Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security and Authentication CS-4513, D-Term 20071 Security and Authentication (continued) CS-4513 D-Term 2007 (Slides include materials from Operating.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Security and Authentication CS-4513, D-Term 20071 Security and Authentication (continued) CS-4513 D-Term 2007 (Slides include materials from Operating."— Presentation transcript:

1 Security and Authentication CS-4513, D-Term 20071 Security and Authentication (continued) CS-4513 D-Term 2007 (Slides include materials from Operating System Concepts, 7 th ed., by Silbershatz, Galvin, & Gagne, Modern Operating Systems, 2 nd ed., by Tanenbaum, and Distributed Systems: Principles & Paradigms, 2 nd ed. By Tanenbaum and Van Steen)

2 Security and Authentication CS-4513, D-Term 20072 Review Authentication How to identify someone How to establish that they are who they say they are Fundamental to establishing authority in Distributed Systems Everything else is based on trust that the person or agent doing something has the authority to do it Threats Masquerading as someone else Intercepting / corrupting communications

3 Security and Authentication CS-4513, D-Term 20073 Review (continued) Passwords Easy to steal Easy to guess or “crack” Human frailties Errors Dilemmas (“social engineering”)

4 Security and Authentication CS-4513, D-Term 20074 Video

5 Security and Authentication CS-4513, D-Term 20075 Reading Assignments Allman, Eric, “E-mail Authentication: what? Why? How?,” ACM Queue, November 2006, pp 30-34. (.pdf).pdf One of –Tanenbaum, MOS, Chapter 9 –Silbershatz, OSP, Chapters 14-15 –Tanenbaum & van Steen, Chapter 9

6 Security and Authentication CS-4513, D-Term 20076 Fun with Cryptography What is cryptography about? General Principles of Cryptography Basic Protocols –Single-key cryptography –Public-key cryptography A short intro to key distribution

7 Security and Authentication CS-4513, D-Term 20077 Cryptography as a Security Tool Broadest security tool available –Fundamental foundation for secure storage and communication –Basis for establishing trust –Means to constrain potential senders (sources) and / or receivers (destinations) of messages –Means to detect/prevent intrusion or corruption –(Cannot prevent denial of service attacks)

8 Security and Authentication CS-4513, D-Term 20078 Principles Cryptography is about the exchange of messages The key to success is that all parties to an exchange trust that the system will both protect them from threats and accurately convey their message TRUST is essential

9 Security and Authentication CS-4513, D-Term 20079 Note Data storage is just another means of communication Writing data  Sending message Reading data  Receiving message Perhaps much, much later! Integrity of data  Integrity of message

10 Security and Authentication CS-4513, D-Term 200710 Basic Premise of Cryptography Algorithms are (usually) public Orders of magnitude easier to compute in forward (normal) direction than in reverse (attack) direction Keys are always secret Enough bits to prevent trying all key values Key management is a very big deal Heart of all successful cryptographic systems

11 Security and Authentication CS-4513, D-Term 200711 Conventional Wisdom Algorithms must be public and verifiable We need to be able to estimate the risk of compromise The solution must practical for its users, and impractical for an attacker to break

12 Security and Authentication CS-4513, D-Term 200712 Public Policy Dilemma Algorithm intended to be a public standard must be subject to scrutiny of its users I.e., banks, industry, commerce, etc. To establish trust that it is good enough! Any algorithm good enough to protect billions of $$ of funds & commerce will be too hard for governments to penetrate! Crime, terrorism, etc.

13 Security and Authentication CS-4513, D-Term 200713 Ergo … Governments tend to use secret encryption methods and algorithms for the most secure communications Sometimes, confidence in such algorithms is misplaced!

14 Security and Authentication CS-4513, D-Term 200714 History Most secret algorithms have been broken Prior to computing age, at least Vulnerabilities Redundancy in human languages Repeatability or lack of randomness in algorithm Repeatability or lack of randomness in keys

15 Security and Authentication CS-4513, D-Term 200715 Guidelines Cryptography is always based on algorithms which are orders of magnitude easier to compute in the forward (normal) direction than in the reverse (attack) direction. The attacker’s problem is never harder than trying all possible keys The more material the attacker has the easier his task

16 Security and Authentication CS-4513, D-Term 200716 Example What is 314159265358979  314159265358979? vs. What are prime factors of 3912571506419387090594828508241?

