Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Survey of Authentication Protocol Literature: Version 1.0 Written by John Clark and Jeremy Jacob Presented by Brian Sierawski.

Published byAntony Cain Modified over 8 years ago

Similar presentations

Presentation on theme: "A Survey of Authentication Protocol Literature: Version 1.0 Written by John Clark and Jeremy Jacob Presented by Brian Sierawski."— Presentation transcript:

1 A Survey of Authentication Protocol Literature: Version 1.0 Written by John Clark and Jeremy Jacob Presented by Brian Sierawski

2 Overview Background Cryptography Forms of Attack

3 Background Term: Users, hosts, processes referred to as principals Goal: Want to be sure that a received message has been created recently by the principal who claims to have send it

4 Overview Background Cryptography Forms of Attack

5 Cryptography Cryptography is fundamental to authentication Cryptographic algorithm converts plaintext to unintelligible ciphertext Encryption depends on key

6 Notation E(K : M) denotes M encrypted with key K Principals are capital letters A, B, S for server, Z for attacker Z(A) denotes Z acting as A Na refers to a number generated by A Eg. A B : A, E(Kab : Na) –A sends B an identifier with an encrypted nonce

7 Symmetric Key Cryptography The encryption key K and decryption key K -1 are easily obtainable from each other Anyone in possession of they key may read or create ciphertexts => key must be shared secret between principals Kab denotes key for communication between principals A and B

8 Symmetric Key Cryptography Classical Cryptography –Substitution cipher: substitutes a ciphertext character for a plaintext character –Transposition cipher: shuffles plaintext characters Modern Cryptography –Block cipher –Stream cipher

9 Block Cipher Encrypts a block of 64 or 128 bits at a time DES encrypts 56 bits (at insistence of NSA) which is insufficient to modern day attacks Other block ciphers: MADRYGA, NEWDES, FEAL-N, RC2, RC4, IDEA

10 Modes of Block Ciphers Electronic Code Book (ECB) Cipher Block Chaining (CBC) Cipher Feedback Mode (CFB)

11 Electronic Code Book (EBC) Simplest mode Consecutive blocks of plaintext are encrypted => identical blocks of plaintext are always encrypted in the same way Problem 1: Analyst may be able to build up a codebook of plaintext-ciphertext pairs Problem 2: Possible to replace an encrypted block with another

12 Cipher Block Chaining (CBC) Block i of plain text is XORed with block i - 1 of ciphertext then encrypted Choosing different initial block I will create different ciphertexts Problem: Should initial block be sent in clear or encrypted?

13 Cipher Feedback mode (CFB) Useful to transmit data less than block size Process: –Shift register initialized –Contents encrypted as a block –Leftmost byte XORed with plaintext data –Ciphertext pushed on right end of register

14 Stream Ciphers Encrypt one bit of plaintext at a time Generate bit stream and XOR successive bits with successive bits of plaintext Next-State Function Internal State Output FunctionKiKi PiPi CiCi Key

15 Symmetric Key Without Trusted Third Party ISO One-pass Symmetric Key Unilateral Authentication Protocol –A B : Text2, E(Kab : [Ta | Na], B, Text1) Text2 identifies sender Timestamp or nonce prevent replay attacks B’s identity included as sole receiver

16 Symmetric Key With Trusted Third Party Eg. Needham Schroeder Symmetric Key Authentication: –(1) A S : A, B, Na –(2) S A : E(Kas:Na, B, Kab, E(Kbs:Kab, A)) –(3) A B : E(Kbs:Kab, A) –(4) B A : E(Kab:Nb) –(5) A B : E(Kab:Nb - 1) Problem: Freshness Attacks

17 Public Key Cryptography No shared secret, each principal A is associated with key pair (Ka, Ka -1 ) Only public key revealed Encryption with Ka -1 and decryption with Ka guarantees authenticity. 1024 bit key recommended

18 Public Key Cryptography Problem: RSA is 100x slower than DES => Exchanging symmetric keys through public key cryptography good idea! Typically a trusted server S called certification authority stores public keys and distributes them under Ks -1

19 Overview Background Cryptography Forms of Attack

20 Freshness Attack Occurs when a message is recorded and replayed Needham Schroeder protocol weak –(3) A B : E(Kbs:Kab, A) –Old key K’ab may have been compromised

