Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.

Slides:



Advertisements
Similar presentations
AUTHENTICATION AND KEY DISTRIBUTION
Advertisements

Chapter 14 – Authentication Applications
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Copyright © 2014 EMC Corporation. All Rights Reserved. Basic Network Configuration for File Upon completion of this module, you should be able to: Configure.
TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
Cryptography Basic (cont)
Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Lecture 12 Security. Summary  PEM  secure  PGP  S/MIME.
Remote Networking Architectures
Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.
Digital Signature Xiaoyan Guo/ Xiaohang Luo/
INE1020: Introduction to Internet Engineering 6: Privacy and Security Issues1 Lecture 9: E-commerce & Business r E-Commerce r Security Issues m Secure.
ECE453 – Introduction to Computer Networks Lecture 18 – Network Security (I)
Chi-Cheng Lin, Winona State University CS 313 Introduction to Computer Networking & Telecommunication Network Security (A Very Brief Introduction)
70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 9: Securing Network Traffic Using IPSec.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Secure Socket Layer (SSL)
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 37 Network Security. Aspects of Security data integrity – data received should be same as data sent data availability – data should be accessible.
Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 22 – Internet Authentication.
©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.
Chapter 23 Internet Authentication Applications Kerberos Overview Initially developed at MIT Software utility available in both the public domain and.
4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.
Chapter 21 Distributed System Security Copyright © 2008.
Digital Envelopes, Secure Socket Layer and Digital Certificates By: Anthony and James.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
1 © 2005 Cisco Systems, Inc. All rights reserved. 111 © 2004, Cisco Systems, Inc. All rights reserved. CNIT 221 Security 2 Module 3 City College of San.
Network Security7-1 CIS3360: Chapter 8: Cryptography Application of Public Cryptography Cliff Zou Spring 2012 TexPoint fonts used in EMF. Read the TexPoint.
Network Security David Lazăr.
IPsec IPsec (IP security) Security for transmission over IP networks –The Internet –Internal corporate IP networks –IP packets sent over public switched.
Copyright 1999 S.D. Personick. All Rights Reserved. Telecommunications Networking II Lecture 41b Cryptography and Its Applications.
CS 4244: Internet Programming Security 1.0. Introduction Client identification and cookies Basic Authentication Digest Authentication Secure HTTP.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
TCP/IP Protocol Suite 1 Chapter 30 Security Credit: most slides from Forouzan, TCP/IP protocol suit.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
IPSec and TLS Lesson Introduction ●IPSec and the Internet key exchange protocol ●Transport layer security protocol.
1 Session 4 Module 6: Digital signatures. Digital Signatures / Session4 / 2 of 18 Module 4, 5 - Review (1)  Java 2 security model provides a consistent.
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
Privacy and Security Topics From Greenlaw/Hepp, In-line/On-line: Fundamentals of the Internet and the World Wide Web 1 Introduction Known Information Software.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Cryptography CSS 329 Lecture 13:SSL.
1 Example security systems n Kerberos n Secure shell.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
The Secure Sockets Layer (SSL) Protocol
Cryptography and Network Security
Scalable, Autonomous Network Services Configuration
Quad Charts David L. Mills University of Delaware
The Secure Sockets Layer (SSL) Protocol
Scalable, High Speed Time Synchronization (D012)
NTP Security Model David L. Mills University of Delaware
Survivable Real-Time Network Services
Unit 8 Network Security.
Presentation transcript:

Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols David L. Mills, University of Delaware 21 January

Page # Introduction Authentication for ubiquitous, real-time protocols such as Network Time Protocol Current scheme uses one-way hash functions and private keys New scheme combines with public-key cryptosystem and certificates Avoids public-key computations for every packet Requires no per-client state at busy servers Requires only occasional verification of server credentials

Page # NTP capsule summary Network Time Protocol (NTP) Synchronizes clocks of hosts and routers in the Internet Provides submillisecond accuracy on LANs, low tens of milliseconds on WANs Reliability assured by redundant servers and diverse network paths Engineered algorithms used to reduce jitter, mitigate multiple sources and avoid improperly operating servers

Page # NTP authentication - issues Configuration and authentication and synchronization are inseparable Clients and servers must require no manual configuration Ultimate security must be based on private values known only to servers and public values obtained from directory services Must be fast

Page # NTP authentication - approach Authentication and synchronization work independently for each peer server Public keys and certificates are obtained and verified relatively infrequently Session keys are derived from public keys using fast algorithms Only when time and authentication are independently verified is the local clock set

Page # MD5 message digest

Page # MD5/RSA digital signature

Page # Authentication scheme A (Kent) Scheme is based on public key encryption and one-way hash function Certificated public values for each server provided by Secure DNS or X.509 Server computes session key as one-way hash of server private value, server/client IP addresses and key identifier as each client request is received On request, server sends session key to client using public-key cryptography

Page # Authentication scheme B (S-Key) Scheme is based on public key encryption and S/KEY scheme Server generates list of session keys, where each key is a one-way hash of the previous key Server uses keys in reverse order and generates a new list when the current one is exhausted; Clients verify the hash of the current key equals the previous key On request, the server signs the current key and sends to client

Page # Current status Complete analysis of security model and authentication scheme in TR Preliminary design for integration in Unix/Windows NTP daemon completed Implementation plan in progress Complete set of status reports and briefing slides at:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.