 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

Slides:

Advertisements

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

Advertisements

A less formal view of the Kerberos protocol J.-F. Pâris.

Chapter 10 Real world security protocols

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Attacks on cryptography – Cyphertext, known pltext, chosen pltext, MITM, brute-force Types of ciphers – Mix of substitution and transposition – Monoalphabetic,

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

Authentication & Kerberos

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

1 Authentication Applications Digital Signatures Security Concerns X.509 Authentication Service Kerberos Based on slides by Dr. Lawrie Brown of the Australian.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.

Key Management/Distribution. Administrivia Snafu on books Probably best to buy it elsewhere Paper assignment and first homework Next week (9/24)

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 7 Wenbing Zhao Department of Electrical and Computer Engineering.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

Chapter 9 Cryptographic Protocol Cryptography-Principles and Practice Harbin Institute of Technology School of Computer Science and Technology Zhijun Li.

Network Security – Part 2 V.T. Raja, Ph.D., Oregon State University.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesn’t scale Using public key cryptography (possible)

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Chapter 31 Network Security

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.

Page 1 Secure Communication Paul Krzyzanowski Distributed Systems Except as otherwise noted, the content of this presentation.

Pretty Good Privacy by Philip Zimmerman presented by: Chris Ward.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Cryptography, Authentication and Digital Signatures

Authentication Applications Unit 6. Kerberos In Greek and Roman mythology, is a multi-headed (usually three-headed) dog, or "hellhound” with a serpent's.

Chapter 3: Basic Protocols Dulal C. Kar. Key Exchange with Symmetric Cryptography Session key –A separate key for one particular communication session.

4 th lecture.  Message to be encrypted: HELLO  Key: XMCKL H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message + 23 (X) 12 (M) 2 (C) 10 (K) 11.

Chapter 21 Distributed System Security Copyright © 2008.

Security protocols  Authentication protocols (this lecture)  Electronic voting protocols  Fair exchange protocols  Digital cash protocols.

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

15.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Key Management.

Lecture 13 Page 1 Advanced Network Security Authentication and Authorization in Local Networks Advanced Network Security Peter Reiher August, 2014.

Advanced Database Course (ESED5204) Eng. Hanan Alyazji University of Palestine Software Engineering Department.

1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.

Lecture 16: Security CDK4: Chapter 7 CDK5: Chapter 11 TvS: Chapter 9.

Digital Signatures, Message Digest and Authentication Week-9.

14.1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 14 Entity Authentication.

1 Needham-Schroeder A --> S: A,B, N A S --> A: {N A,B,K AB,{K AB,A} KBS } KAS A --> B:{K AB,A} KBS B --> A:{N B } KAB A --> B:{N B -1} KAB.

Lecture 5.2: Key Distribution: Private Key Setting CS 436/636/736 Spring 2012 Nitesh Saxena.

Cryptography: Digital Signatures Message Digests Authentication

Using Cryptography for Network Security Common problems: –Authentication - A and B want to prove their identities to one another –Key-distribution - A.

Authentication Issues and Solutions CSCI 5857: Encoding and Encryption.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

15-499Page :Algorithms and Applications Cryptography I – Introduction – Terminology – Some primitives – Some protocols.

1 Kerberos – Private Key System Ahmad Ibrahim. History Cerberus, the hound of Hades, (Kerberos in Greek) Developed at MIT in the mid 1980s Available as.

1 Kerberos n Part of project Athena (MIT). n Trusted 3rd party authentication scheme. n Assumes that hosts are not trustworthy. n Requires that each client.

Computer and Network Security - Message Digests, Kerberos, PKI –

Key Management Network Systems Security Mort Anvari.

CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

KERBEROS SYSTEM Kumar Madugula.

Security. Cryptography (1) Intruders and eavesdroppers in communication.

Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.

Dr. Nermi hamza.  A user may gain access to a particular workstation and pretend to be another user operating from that workstation.  A user may eavesdrop.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.