21 Type Flaws Arises when recipient accepts a message as valid but imposes different interpretation Otway-Rees protocol –(1) A B : M,A,B,E(Kas:Na,M,A,B) –(2) B S : M,A,B,E(Kas:Na,M,A,B),E(Kbs:Nb,M,A,B) –(3) S B : M,E(Kas:Na,Kab),E(Kbs:Nb,Kab) –(4) B A : M,E(Kas:Na,Kab) Attack –(1) A Z(B) : M,A,B,E(Kas,Na,M,A,B) –(4) Z(B) A : M,E(Kas:Na,M,A,B)

22 Parallel Session Attacks Occurs when two or more protocol runs are executed concurrently and messages from one are used to form messages in another –(1) A B : E(Kab : Na) –(2) B A : E(Kab : Na + 1) Attack –(1.1) A Z(B) : E(Kab : Na) –(2.1) Z(B) A : E(Kab : Na) –(2.2) A Z(B) : E(Kab : Na + 1) –(1.2) Z(B) A : E(Kab : Na + 1)

23 Implementation Dependent Attacks Stream Ciphers (Needham Schroeder) –(4) B A : E(Kab : Nb) –(5) A B : E(Kab : Nb - 1) –If Nb is odd, Nb - 1 has good chance of being formed by flipping last cipher bit –Changing Identity Same attack on A B : E(Kbs : Kab, A) A can masquerade as C

24 Implementation Dependent Attacks Cipher Block Chaining –Cut and Paste –Random jibberish X may be expected P 1 P 2 P 3 P 4 P 5 P’ 1 P’ 2 P’ 3 P’ 4 C 0 C 1 C 2 C 3 C 4 C 5 C’ 0 C’ 1 C’ 2 C’ 3 C’ 4 C 0 C 1 C 2 C 3 C’ 2 C’ 3 C’ 4 P 1 P 2 P 3 X P’ 3 P’ 4

25 Implementation Dependent Attacks –Initialization Attacks Given ciphertext C 0 C 1 and known P 1 Decryption alg: P 1 = C 0 d k (C 1 ) Desired block value W = W P 1 P 1 W = W P 1 (C 0 d k (C 1 ) W = C’ 0 d k (C 1 ) where C’ 0 = W P 1 C 0 Without knowing they key, P 1 has now been easily replaced with W In Needham Schroeder the first block is the nonce!

26 Binding Attack A simple public key distribution –(1) C AS : C, S, Nc –(2) AS C : AS, E(Kas -1 : AS, C, Nc, Ks) Leads to the following problem –(1.1) C Z(AS) : C, S, Nc –(2.1) Z(C) AS : C, Z, Nc –(2.2) AS Z(C) : AS, E(Kas -1 : AS, C, Nc, Kz) –(1.2) Z(AS) C : AS, E(Kas -1 : AS, C, Nc, Kz)

27 Conclusions Even though protocols have few messages, construction is complex The whole system is important Need tool support for rigorous development and analysis of protocols

Download ppt "A Survey of Authentication Protocol Literature: Version 1.0 Written by John Clark and Jeremy Jacob Presented by Brian Sierawski."

Similar presentations

“Advanced Encryption Standard” & “Modes of Operation”

“Advanced Encryption Standard” & “Modes of Operation”
Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.

Encipherment Using Modern Symmetric-Key Ciphers. 8.2 Objectives ❏ To show how modern standard ciphers, such as DES or AES, can be used to encipher long.
Modern Symmetric-Key Ciphers

Modern Symmetric-Key Ciphers
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Chapter 5 Cryptography Protecting principals communication in systems.

Chapter 5 Cryptography Protecting principals communication in systems.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 1 Security PART VII.

McGraw-Hill©The McGraw-Hill Companies, Inc., Security PART VII.
How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.

How cryptography is used to secure web services Josh Benaloh Cryptographer Microsoft Research.
EECC694 - Shaaban #1 lec #16 Spring2000 5-4-2000 Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.

EECC694 - Shaaban #1 lec #16 Spring Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able.
Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2003CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.

Introduction to Symmetric Block Cipher Jing Deng Based on Prof. Rick Han’s Lecture Slides Dr. Andreas Steffen’s Security Tutorial.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
15-441 Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from 15-441, semester’s past and others.

Computer Networking Lecture 21: Security and Cryptography Thanks to various folks from , semester’s past and others.
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3

Similar presentations

Ads by Google