17 Security and Authentication CS-4513, D-Term 200717 Caveat We cannot mathematically PROVE that the inverse operations are really as hard as they seem to be…It is all relative… The Fundamental Tenet of Cryptography: If lots of smart people have failed to solve a problem, it won’t be solved (soon)

18 Security and Authentication CS-4513, D-Term 200718 Time marches on… We must assume that there will always be improvements in computational power, mathematics and algorithms. –Messages which hang around get less secure with time! Increases in computing power help the good guys and hurt the bad guys for new and short-lived messages

19 Security and Authentication CS-4513, D-Term 200719 Two fundamental approaches Symmetric Sender and receiver must share the key Asymmetric Keys are paired Sender uses one, receiver uses its mate

20 Security and Authentication CS-4513, D-Term 200720 Two fundamental approaches Symmetric Sender and receiver must share the key  there must be a secure way to get key from one to the other Asymmetric Keys are paired Sender uses one, receiver uses its mate  there must be a secure way to get key from one to the other

21 Security and Authentication CS-4513, D-Term 200721 Secret key cryptography (Symmetric) f (T,K)g (C,K) Cleartext KK Cyphertext TT C

22 Security and Authentication CS-4513, D-Term 200722 Secret Key Methods DES (56 bit key) IDEA (128 bit key) http://www.mediacrypt.com/community/index.asp Triple DES (three 56 bit keys) AES –From NIST, 2000 –choice of key sizes up to 256 bits and more –Commercial implementations available

23 Security and Authentication CS-4513, D-Term 200723 Reducing the Vulnerability Minimize the amount of information encrypted with shared key K Use K to encrypt a random number to obtain a session key I.e., used for one connection, conversation, exchange, etc. Discarded when channel is ended.

24 Security and Authentication CS-4513, D-Term 200724 Diffie – Hellman AliceAgree on p,gBob choose random A choose random B T A = g A mod p T B = g B mod p compute (T B ) A compute (T A ) B Shared secret key for this session is g AB mod p The shared key!

25 Security and Authentication CS-4513, D-Term 200725 D–H Problems Not in itself an encryption method – we must still do a secret key encryption The body of the message Still must distribute the shared key safely Subject to a “man in the middle” attack (Alice thinks she is talking to Bob, but actually Trudy is intercepting all of the messages and substituting her own)

26 Security and Authentication CS-4513, D-Term 200726 Questions about Secret Key Methods?

27 Security and Authentication CS-4513, D-Term 200727 RSA Public Key Cryptography (Asymmetric Keys) f () Cleartext Key #1Key #2 Cyphertext Key #1 can be either a Public Key or a Private Key. Key #2 is then the corresponding Private Key or Public Key. T C T

28 Security and Authentication CS-4513, D-Term 200728 RSA Public Key Cryptography Rivest, Shamir and Adelman (1978) I can send messages that only you can read I can verify that you and only you could have sent a message I can use a trusted authority to distribute my public key –The trusted authority is for your benefit!

29 Security and Authentication CS-4513, D-Term 200729 RSA Details Uses same operation to encrypt and decrypt To encrypt, we will use “e” as a key, to decrypt we will use “d” as a key e and d are inverses with respect to the chosen algorithm

30 Security and Authentication CS-4513, D-Term 200730 RSA Details (continued) Based on mathematical premise that finding prime factors of large numbers is difficult computationally No known solution despite 100’s of years of trying! Note: Finding primes is also hard

31 Security and Authentication CS-4513, D-Term 200731 RSA Details (continued) Let p and q be two large primes 500-700 bits in length Let n = p  q Let z = (p – 1)  (q – 1) Choose d to be relatively prime to z Choose e such that d  e = 1 mod z Publish n and either d or e (but not both!)

