Presentation is loading. Please wait.

Presentation is loading. Please wait.

Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:"— Presentation transcript:

1 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Identify applications of symmetric and public key cryptography –Describe the operation and uses of Kerberos 4 –Explain the operation and uses of X.509 –Describe the operation and uses of Pretty-Good- Privacy (PGP)

2 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Kerberos Authentication Protocol Kerberos is a distributed authentication protocol using a key distribution centre (i.e., similar to Needham-Schroeder). Kerberos is designed for a distributed client-server network where users may access any client PC and demand service from any server. For authenticating users to servers For authenticating servers to users Heavily uses symmetric encryption (e.g., DES)

3 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Why KERBEROS -security concerns Among users who wish to access services on servers, three threats exist: –User pretends to be someone else –User alters network address of a client –User eavesdrops on exchanges between others and attack by “replay” later

4 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Abbreviations –C: Client (workstation, computer, etc) –AS: Authentication Server (knows all the passwords) –V: Server providing services such as email, printing –ID c : ID of user on C –ID v : ID of serVer –P c : Password of user on C –AD c : Network Address of C – K v : encryption key shared by AS an V –TS: Time Stamp –||: Concatenation

5 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Simple Dialogue (1)C  AS: ID c || P c || ID v (2)AS  C:Ticket (3)C  V: ID c || Ticket Ticket = E K v [ ID c || AD c || ID v ] Problem: password is sent in plaintext Problem: a ticket is required for each service ! The ticket assures the server that the client has been authenticated by the authentication server (AS).

6 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Abbreviations –C: Client (workstation, computer, etc) –AS: Authentication Server –TGS: Ticket Granting Server –V: Server providing services such as printing –ID c : ID of user on C –ID v : ID of serVer –ID TGS : ID of Ticket Granting Server –P c : Password of user on C –AD c : Network Address of C –K C : encryption key shared by AS and C (derived from user’s password Pc) –K v : encryption key shared by the TGS an the service server –K TGS : encryption key shared by AS and the TGS server –TS: Time Stamp –LifeTime: validity for the ticket –||: Concatenation

7 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Improved dialogue Once per user logon session (1) C  AS: ID c || ID tgs (2) AS  C:E Kc [Ticket tgs ] Ticket tgs =E Ktgs [ID c || AD c ||ID tgs ||TS 1 ||Lifetime 1 ] Once per type of service (3) C  TGS: ID c || ID v || Ticket tgs (4) TGS  C: Ticket v Ticket v =E Kv [ID c || AD c ||ID v ||TS 2 ||Lifetime 2 ] Once for service session (5) C  V: ID c || Ticket v (long) (short)

8 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Problems Problems: Lifetime related to ticket-granting ticket –Too short  user repeatedly asked for password –Too long  greater opportunity to replay An opponent could steal the tickets and use them before they expire Need to authenticate servers

9 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Overview of Kerberos Dialogue I Dialogue II Dialogue III

10 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Kerberos 4 Dialogue (I) Authentication Service Exhange: To obtain Ticket-Granting Ticket (1)C  AS: ID c || ID tgs ||TS 1 (2) AS  C: E Kc [K c,tgs || ID tgs || TS 2 || Lifetime 2 || Ticket tgs ] Ticket tgs = E Ktgs [K c,tgs || ID c ||AD c ||ID tgs ||TS 2 ||Lifetime 2 ] K c,tgs : a session key between C and TGS

11 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Kerberos 4 Dialogue (II) Ticket-Granting Service Echange: To obtain Service-Granting Ticket (3) C  TGS: ID v ||Ticket tgs ||Authenticator c (4) TGS  C: E Kc [K c,v || ID v || TS 4 || Ticket v ] Ticket tgs = E Ktgs [K c,tgs || ID c ||AD c ||ID tgs ||TS 2 ||Lifetime 2 ] Ticket v = E Kv [K c,v || ID c ||AD c ||ID v ||TS 4 ||Lifetime 4 ] Authenticator c = E ctgs [ID c ||AD c ||TS 3 ] K c,v : a session key between C and server

12 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Kerberos 4 Dialogue (III) Client/Server Authentication Exhange: To Obtain Service (5) C  V: Ticket v || Authenticator c (6)V  C: E Kc,v [TS 5 +1] Ticket v = E Kv [K c,v || ID c ||AD c ||ID v ||TS 4 ||Lifetime 4 ] Authenticator c =E Kc,v [ID c ||AD c ||TS 5 ]

13 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Recommended Reading William Stallings, “Network Security Essentials”, chapter 4 for Kerberos, chapter 3.4 for Diffie- Hellman Key Exchange Algorithm. A. S. Tanenbaum, “Computer Networks”, chapter 8.7 for Authentication Protocols. Bryant, W. Designing an Authentication System: A Dialogue in Four Scenes. http://web.mit.edu/kerberos/www/dialogue.html Kohl, J.; Neuman, B. “The Evolution of the Kerberos Authentication Service” http://web.mit.edu/kerberos/www/papers.html http://www.isi.edu/gost/info/kerberos/

14 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Authentication Service What should be the exact format of a public key certificate? Who will issue certificates? X.509 answers these questions. X.509 is a standard that defines  the certificate format, and  the hierarchical structure to distribute certificates.

15 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Certificate Format

16 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Certificate Format The basic fields of an X.509 certificate.

17 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Certificate Revocation Certificates can be revoked (cancelled) by the CA. Certificate Revocation Lists (CRLs) are disseminated in the network periodically by the CA.

