 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Slides:



Advertisements
Similar presentations
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Advertisements

Chapter 10 Real world security protocols
Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Attacks on cryptography – Cyphertext, known pltext, chosen pltext, MITM, brute-force Types of ciphers – Mix of substitution and transposition – Monoalphabetic,
CNS2010handout 12 :: crypto protocols1 ELEC5616 computer and network security matt barrie
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
AUTHENTICATION APPLICATIONS - Chapter 14 Kerberos X.509 Directory Authentication (S/MIME)
Authentication & Kerberos
Cryptography and Network Security Chapter 15 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Henric Johnson1 Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden
1 Authentication Applications Based on slides by Dr. Lawrie Brown of the Australian Defence Force Academy, University College, UNSW.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.
Copyright © B. C. Neuman, - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE Fall Security Systems Lecture notes Dr.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE USC CSci530 Computer Security Systems Lecture.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
INF 123 SW ARCH, DIST SYS & INTEROP LECTURE 17 Prof. Crista Lopes.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Key Distribution CS 470 Introduction to Applied Cryptography
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesn’t scale Using public key cryptography (possible)
1 Authentication Protocols Celia Li Computer Science and Engineering York University.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Computer Science Public Key Management Lecture 5.
Chapter 31 Network Security
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
Secure r How do you do it? m Need to worry about sniffing, modifying, end- user masquerading, replaying. m If sender and receiver have shared secret.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 21 Distributed System Security Copyright © 2008.
Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.
Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.
15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.
Authentication 3: On The Internet. 2 Readings URL attacks
KERBEROS. Introduction trusted key server system from MIT.Part of project Athena (MIT).Developed in mid 1980s. provides centralised private-key third-party.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.
1 KERBEROS: AN AUTHENTICATION SERVICE FOR OPEN NETWORK SYSTEMS J. G. Steiner, C. Neuman, J. I. Schiller MIT.
X.509 Topics PGP S/MIME Kerberos. Directory Authentication Framework X.509 is part of the ISO X.500 directory standard. used by S/MIME, SSL, IPSec, and.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Topic 14: Secure Communication1 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Network Security Lecture 25 Presented by: Dr. Munam Ali Shah.
Key Management Network Systems Security Mort Anvari.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
KERBEROS SYSTEM Kumar Madugula.
Fall 2006CS 395: Computer Security1 Key Management.
@Yuan Xue CS 285 Network Security Key Distribution and Management Yuan Xue Fall 2012.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Lecture 6.
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Computer Communication & Networks
Cryptography and Network Security
CS480 Cryptography and Information Security
Message Security, User Authentication, and Key Management
Presentation transcript:

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant  Authenticates participants, generates session (shared) keys for them to talk to each other  Gives the requester a “ticket” – session key, requester’s ID and possibly expiration time, encrypted by the key that the server shares with KDC  Ticket and session key enrypted by the key that the requester shares with KDC  Needham-Schroeder, Kerberos

Third-party authentication service o Distributes session keys for authentication, confidentiality, and integrity KDC 1. C, S, N C 2. K C (N C, K CS, S, K S (K CS, C )) CS 3.K S (K CS, C ) 4.K CS (N S ) 5.K CS (N S -1) Problem: replay attack in step 3 Fix: use timestamps

 Introduce Ticket Granting Server (TGS) o Issues timed keys to resources  Users log on to authentication server (AS)  AS+TGS = KDC  Uses timestamps with a lifetime instead of nonces o Fixes freshness problem from Needham- Schroeder

Third-party authentication service o Distributes session keys for authentication, confidentiality, and integrity TGS 4. K C,TGS (K C,S ), T CS 3. TGT, S, K C,TGS (C, t) AS 1.C2. K C (K C,TGS ), TGT C S 5. T CS, K C,S (C,t) K C =hash(pass(C)) TGT=K TGS (C,Tvalid,K C,TGS ) T CS =K S (C,Tvalid,K C,S ) 6. K C,S (t+1)

 Public key is public but … o How does either side know who and what the key is for?  Does this solve key distribution problem? o No – while confidentiality is not required, integrity is  Still need trusted third party o Digital certificates – certificate authority (CA) signs identity+public key tuple with its private key o Problem is finding a CA that both client and server trust

 Everyone has Trent’s public key  Trent signs both Alice’s and Bob’s public keys – he generates public-key certificate  When they receive keys, verify the signature  Mallory cannot impersonate Alice or Bob because her key is signed as Mallory’s  Certificate usually contains more than the public key o Name, network address, organization  Trent is known as Certificate Authority (CA)

 Authentication steps o Verifier provides nonce, or a timestamp is used instead. o Principal selects session key and sends it to verifier with nonce, encrypted with principal’s private key and verifier’s public key, sends principal’s certificate too o Verifier validates certificate o Verifier checks signature on nonce

 PGP (Pretty Good Privacy) o “ Web of Trust” o Source: Wikipedia  “As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.“

 X.509 standard o Hierarchical model o A handful of trusted CAs can issue certificates to others

 SSH o User keys exchanged out of band o Weak assurance of server keys  Is this the same host you spoke with last time?

 Revocation lists (CRL’s) o Long lists o Hard to propagate  Lifetime / Expiration o Short life allows assurance of validity at time of issue but increases cost of key distribution  Real-time validation o Online Certificate Status Protocol (OCSP) o Single source of the compromised key list o Clients check suspicious keys and hash replies

 Group key vs. Individual key o Proves that one belongs to the group vs. proving an individual identity o E.g., used for multicast messages

 Revoking access o Change keys, redistribute  Joining and leaving groups o Does one see old messages on join or is the key changed – backward secrecy o How to revoke access – forward secrecy  Robustness o Coping with network partitioning  Efficiency o Cost of use, verification, exchange

 Centralized o Single entity issues keys o Optimization to reduce traffic for large groups o May utilize application specific knowledge  Decentralized o Employs sub managers  Distributed o Members do key generation o May involve group contributions

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.