Multiprotocol Attacks and the Public Key Infrastructure* Jim Alves-Foss Center for Secure and Dependable Software University of Idaho

Slides:



Advertisements
Similar presentations
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
Advertisements

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
Cryptographic Security Presented by: Josh Baker October 9 th, CS5204 – Operating Systems.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Chapter 4 Authentication Applications. Objectives: authentication functions developed to support application-level authentication & digital signatures.
Authentication & Kerberos
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Chapter 5 Network Security Protocols in Practice Part I
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
Dr. Sarbari Gupta Electrosoft Services Tel: (703) Security Characteristics of Cryptographic.
G Robert Grimm New York University Using Encryption for Authentication in Computer Networks.
Cryptography Basic (cont)
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
8.1 Learning Objectives To become familiar with the range of security threats faced by networked and distributed systems (DSs); To examine various cryptographic.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Information Security of Embedded Systems : Algorithms and Measures Prof. Dr. Holger Schlingloff Institut für Informatik und Fraunhofer FIRST.
Topic 11: Key Distribution and Agreement 1 Information Security CS 526 Topic 11: Key Distribution & Agreement, Secure Communication.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Lecture 4 Cryptographic Tools (cont) modified from slides of Lawrie Brown.
Key Management in Cryptography
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Key Management Guidelines. 1. Introduction 2. Glossary of Terms and Acronyms 3. Cryptographic Algorithms, Keys and Other Keying Material 4. Key Management.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Computer Networks NYUS FCSIT Spring 2008 Milos STOLIC, Bs.C. Teaching Assistant
Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.
OpenVPN OpenVPN: an open source, cross platform client/server, PKI based VPN.
Guomin Yang et al. IEEE Transactions on Wireless Communication Vol. 6 No. 9 September
Unit 1: Protection and Security for Grid Computing Part 2
Chapter 21 Distributed System Security Copyright © 2008.
Cryptography and Network Security (CS435) Part Eight (Key Management)
23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.
1 University of Palestine Information Security Principles ITGD 2202 Ms. Eman Alajrami 2 nd Semester
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
Security in Skype Prepared by Prithula Dhungel. Security in Skype2 The Skype Service P2P based VoIP software Founded by the founders of Kazaa Can be downloaded.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Chapter 4 Using Encryption in Cryptographic Protocols & Practices.
1 Lecture 9: Cryptographic Authentication objectives and classification one-way –secret key –public key mutual –secret key –public key establishing session.
Upper OSI Layers Natawut Nupairoj, Ph.D. Department of Computer Engineering Chulalongkorn University.
McGraw-Hill©The McGraw-Hill Companies, Inc., 2004 Chapter 30 Message Security, User Authentication, and Key Management.
Security Many secure IT systems are like a house with a locked front door but with a side window open -somebody.
Cryptography and Network Security Chapter 14 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Computer and Network Security - Message Digests, Kerberos, PKI –
Chapter 14 Network Encryption
Lecture 11 Overview. Digital Signature Properties CS 450/650 Lecture 11: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.
Lecture 9 Overview. Digital Signature Properties CS 450/650 Lecture 9: Digital Signatures 2 Unforgeable: Only the signer can produce his/her signature.
1 Secure Key Exchange: Diffie-Hellman Exchange Dr. Rocky K. C. Chang 19 February, 2002.
1 Chapter 3-3 Key Distribution. 2 Key Management public-key encryption helps address key distribution problems have two aspects of this: –distribution.
Lesson Introduction ●Authentication protocols ●Key exchange protocols ●Kerberos Security Protocols.
SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.
Pertemuan #8 Key Management Kuliah Pengaman Jaringan.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
1/18 Talking to Strangers: Authentication in Ad-Hoc Wireless Networks Dirk Balfanz 외 2 명 in Xerox Palo Alto Research Center Presentation: Lee Youn-ho.
Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
NAAS 2.0 Features and Enhancements
Presentation transcript:

Multiprotocol Attacks and the Public Key Infrastructure* Jim Alves-Foss Center for Secure and Dependable Software University of Idaho *Supported in part by NSA Grant MDA

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss2 What are Multiprotocol Attacks? ä Multiprotocol Attack ä Interleaves messages from two separate protocols to attack one of them. ä The attacked protocol is subverted using either: ä An incidental collision with another protocol. ä A deliberately tailored protocol. ä An attacker may successfully masquerade as client A to server B using protocol P, even if A does not support P.

