Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)"— Presentation transcript:

1 Key Management/Distribution

2 Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)

3 Cryptography in Use Provides foundation for security services But can it bootstrap itself? Must establish shared key Straightforward plan One side generates key Transmits key to other side But how?

4 Two Problems Peer-to-peer key sharing Prob 1: Known peer, insecure channel Prob 2: Secure channel, unknown peer

5 Security Through Obscurity? Caesar ciphers Very simple permutation Only 25 different cases Relies strictly on no one knowing the method

6 Passwords Reduces permutation space to key space Caesar cipher: one-letter “key” 10-letter key for MSC reduces 26! (~4x10 20 ) to 26 C 10 (~2x10 13 ) 8-byte key for DES reduces 2 64 ! (~10 10 200 ) to 2 56 (~10 17 )

7 The Enigma Machine Broken first by Polish, then by English Not as easily as widely regarded Weaknesses in key distribution Day keys plus scramblers “Session keys” encrypted in duplicate Enigma did not use OFB/CFB

8 Peer-to-Peer Distribution Technically easy But it doesn’t scale Hundreds of servers… Times thousands of users… Yields ~ million keys Centralized key server Needham-Schroeder

9 Basic Idea User sends request to KDC: {s} KDC generates a random key: K c,s Encrypted twice: {K c,s }K c, {K c,s }K s Typically called ticket and credentials, resp Ticket forwarded with application request No keys ever traverse net in the clear

10 Problem #1 How does user know session key is encrypted for the server? And vice versa? Attacker intercepts initial request, and substitutes own name for server Can now read all of user’s messages intended for server

11 Solution #1 Add names to ticket, credentials Request looks like {c, s} {K c,s, s}K c and {K c,s, c}K s, resp Both sides can verify intended target for key sharing This is basic Needham-Schroeder

12 Problem #2 How can user and server know that session key is fresh? Attacker intercepts and records old KDC reply, then inserts this in response to future requests Can now read all traffic between user and server

13 Solution #2 Add nonces to ticket, credentials Request looks like {c, s, n} {K c,s, s, n}K c and {K c,s, c, n}K s Client can now check that reply made in response to current request

14 Problem #3 User now trusts credentials But can server trust user? How can server tell this isn’t a replay? Legitimate user makes electronic payment to attacker; attacker replays message to get paid multiple times Requires no knowledge of session key

15 Solution #3 Add challenge-response Server generates second random nonce Sends to client, encrypted in session key Client must decrypt, decrement, encrypt Effective, but adds second round of messages

16 Problem #4 What happens if attacker does get session key? Answer: Can reuse old session key to answer challenge-response, generate new requests, etc

17 Solution #4 Replace (or supplement) nonce in request/reply with timestamp [Denning, Sacco] {K c,s, s, n, t}K c and {K c,s, c, n, t}K s, resp Also send {t}K c,s as authenticator Prevents replay without employing second round of messages as in challenge-response

18 Problem #5 Each client request yields new known- plaintext pairs Attacker can sit on the network, harvest client request and KDC replies

19 Solution #5 Introduce Ticket Granting Server (TGS) Daily ticket plus session keys (How is this different from Enigma?!) TGS+AS = KDC This is modified Needham-Schroeder Basis for Kerberos

20 Problem #6 Active attacker can obtain arbitrary numbers of known-plaintext pairs Can then mount dictionary attack at leisure Exacerbated by bad password selection

21 Solution #6 Preauthentication Establish weak authentication for user before KDC replies Examples Password-encrypted timestamp Hardware authentication Single-use key

22 Public Key Distribution Public key can be public! How does either side know who and what the key is for? Private agreement? (Not scalable.) Must delegate trust Why? How?

23 Certification Infrastructures Public keys represented by certificates Certificates signed by other certificates User delegates trust to trusted certificates Certificate chains transfer trust up several links

24 Examples PGP “Web of Trust” Can model as connected digraph of signers X.500 Hierarchical model: tree (or DAG?) (But X.509 certificates use ASN.1!

Download ppt "Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)"

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –

Authentication Applications Kerberos And X.509. Kerberos Motivation –Secure against eavesdropping –Reliable – distributed architecture –Transparent –
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
NETWORK SECURITY.

NETWORK SECURITY.
SCSC 455 Computer Security

SCSC 455 Computer Security
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.

1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Similar presentations

Ads by Google