32 Security and Authentication CS-4513, D-Term 200732 RSA Details (continued) Encryption: Cyphertext = (Cleartext) e mod n Decryption: Cleartext = (Cyphertext) d mod n Typical d will be on the order of 500 to 700 bits The cost of the algorithm is between 1  and 2  the size of n, –Each operation is a giant shift and add (multiply by a power of 2)

33 Security and Authentication CS-4513, D-Term 200733 RSA Details (continued) References –Tanenbaum & van Steen, §9.1.3 –Silbershatz, §15.4.1.2

34 Security and Authentication CS-4513, D-Term 200734 RSA Problems It is computationally much more costly than typical secret-key methods Impractical to use for message encryption Use RSA to encrypt a random session key Encrypt the message with the session key and append/prefix the RSA encrypted key Requires a “Public Key Infrastructure” for effective key generation and distribution Chain of trust thing again!

35 Security and Authentication CS-4513, D-Term 200735 Questions about Public Key Encryption?

36 Security and Authentication CS-4513, D-Term 200736 Authentication using Secure Channels

37 Security and Authentication CS-4513, D-Term 200737 Authentication using Secure Channels At this point, Bob knows he is talking with Alice

38 Security and Authentication CS-4513, D-Term 200738 Authentication using Secure Channels At this point, Bob knows he is talking with Alice Not until this point, does Alice know she is talking with Bob

39 Security and Authentication CS-4513, D-Term 200739 What is wrong with this “Optimization”?

40 Security and Authentication CS-4513, D-Term 200740 Subject to “Reflection Attack” Attacker cons Bob into encrypting R B for him “Reflection” attack

41 Security and Authentication CS-4513, D-Term 200741 Reflection Attack

42 Security and Authentication CS-4513, D-Term 200742 Key Distribution Server Alice requests secure channel to Bob KDC generates session key K A,B KDC sends secure messages to both Alice and Bob containing K A,B

43 Security and Authentication CS-4513, D-Term 200743 Key Distribution Server (continued) Alice requests secure channel to Bob KDC generates session key K A,B and ticket to speak with Bob Alice uses ticket to contact Bob

44 Security and Authentication CS-4513, D-Term 200744 Needham-Schroeder Protocol Nonce – a random number that is never re-used E.g., R A1, R A2, and R B Prevents intruder from replaying old tickets

45 Security and Authentication CS-4513, D-Term 200745 Kerberos Single sign-on system One login used to generate tickets for authenticating shared services on distributed system No passwords maintained by any client Two parts AS – Authentication Service TGS – Ticket Granting Service Once authenticated, user may ask TGS for a ticket for a session with any service.

46 Security and Authentication CS-4513, D-Term 200746 Kerberos (continued)

47 Security and Authentication CS-4513, D-Term 200747 Kerberos (continued) With ticket, Alice can communicate securely with Bob. Alice knows it is Bob because only Bob could descript ticket Bob knows that it is Alice because TGS said it was Timestamp prevents replaying old sessions

48 Security and Authentication CS-4513, D-Term 200748 Key Distribution Many variations –Secret (symmetric) keys –Public (asymmetric) keys Always based on trust Central part of any distributed system that requires authentication

49 Security and Authentication CS-4513, D-Term 200749 Questions?

Download ppt "Security and Authentication CS-4513, D-Term 20071 Security and Authentication (continued) CS-4513 D-Term 2007 (Slides include materials from Operating."

Similar presentations

Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
Homework #4 Solutions Brian A. LaMacchia Portions © 2002-2006, Brian A. LaMacchia. This material is provided without.

Homework #4 Solutions Brian A. LaMacchia Portions © , Brian A. LaMacchia. This material is provided without.
Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.

Public-key Cryptography Montclair State University CMPT 109 J.W. Benham Spring, 1998.
CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 2 Jonathan Katz.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Security & Authentication (continued) CS-4513 D-term 20081 Security and Authentication (continued) CS-4513 Distributed Computing Systems (Slides include.

Security & Authentication (continued) CS-4513 D-term Security and Authentication (continued) CS-4513 Distributed Computing Systems (Slides include.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.
1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

1 Lecture #10 Public Key Algorithms HAIT Summer 2005 Shimrit Tzur-David.

Similar presentations

Ads by Google