Presentation is loading. Please wait.

Presentation is loading. Please wait.

Innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System Yanjun Zhao.

Published byValentine Benson Modified over 8 years ago

Similar presentations

Presentation on theme: "Innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System Yanjun Zhao."— Presentation transcript:

1 Innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System Yanjun Zhao

2 Current Protocols SSL (Secure Sockets Layer) protocol IPSec(Internet Protocol Security) suffer from  intrusion and single-point ofcompromising  DDoS (distributed denial ofservice) attacks.

3 The Purposes of IDAS protect credential information by distributing shared secret to multiple computers and thus eliminates the single point of compromising. detect the use of partial credential as a user/computer and indicate which part of secret is exposed

4 Even when an insider compromised all related servers, the credential is only valid for a short period of time and will be self healed in next period. A DDoS resistant protocol must be stateless and efficient as well as stop botnet attacks and “low and slow”attacks.

5 take a single round trip time, which is faster than any other authentication protocols and is important to the performance of critical applications in a multi-continent network.

6 A legitimate user shares a p, a hash chain value, and a cryptographic key, k_auth, with the Authentication Server. The p represents a second factor for authentication and can be a password, a token, a biometrics, or smartcard. Partial secrets of the user are provided with two random number seeds: one is for the nonce generation, and the other is for the hash chain seed.

7 Time-Dependent Secret

8 Self-healing Feature of the Authentication Sever

9 HMAC HMAC (RFC 2104) is the standard approach in cryptography to ensure the message integrity. In the context of our authentication protocol, HMAC can be viewed as a fixed-size output produced by two inputs (a message and a secret key). HMAC is computationally infeasible to produce the valid code without the knowledge of the key.

10 Distribute Secret

11

12 The proposed scheme combines the usage of a p, a key, and a hash chain in a computation- efficient manner to achieve a strong security level.

13 If the p is not used in the protocol, when an adversary compromises the device, the attacker can succeed in impersonating the user. If the HMAC key is not used in the protocol, the update of hash chain value might be tampered by the adversary. Thus, the server and the device will be out of synchronization for authentication. If the hash chain is not used in the protocol, the adversary compromising the server learns the secret HMAC key and p. Then the adversary can succeed in impersonating a user in next authentication session.

14 The above steps remove the single-point compromising vulnerability of critical user authentication information. It is useless for an attacker to compromises one of the two servers. If a strong inside attacker compromises both servers, one can pretend to be a user for the current period. For the next time period, the attacker loses the required hash chain value and the authentication system self heals.

15 DDoS Resistant

16

17 Reference Chwan-hwa”John” Wu and Tong Liu Simulation for Intrusion-Resilient, DDoS- Resistant Authentication System (IDAS). SpringSim '08: Proceedings of the 2008 Spring Simulation Multiconference

Download ppt "Innovative Intrusion-Resilient, DDoS-Resistant Authentication System (IDAS) System Yanjun Zhao."

Similar presentations

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P1619.3 April 11, 2007 Andrea Doherty.

1 IETF KEYPROV WG Protocol Basis and Characteristics IEEE P April 11, 2007 Andrea Doherty.
1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.

1 CompChall: Addressing Password Guessing Attacks IAS, ITCC-2005, April 2005 CompChall: Addressing Password Guessing Attacks By Vipul Goyal OSP Global.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
L8. Reviews Rocky K. C. Chang, May 2011. Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.

L8. Reviews Rocky K. C. Chang, May Foci of this course 2 Rocky K. C. Chang  Understand the 3 fundamental cryptographic functions and how they are.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Computer and Network Security Mini Lecture by Milica Barjaktarovic.

Computer and Network Security Mini Lecture by Milica Barjaktarovic.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.

Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.

Hash functions a hash function produces a fingerprint of some file/message/data h = H(M)  condenses a variable-length message M  to a fixed-sized fingerprint.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Similar presentations

Ads by Google