Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Slides:



Advertisements
Similar presentations
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
Advertisements

AUTHENTICATION AND KEY DISTRIBUTION
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Chapter 10 Real world security protocols
Security Protocols Sathish Vadhiyar Sources / Credits: Kerberos web pages and documents contained / pointed.
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
COS 461 Fall 1997 Todays Lecture u intro to security in networking –confidentiality –integrity –authentication –authorization u orientation for assignment.
Attacks on cryptography – Cyphertext, known pltext, chosen pltext, MITM, brute-force Types of ciphers – Mix of substitution and transposition – Monoalphabetic,
CNS2010handout 12 :: crypto protocols1 ELEC5616 computer and network security matt barrie
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
COEN 350 Kerberos. Provide authentication for a user that works on a workstation. Uses secret key technology Because public key technology still had patent.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Security Management.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesn’t scale Using public key cryptography (possible)
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.
SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.
Chapter 21 Distributed System Security Copyright © 2008.
Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
Authentication 3: On The Internet. 2 Readings URL attacks
Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
1 KERBEROS: AN AUTHENTICATION SERVICE FOR OPEN NETWORK SYSTEMS J. G. Steiner, C. Neuman, J. I. Schiller MIT.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesn’t scale Using public key cryptography (possible)
1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.
Network Security Continued. Digital Signature You want to sign a document. Three conditions. – 1. The receiver can verify the identity of the sender.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
KERBEROS SYSTEM Kumar Madugula.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
Key management issues in PGP
Computer Communication & Networks
Key Management.
CS480 Cryptography and Information Security
Chapter 15 Key Management
Message Security, User Authentication, and Key Management
Kerberos Part of project Athena (MIT).
KERBEROS.
Advanced Computer Networks
Chapter 15 Key Management
AIT 682: Network and Systems Security
Key Exchange With Public Key Cryptography
Presentation transcript:

Key Management

Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible) Using specially crafted messages (Diffie Hellman) Using a trusted third party (KDC) – Secrets should never be sent in clear – We should prevent replay attacks – We should prevent reuse of old keys

Exchange a secret with someone you never met while shouting in a room full of people Alice and Bob agree on g and large n Alice chooses random a, sends Bob chooses random b, sends Alice takes Bobs message and calculates Bob does the same; now they both know shared secret Diffie Hellman Key Exchange

Building up to Needham Schroeder/Kerberos User sends req. to KDC (key distrib. center) KDC generates a shared key: K c,s Keys K KDC,C and K KDC,S are preconfigured No keys ever traverse net in the clear Why are identities in tickets? KDC Based Key Distribution C C KDC S S 3. EK KDC,S {C, K c,s } 2. EK KDC,C {S, K c,s } 1. C, S ticket

KDC does not have to talk both to C and S Messages 2 or 3 can be replayed by M – Force C and S to use same secret for a long time – Cause S to have an old ticket, break comm. w C KDC Based Key Distribution C C KDC S S ticket S = EK KDC,S {C, K c,s } 2. EK KDC,C {S, K c,s }, ticket S 1. C, S 3. ticket S

Use nonces to prevent replay attacks Needham-Shroeder Key Exchange C C KDC S S ticket S = EK KDC,S {C, K c,s } 2. EK KDC,C {N 1, S, K c,s, ticket S } 1. N 1, C, S 3. EK C,S {N 2 }, ticket S 4. EK C,S {N 2 -1, N 3 } 5. EK C,S {N 3 -1}

Why N 1 ? Why N 2 ? Why N 3 ? Why encrypt ticket S Whys …

What happens if attacker gets session key? – Can reuse old session key to answer challenge- response, generate new requests, etc – Need timestamps to ensure freshness = tickets expire after some time Problem

Introduce Ticket Granting Server (TGS) – Daily ticket plus session keys Authentication server (AS) authenticates users TGS+AS = KDC – This is modified Needham-Schroeder – Basis for Kerberos Solution

Third-party authentication service – Distributes session keys for authentication, confidentiality, and integrity Kerberos TGS 4. TGSRep 3. TGSReq AS 1. ASReq 2. ASRep CS 5. SReq

ASReq = username, TGS, timestamp 1 T TGS = EK AS,TGS (C, K TGS,C, timestamp 2, lifetime 2 ) ASRep = EK C,AS (K TGS,C, TGS, timestamp 2, lifetime 2 ), T TGS TGSReq = T TGS, S, EK TGS,C (C, timestamp 3 ) T S = EK S,TGS (C, K C,S, timestamp 4, lifetime 4 ) TGSRep = T S, EK C,TGS (K C,S, S, timestamp 4, lifetime 4 ) SReq = EK C,S (C, timestamp 5 ), T S Kerberos K C, AS = f(pass user )

Public Key Exchange Problem How do we verify an identity: – Alice sends to Bob her public key Pub(A) – Bob sends to Alice his public key Pub(B) – How do we ensure that those keys really belong to Alice and Bob? Need a trusted third party

Man-in-the-Middle Attack On Key Exchange Alice sends to Bob her public key Pub(A) Mallory captures this and sends to Bob Pub(M) Bob sends to Alice his public key Pub(B) Mallory captures this and sends to Alice Pub(M) Now Alice and Bob correspond through Mallory who can read/change all their messages

Public key is public but … – How does either side know who and what the key is for? Does this solve key distribution problem? – No – while confidentiality is not required, integrity is Still need trusted third party – Digital certificates – certificate authority (CA) signs identity+public key tuple with its private key – Problem is finding a CA that both client and server trust Public Key Exchange

Digital Certificates Everyone has Trents public key Trent signs both Alices and Bobs public keys – he generates public-key certificate When they receive keys, verify the signature Mallory cannot impersonate Alice or Bob because her key is signed as Mallorys Certificate usually contains more than the public key – Name, network address, organization Trent is known as Certificate Authority (CA)

Authentication steps – Alice provides nonce, or a timestamp is used instead, along with her certificate. – Bob selects session key and sends it to Alice with nonce, encrypted with Alices public key, and signed with Bobs private key. He sends his certificate too – Alice validates certificate – it is really Bobs key inside – Alice checks signature and nonce – Bob really generated the message and it is fresh Certificate-Based Key Exchange

Pretty Good Privacy –Web of Trust – Public key, identity association is signed by many entities – Receiver hopefully can locate several signatures that he can trust – Like an endorsement scheme PGP

User keys installed on server out of band – User logs in with a password – Copies her public key onto server Weak assurance of server keys – User machine remembers server keys on first contact – Checks if this is still the same host on subsequent contact – But no check on first contact SSH

Revocation lists (CRLs) – Long lists – Hard to propagate Lifetime / Expiration – Short life allows assurance of validity at time of issue Real time validation – Receiver of a certificate asks the CA who signed it if corresponding private key was compromised – Can cache replies Recovery From Stolen Private Keys

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.