate) If password (or other authentication) required, this attack fails If TCP connection is relied on for authentication, then attack succeeds Bad idea to rely on TCP for authentication Chapter 9 Simple Authentication protocols 28

Download ppt "Identify Friend or Foe (IFF) Chapter 9 Simple Authentication protocols Namibia Angola 1. N 2. E(N,K) SAAF Impala Russian MIG 1 Military needs many specialized."

Similar presentations

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:

WEP 1 WEP WEP 2 WEP  WEP == Wired Equivalent Privacy  The stated goal of WEP is to make wireless LAN as secure as a wired LAN  According to Tanenbaum:
Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.

Block Ciphers 1 Block Ciphers Block Ciphers 2 Block Ciphers  Modern version of a codebook cipher  In effect, a block cipher algorithm yields a huge.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
8: Network Security8-1 21 - Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.

8: Network Security Security. 8: Network Security8-2 Chapter 8 Network Security A note on the use of these ppt slides: We’re making these slides.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University

EEC 688/788 Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering Cleveland State University
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.

Review and Announcement r Ethernet m Ethernet CSMA/CD algorithm r Hubs, bridges, and switches m Hub: physical layer Can’t interconnect 10BaseT & 100BaseT.

Similar presentations

Ads by Google