Computer Communication & Networks

Chapter 15 Key Management

Presentation transcript:

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large numbers to extract key  Must use brute-force  One-way hash functions o Collision-free, collision-resistant o MD5, SHA  DES, AES (not on exams)

 Confidentiality, integrity, non-repudiation o M, E(M), H(M), E(H(M)), H(E(M)) o M + H(M) – integrity, H(M) must be stored not sent o M + E(H(M)) – integrity, non-repudiation (PK) o M + H(E(M)) – no sense o E(M) + H(M) – integrity, confidentiality o E(M) + E(H(M)) – integrity, confidentiality, non- repudiation (use different keys) o E(M) + H(E(M)) – integrity, confidentiality

 Key management is where much security weakness lies o Choosing keys o Storing keys o Communicating keys

 Technically easy o Distribute shared keys to each entity we want to communicate with  But it doesn’t scale o Hundreds of servers… o Times thousands of users… o Yields ~ million keys

 Alice creates a secret key, encrypts it with Bob’s public key and sends it off  Bob decrypts the message with his private key  Use shared key for further communication  This is how many applications work  Could communicate using public key cryptography but it’s slow

 Exchange a secret with someone you never met while shouting in a room full of people  Alice and Bob agree on g and large n  Alice chooses random a, sends  Bob chooses random b, sends  Alice takes Bob’s message and calculates  Bob does the same; now they both know shared secret

 Alice sends to Bob her public key Pub(A)  Mallory captures this and sends to Bob Pub(M)  Bob sends to Alice his public key Pub(B)  Mallory captures this and sends to Alice Pub(M)  Now Alice and Bob correspond through Mallory who can read all their messages

 First four steps are the same o Alice sends to Bob her public key Pub(A) o Mallory captures this and sends to Bob Pub(M) o Bob sends to Alice his public key Pub(B) o Mallory captures this and sends to Alice Pub(M)  Alice encrypts a message in Pub(M) but sends half to Bob – Mallory cannot recover this message and duplicate it  This works if Mallory cannot mimic Alice’s and Bob’s messages

 Alice and Bob need not exchange keys directly to communicate o Alice generates a random session key K o She obtains Bob’s public key from a database and encrypts K with that E B (K) o She sends both the message encrypted with K, E K (M) and a key E B (K) to Bob  This is how most real-world protocols work

 Step toward Needham-Schroeder and Kerberos mechanisms  Key-distribution tied to authentication o If you know who you share a key with, authentication is easy – they just send you something encrypted with that key (must be something you’ve chosen)

 Proving knowledge of shared key o Nonce = Non repeating, random value But where does K AB come from? Alice Bob NANA K AB (N A ) NBNB K AB (N B )

 KDC = Key Distribution Center o Everyone shares a key with KDC, e.g., C shares K C  User C sends request to KDC that they want to communicate with the server S – need K CS  KDC generates a key: K cs o Encrypted for each participant: K c (K cs ), K s (K cs ) o K s (K cs ) called ticket o Ticket plus K cs called credentials o Ticket is opaque and forwarded with application request  No keys ever traverse net in the clear

Third-party authentication service o Distributes session keys for authentication, confidentiality, and integrity KDC 1. C, S, N C 2. K C (N C, K CS, S, K S (K CS, C )) CS 3.K S (K CS, C ) 4.K CS (N S ) 5.K CS (N S -1) Problem: replay attack in step 3 Fix: use timestamps

 What happens if attacker does get session key K CS ? o Answer: Can reuse old session key to answer challenge-response, generate new requests, etc

 Replace (or supplement) nonce in request/reply with timestamp o K C (K CS, S, N C, t) and K S (K CS, C, t) in steps 2,3

 Server has no guarantee that K CS is fresh  If an attacker gets hold of K C key he can impersonate C to anyone o The only solution is for KDC to tell everyone that K C was revoked  Protocol assumes all users of it are good guys

 Introduce Ticket Granting Server (TGS) o Issues timed keys to resources  Users log on to authentication server (AS)  AS+TGS = KDC  Uses timestamps with a lifetime instead of nonces o Fixes freshness problem from Needham-Shroeder

 Chosen paper must talk about cryptography, authentication, authorization or policy o Select from venues listed on the class Web page o me your chosen paper to verify it fits the topic  Write 2-4 page report o Summary of problem, why is it important and hard, solution summary, evaluation and results, your opinion and your ideas o Originality, clearness, writing style o Proof-read!! o Start now!