Presentation is loading. Please wait.

Presentation is loading. Please wait.

Authentication Protocols Security Computer Science Tripos part 2 Ross Anderson.

Published byMariano Lorance Modified over 10 years ago

Similar presentations

Presentation on theme: "Authentication Protocols Security Computer Science Tripos part 2 Ross Anderson."— Presentation transcript:

1 Authentication Protocols Security Computer Science Tripos part 2 Ross Anderson

2 Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where its needed But they are much older then computers…

3 Real-world protocol Ordering wine in a restaurant –Sommelier presents wine list to host –Host chooses wine; sommelier fetches it –Host samples wine; then its served to guests Security properties –Confidentiality – of price from guests –Integrity – cant substitute a cheaper wine –Non-repudiation – host cant falsely complain

4 Car unlocking protocols Principals are the engine controller E and the car key transponder T Static (T E: KT) Non-interactive T E: T, {T,N} KT Interactive E T: N T E: {T,N } KT N is a nonce for number used once. It can be a serial number, random number or a timestamp

5 What goes wrong In cheap devices, N may be random or a counter – one-way comms and no clock It can be too short, and wrap around If its random, how many do you remember? (the valet attack) Counters and timestamps can lose sync leading to DoS attacks There are also weak ciphers – Eli Bihams 2008 attack on the Keeloq cipher (2 16 chosen challenges then 500 CPU days analysis – some other vendors authenticate challenges)

6 Two-factor authentication S U: N U P: N, PIN P U: {N, PIN} KP

7 Identify Friend or Foe (IFF) Basic idea: fighter challenges bomber F B: N B F: {N} K But what if the bomber reflects the challenge back at the fighters wingman? F B: N B F: N F B: {N} K B F: {N} K

8 IFF (2)

9 IFF (3) The middleman attack is very general – Conway discussed how to beat a grandmaster at postal chess The fix for the man-in-the-middle attack is often application specific E.g. NATO mode 12 IFF: 32 bit encrypted challenge (to prevent enemy using IFF to locate beyond radar range) at rate of 250 per second

Download ppt "Authentication Protocols Security Computer Science Tripos part 2 Ross Anderson."

Similar presentations

CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things.

CoolRunner-II CPLDs in Security. Quick Start Training Agenda Some Security Basics – Security – Cryptography CoolRunner-II Security Features Securing Things.
Modelling and Analysing Security Protocol: Lecture 4 Attacks and Principles Tom Chothia CWI.

Modelling and Analysing Security Protocol: Lecture 4 Attacks and Principles Tom Chothia CWI.
Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Security in Wireless Protocols Bluetooth, 802.11, ZigBee.

1 Security in Wireless Protocols Bluetooth, , ZigBee.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Lee Jae-song 1.  How to cryptanalysis DES?  C = E K (P)  E is DES encryption funtion  K is a key, 56-bit.  P is a plaintext, C is a ciphertext, both.

Lee Jae-song 1.  How to cryptanalysis DES?  C = E K (P)  E is DES encryption funtion  K is a key, 56-bit.  P is a plaintext, C is a ciphertext, both.
Chapter 1  Introduction 1 Chapter 1: Introduction.

Chapter 1  Introduction 1 Chapter 1: Introduction.
Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”

Chapter 1  Introduction 1 Chapter 1: Introduction “Begin at the beginning,” the King said, very gravely, “and go on till you come to the end: then stop.”
Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.

Computer Science CSC 474By Dr. Peng Ning1 CSC 474 Information Systems Security Topic 2.1 Introduction to Cryptography.
CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.

CS 6262 Spring 02 - Lecture #7 (Tuesday, 1/29/2002) Introduction to Cryptography.
Modelling and Analysing of Security Protocol: Lecture 3 Protocol Goals Tom Chothia CWI.

Modelling and Analysing of Security Protocol: Lecture 3 Protocol Goals Tom Chothia CWI.
Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.

Network Security – Part 2 Public Key Cryptography Spring 2007 V.T. Raja, Ph.D., Oregon State University.
Wireless Network Security Issues By Advait Kothare SJSU CS265 Fall 2004.

Wireless Network Security Issues By Advait Kothare SJSU CS265 Fall 2004.
Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:

Kemal AkkayaWireless & Network Security 1 Department of Computer Science Southern Illinois University Carbondale Wireless & Network Security Lecture 10:
CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.

Similar presentations

Ads by Google