Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

Published byBarbara Maxwell Modified over 8 years ago

Similar presentations

Presentation on theme: "Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols."— Presentation transcript:

1 Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols

2 Why Security Protocols ●Alice and Bob want to communicate securely over the Internet, they need to: ●(Mutually) authenticate ●Establish and exchange keys ●Agree to cryptographic operations and algorithms ●Building blocks: ●Public-key (asymmetric) and secret-key (symmetric) algorithms, hash functions

3 Mutual Authentication: Shared Secret

4 ●R 1 and R 2 should not be easily repeatable and predictable ●Otherwise an adversary, Trudy, can record and replay challenge and/or response to impersonate Alice or Bob ●Use large random values ●K AB needs to be protected at Alice and Bob (end points of communication) Mutual Authentication: Shared Secret

5

6 Mutual Authentication Quiz Mark T for True or F for False: The challenge values used in an authentication protocol can be repeatedly used in multiple sessions The authentication messages can be captured and replayed by an adversary Authentication can be one-way, e.g., only authenticating Alice to Bob

7 Mutual Authentication: Simplified

8 Mutual Authentication: Reflection Attack

9

10

11 ●Fixes: ●Different keys for initiator and responder Trudy can’t get Bob to encrypt using Alice’s key Mutual Authentication: Reflection Attack

12

13 ●Different type of challenges for initiator and responder e.g., even number for initiator and odd number for responder Mutual Authentication: Reflection Attack

14 Mutual Authentication Public Keys ●Variant: ●Sign instead of encrypt

15 Attack Quiz A reflection attack is a form of man-in-the-middle attack Mark T for True or F for False: To defeat a reflection attack, we can use an odd number as challenge from the initiator and even number from the responder We can use signing with public keys to achieve mutual authentication

16 Session Keys ●Authentication first ●A new key is used for each session ●Using shared (master) secret ●Encrypt the new key ●Using public keys

17 ●Establish a shared key for the session, even if a there is already a shared secret key. ●Typically a long term secret key is called a Master key, possibly derived from a password. ●The master key is used to authenticate and establish a new session key. Session Keys

18

19 ●Alice → Bob: E(PR A, E(PU B, K)) ●Diffie-Hellman with signing, i.e., ●Alice → Bob: E(PR A, Y A ) ●Bob → Alice: E(PR B, Y B ) Session Keys

20 Key Distribution Center (KDC) ●Shared Master Keys do not scale easily ●Each communication pair needs to share a master key

21 K A, K B are master keys shared with KDC, K s is a session key Key Distribution Center (KDC)

22 Exchanging Public Key Certificates

23 Session Key Quiz A session key should be a secret and unique to the session Authentication should be accomplished before key exchange A key benefit of using of KDC is for scalability In order for Bob to verify Alice’s public key, the certificate authority must be on-line Signing the message exchanges in Diffie-Hellman eliminates the man-in-the-middle attack Mark T for True or F for False:

24 Kerberos ●Authentication and access control in a network environment ●Every principal has a master (secret) key ●Human user’s master key is derived from password ●Other resources must have their keys configured in ●All principals’ master keys are stored in the KDC database, protected/encrypted

25 Kerberos

26 Kerberos Benefits: ●Localhost does not need to store passwords ●The master key that the user shares with the KDC is only used once every day This limits exposure of the master key Kerberos

27 Accessing the Printer

28

29 Kerberos Quiz Kerberos provides authentication and access control Kerberos also distributes session keys To avoid over-exposure of a user’s master key, Kerberos uses a per-day key and a ticket-granting-ticket The authenticators used in requests to KDC and application servers can be omitted Access to any network resource requires a ticket issued by the KDC Mark T for True or F for False:

30 ●Secret key based and public key based authentication ●Random challenge and response ●Impersonation attacks ●Establish session key based on pre-shared secret key or public keys and authentication exchanges, use KDC or CA ●Kerberos: authentication and access control, tickets, and ticket- granting ticket. Lesson Summary Security Protocols

Download ppt "Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols."

Similar presentations

Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)

AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Authentication & Kerberos

Authentication & Kerberos
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
G22.3250-001 Robert Grimm New York University Using Encryption for Authentication in Computer Networks.

G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 19 Jonathan Katz.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

Similar presentations

Ads by Google