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss3 Why the Public-Key Infrastucture ä Attacks in this work are specific to public- key protocols. ä Work for a shared, certified key ä Work for newly generated, self-certified keys. ä Work for fully signed messages, or signed hashes of messages. ä Work against public-key usage for privacy. ä May not work against all private-key protocols.

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss4 Cryptographic Protocol Notation ä Encryption ä {…} K AB - Using private key shared between A and B ä {…} K A - Using the public part of A’s public key ä {…} K A -1 - Using the private part of A’s public key ä Other Techniques ä H(…) - Hashing ä R A - random value generated by A (for use as a nonce or part of a Diffie-Hellman key-distribution)

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss5 A “Secure” Protocol RARARARAAB {A,R B,R A } K B -1 {B,R B } K A -1 Adapted From: Blake-Wilson and Menezes. “Entity Authentication and Authenticated Key Transport Protocols Employing Asymmetric Techniques”. In Proc. Security Protocols, 1997 (LNCS 1361). pp “Protocol 1 - mutual authentication”

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss6 Simple Tailoring of a Protocol MAB RBRBRBRB {B,R B } K A -1 “Protocol 2 - one-way authentication” Adapted From: Jelsey, Schneier and Wagner. “Protocol Interactions and the Chosen Protocol Attack”. In Proc. Security Protocols, 1997 (LNCS 1361). pp

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss7 Attack Against B in Protocol 1 MA EBEBEBEB RBRBRBRB {B,R B } K A -1 EBEBEBEB A RARARARA EAEAEAEAB {A,R B,R A } K B -1 {B,R B } K A -1 EAEAEAEA B B B A EAEAEAEA EBEBEBEB

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss8 A Portion of a “Secure” Protocol AB {B,M 1,M 2,M 3,K AB,M 4,R B } K A {A,B,R B } K AB “Protocol 3 - Portion of a Key Distribution Protocol”

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss9 Simple Tailoring of a Protocol “Protocol 4 - Tailored Decoding Protocol” AE {B,M 1,M 2,M 3,R B1,M 4,R B2 } K A {A,E,R B1,R B2 } K E

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss10 Attack Against B in Protocol 3 EAEAEAEAB {B,M 1,M 2,M 3,K AB,M 4,R B } K A {A,B,R B } K AB AE {E,M 1,M 2,M 3,R B1,M 4,R B2 } K A {A,E,R B1,R B2 } K E EAEAEAEA B AE

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss11 Protection Against Tailored Protocol Attacks ä Why do the attacks occur? 1. Keys (even certified keys) may be shared between multiple protocols. 2. Tailored (or chosen) protocol is installed on a victim’s machine.

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss12 Protection Against Tailored Protocol Attacks ä How do we stop the attacks? ä Kelsey, et. al: ä Limit the scope of the key ä Uniquely identify each application, protocol, version and protocol step ä All protocols should have a fixed unique identifier in a fixed position in the message ä Tie the unique identifier to encryption ä Include support in smartcards

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss13 Protection Against Tailored Protocol Attacks ä Do these work? ä For smartcards they may, but not for general computers. ä Requirements that insist on a unique identifier assumes that protocols follow the rules, a tailored protocol need not follow the rules. ä Without these identifiers, we can not limit key usage to a particular protocol.

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss14 Solution ä What is the solution? ä We must limit key usage to protected/trusted subsystems. ä The subsystems must only allow encryption by certified applications, (those that follow the rules). ä Operating system security must be in place to protect subsystems and stored keys.

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss15 Challenges ä Enhance PKI certificates to include protocol limitations ä Develop specific guidelines for protocol message content identifiers ä Enforce guidelines, limitations, and trust model in key management and crypto packages for protocols ä Establish protocol certification authority ä Prevent user apps from accessing certified keys

October 6, 1998Multiprotocol Attacks, Jim Alves-Foss16 Suggested Protocol Architecture ä Develop a protocol message specification language. ä The protocol developer obtains certification of protocol message set, and releases to application developers ä Protocol application submits certification to crypto library to establish protocol ä Subsequent calls to crypto library specify protocol and message identifiers; crypto library performs operation ONLY if message format matches specification

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.