Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2. Network Security Protocols

Published byJanis Pierce Modified over 8 years ago

Similar presentations

Presentation on theme: "Chapter 2. Network Security Protocols"— Presentation transcript:

1 Chapter 2. Network Security Protocols

2 Objectives Key Establishment Technique Key Authentication
Authenticated Key Establishment Protocol Key generation in SKC Kerberos : Key generation in SKC Key Establishment in PKC Authentication Protocols Security of password Authentication using SKC Authentication using PKC

3 Introduction The three important aspect of network security:
authentication, encryption, message authentication Key : Central to the idea of cryptography. Some definitions related to key. key establishment : a process or protocol where by a shared secret becomes available to two or more parties, for subsequent cryptographic use.

4 Key establishment technique
Key transport : a key establishment technique where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s). Key agreement : a key establishment technique in which a shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, (ideally) such that no part can predetermine the resulting value.

5 Key establishment technique
Key pre-distribution : key establishment protocols whereby the resulting established keys are completely determined apriori by initial keying material. Dynamic key establishment : the key is established by a fixed pair (or group) of users varies on subsequent executions. Also referred to as session key establishment .

6 Key authentication Key authentication : the property whereby one party is assured that no other party asides from a specifically identified second party( and possibly additional identified trusted parties) may gain access to a particular secret key. It need not involve any action whatsoever by the second party. For this reason, it is some times referred to more precisely as (implicit) key authentication. Key conformation : the property whereby one party is assured that a second (possibly unidentified) party actually has possession of particular secret key. Explicit key authentication : the property obtained when (implicit) key authentication and key conformation hold. The focus in key authentication is the identity of the second party rather than the value of the key, whereas in key conformation the opposite is true. Key conformation typically involves one party receiving a message from a second containing evidence demonstrating the latter’s possession of the key. For further information pls refer to handbook of applied cryptography

7 Authentication Summary
Authentication term Central focus authentication Depends on context of usage Entity authentication Identity of a party, and aliveness at a given instant Data origin authentication Identity of the source of data (implicit) key authentication Identity of party which may possibly share a key Key conformation Evidence that a key is possessed by some party Explicit key authentication Evidence an identified party possesses a given key

8 Authenticated key establishment protocol
Authentication protocol : to provide to one party some degree of assurance regarding the identity of another with which it is purportedly communicating Key establishment protocol : to establish a shared secret. Authenticated key establishment protocol : to establish a shared secret with a party whose identity has been (or can be) collaborated.

9 Key Generation in SKC Requirement for a SKC :
- random and long enough to deter a brute force attack. - practical key size : AES : 128, 192, 256 bits Key distribution in SKC - For a network with n nodes, each nodes wish to talk securely to every other node. How many keys would this require? n = 50  1,225 keys n = 250  31,125 keys

10 Key Generation in SKC Solutions for key distribution in SKC
: Key distribution center (KDC) KDC stores keys for all nodes in the network Each node in the network is configured with only one key How does it work? 1) Alice  KDC : request session key for Bob. 2) KDC  B, A : send same session key

11 Kerberos : Key Generation in SKC
Entity authentication and session key generation Based on Needham-Schroeder protocol Drawback Bottleneck single point of failure

12 Key Establishment in PKC
Public key Cryptography - each entity : (public key, private key) pair. - Certificate Authority(CA) : - trusted third party : certifying the owner of a public key - combine public key with entity’s identity. - issue certificate = “Alice’s public key is Kwa” + SignPCA( hash(“Alice’s public key is Kwa”)) - provide certificate verification service

13 Diffie-Hellman Key Exchange
Remember DHP !!!

14 Man-in-the-middle attack against Diffie-Hellman
Alice and Bob think they are talking each other. Eve impersonate Alice and Bob to Bob and Alice respectively.

15 Enhanced Diffie-Hellman Key Exchange
Static Diffie Hellman - g, n is fixed, - CA  Alice : - CA  Bob : Dynamic Diffie-Hellman - g, n : ephemeral (established dynamically)

16 See the chap. 8 of handbook!!
RSA RSA encryption See the chap. 8 of handbook!!

17 RSA RSA signing

18 RSA based cryptographic schemes
PKCS#1 homomorphic property of basic RSA RSA based cryptographic schemes see [ this ] for security analysis

19 Authentication Protocol
Authentication : the Process of verifying that a node or users is who they claim to be. Usage in network : access control Access control : primary defense mechanisms in network security and computer security.