18 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Hierarchy Who is the Certificate Authority anyway ??? Imagine we have one CA for whole world. It doesn’t work. The CA servers would collapse under the global load. Imagine we have many CAs that are run by the same organisation, with the same private and public key. It doesn’t work. If one set of private key is used by all CAs all around the world, eventually someone will leak the private key out. Besides who will be that central organisation that runs all CAs?

19 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Hierarchy Regional Authority Many CAs exist, each with its own private & public keys and registered users. Each CAs is certified by a Regional Authority. Each Regional Authorithy is certified by Root. The overall hierarchy including users, certificates, CAs and directories is also called Public Key Infrastructure (PKI).

20 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Hierarchy PKI is an evolving idea and a current research field. The terms Root and Regional Authority are not standard. Today there is no one Root. And that’s normal. Noone wants to trust one root. Each browser comes with public keys for about 100 roots, such as VeriSign, GTE, GlobalSign etc.

21 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Authentication Procedures Notation: Y{I}: the signing of I by Y. This indicates a packet that consists of I with an encrypted hash code appended by Y. It is assumed that the two parties, A and B, know each other’s public key, either by obtaining each other’s certificates from the directory or because the certificate is included in the initial message from each side.

22 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Authentication Procedures One-Way Authentication: One-way authentication to establish 1)A’s ID and message’s authenticity 2)Message’s intended destination 3)Message’s integrity & originality

23 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Authentication Procedures Two-Way Authentication: Two-way authentication establish 1) + 2) + 3) + 4) B’s ID and reply’s authenticity 5) Intended recipient of reply 6) Reply’s integrity and originality

24 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 X.509 Authentication Procedures Three-Way Authentication: Three-way authentication establish 1) + 2) + 3) + 4) + 5) + 6) + 7) Signed nonce if without synchronised clocks

25 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Pretty Good Privacy Philip R. Zimmerman is the creator of PGP. PGP provides a confidentiality and authentication service that can be used for electronic mail and file storage applications.

26 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Why Is PGP Popular? It is availiable free on a variety of platforms. Based on well known algorithms. Wide range of applicability. Not developed or controlled by governmental or standards organisations.

27 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Operational Description Consist of five services: –Authentication –Confidentiality –Compression –E-mail compatibility –Segmentation

28 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Abbreviations K s : session key used in symmetric encryption KR a : private key of user A, used in public-key encryption KU a : public key of user A, used in public-key encryption EP: public-key encryption DP: public-key decryption EC: symmetric encryption DC: symmetric decryption H: Hash function ||: concatenation Z: compression using ZIP algorithm R64: conversion to radix 64 ASCII format

29 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 PGP-Authentication Only

30 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 PGP-Confidentiality Only Source ADestination B

31 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 PGP-Authentication and Confidentiality Source ADestination B

32 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Compression PGP compresses the message after applying the signature but before encryption The placement of the compression algorithm is critical. The compression algorithm used is ZIP

33 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 E-mail Compatibility The scheme used is radix-64. The use of radix-64 expands the message by 33%.

34 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Segmentation and Reassembly Email systems are often restricted to a maximum message length of 50,000 octets. Longer messages must be broken up into segments. PGP automatically subdivides a message that is too large. Segmentation is done after all other processing, including Radix 64 conversion. The receiver strip of all e-mail headers and reassemble the block.

35 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 PGP Generic Operation K←D KRb [E KUb [K s ]] ; X←D K [X]

36 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Format of PGP Message

37 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 PGP Operation and Key Rings

38 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 PGP Operation and Key Rings

39 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 PGP Public Key Management 1.Alice and Bob can physically exchange public keys. 2.Alice and Bob may rely on a phone conversation, if they can recognise each other’s voices, to exchange public keys. 3.Alice and Bob may both trust David, and David can send Alice and Bob each other’s public keys. 4.Alice and Bob may rely on trusted Certification Authorities. PGP supports all four options. More specifically, PGP is recognises X.509 certificates (i.e., option 4) and it recognises certificates signed by trusted individuals (i.e., option 3).

40 Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Recommended Reading William Stallings, “Network Security Essentials” www.pgp.com http://www.rubin.ch/pgp/weboftrust.en.html https://digitalid.verisign.com/client/help/tutorial.h tm RFC 822, 2045, 2046, 2630, 2632, and 2633

Download ppt "Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:"

Similar presentations

Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden

Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
Authentication Applications

Authentication Applications
1 Authentication Applications Ola Flygt Växjö University, Sweden +46 470 70 86 49.

1 Authentication Applications Ola Flygt Växjö University, Sweden
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
NETWORK SECURITY.

NETWORK SECURITY.
Kerberos and X.509 Fourth Edition by William Stallings

Kerberos and X.509 Fourth Edition by William Stallings
IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.

IT 221: Introduction to Information Security Principles Lecture 8:Authentication Applications For Educational Purposes Only Revised: October 20, 2002.
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Email Security 1. email is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.

Security 1. is one of the most widely used and regarded network services currently message contents are not secure may be inspected either.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.

Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.

Winter 2006Prof. R. Aviv: Kerberos1 Kerberos Authentication Systems.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)

AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
Kerberos versions 4 and 5 X.509 Authentication Service

Kerberos versions 4 and 5 X.509 Authentication Service
Lecture 5: Email security: PGP Anish Arora CSE 5473 Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CSE 5473 Introduction to Network Security.
Lecture 5: Email security: PGP Anish Arora CIS694K Introduction to Network Security.

Lecture 5: security: PGP Anish Arora CIS694K Introduction to Network Security.

Similar presentations

Ads by Google