20 Address-Based Authentication
Use the address of the node in the network. MAC address or IP address Allows only a preconfigured set of MAC or IP address to access the network. Usually implemented in the switch or router Loop holes : Simple one-to-one mapping between a node and a user. So does not really authenticate the user Weak to MAC spoofing and IP spoofing attack.

21 Password for Local Authentication (Login)
Storing <username, password> pair list in a file on the server machine. If the password file is compromised, all user passwords are compromised. Machine store <username, hash(password)> pair Even though the file is compromised, the passwords are still secure. But still open to dictionary attack.

22 Insecurity of Passwords
Human generated passwords Come from a small domain Easy to guess – dictionary attacks Stronger passwords Computer generated or verified Not user friendly Hard to remember

23 Possible attacks on passwords
Eavesdropping. (Solution: encrypt the channel, e.g. using SSL or SSH.) Offline dictionary attacks. Attacker compute < word, hash(word)> pair list Attacker get password file and search hash(password) in his stored list. (Solution: limit access to password file, use salt.) < word, hash(word+salt), salt> Online dictionary attacks: Attacker guesses a username/password pair and tries to login. Real time. Case study : e-Bay user account hacking [ link ] [B. Pinkas] [e-bay case]

24 Countermeasures against online dictionary attacks
Username / pwd-1 Answer 1 (No) Delayed answer Username / pwd-2 Answer 2 (No) Username / pwd-5 Answer 5 (No) Account locked

25 Risks of locking accounts
eBay experiences dictionary attacks, but does not implement account locking. Denial of service attacks: To lock a user, try to login into his account with random passwords. (auctions, corporates…) Customer service costs: Users whose accounts are locked call a customer service center – impose call cost

26 Password for Network Authentication
Password for network authentication differ from local login. Hashed password can not be sent over the network. Captured hashed password can be used for offline dictionary attack Using Salt (transmit in plain text)  still weak to offline attack.

27 Authentication using SKC
In a network authentication, use password for deriving shared keys to be used in challenge response system. Key = part of hash(password) One-way authentication using SKC

28 One-way Authentication using SKC-variation

29 One-way Authentication using SKC-variation
Bob : state-less  prevent Denial of Service(DoS) attack timestamp : require time synchronization, not trivial in a large network. if stream cipher is used, 1 bit flip in the cipher text flips 1 bit in the plain text. Eve may get an approximate time stamp by flipping the millisecond bits.

30 Mutual Authentication using SKC
Authenticate each other. (Reduced Massages)

31 Mutual authentication using SKC-Reflection Attack
How to prevent the reflection attack Unique format for each direction – even and odd challenge Different symmetric key for each direction

32 Lamport’s Hash Bob(server) saves (username, )
: (m-1) times hash of R1. Bob(server) saves (username, ) After one authentication, Bob sets raise to (m-1) When m=1, reconfigure new password. How to avoid new password reconfiguration when m=1  use salt with password

33 Authentication using PKC
One-way authentication Mutual Authentication Key Database compromise  does not compromise the security of the System.

34 What to use for authentication : SKC or PKC?
(Advantages) less computation intensive more resilient to DoS Attacks. (Disadvantages) Key database compromise  security of whole system is compromised. Eve can collect < plaintext, ciphertext> pairs  launch dictionary attack. How to: Eve claims to be Bob and send challenge to A, then collect the cipher text for the challenge.

35 What to use for authentication: SKC or PKC?
(advantages) Key database compromise  does not compromise the security of whole system dictionary attack is not applicable. (Disadvantages) computation intensive weak to DoS Attacks.

36 Session Hijacking Instead of trying to break the authentication protocol, it circumvent it completely. Cause : authentication result is not linked to the rest of the session. Solution : Use authenticated key agreement protocol.

37 Needham Schroeder SKC-based mutual authentication and key establishment

38 Kerberos

39 Resources [B. Pinkas] Securing Passwords against Dictionary attack
[e-bay case] Collin Boyd, Anish Mathuria, Protocols for Authentication and Key Establishment, Springer-Verlag Evaluation of RSA cryptographic Schemes,

Download ppt "Chapter 2. Network Security Protocols"

Similar presentations

Securing Passwords against Dictionary Attacks

Securing Passwords against Dictionary Attacks
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.

COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Computer Security Key Management

Computer Security Key Management
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Similar presentations

Ads by Google