1 Intro To Encryption Exercise 12. 2 Problem What may be the problem with a central KDC?

Slides:

Advertisements

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

Advertisements

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

A Survey of Key Management for Secure Group Communications Celia Li.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

Authentication & Kerberos

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

1 Intro To Encryption Exercise Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

Self Healing Wide Area Network Services Bhavjit S Walha Ganesh Venkatesh.

Secure routing for structured peer-to-peer overlay networks (by Castro et al.) Shariq Rizvi CS 294-4: Peer-to-Peer Systems.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

ITIS 6200/8200: Principles of Information Security and Privacy Dr. Weichao Wang.

Secure and Efficient Metering by Moni Naor and Benny Pinkas Vincent Collado Olga Toporovsky Alex Kogan Marina Lapkina Igor Iulis.

03 December 2003 Public Key Infrastructure and Authentication Mark Norman DCOCE Oxford University Computing Services.

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

1 Lecture 18: Security issues specific to security key management services –privacy –integrity/authentication –nonrepudiation/plausible deniability.

Part Two Network Security Applications Chapter 4 Key Distribution and User Authentication.

Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.

Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,

©The McGraw-Hill Companies, Inc., 2000© Adapted for use at JMU by Mohamed Aboutabl, 2003Mohamed Aboutabl1 1 Chapter 29 Internet Security.

11 MANAGING AND MONITORING DHCP Chapter 2. Chapter 2: MANAGING AND MONITORING DHCP2 MANAGING DHCP: COMMON DHCP ADMINISTRATIVE TASKS  Configure or modify.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

Chapter 21 Distributed System Security Copyright © 2008.

Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

23-1 Last time □ P2P □ Security ♦ Intro ♦ Principles of cryptography.

Strong Security for Distributed File Systems Group A3 Ka Hou Wong Jahanzeb Faizan Jonathan Sippel.

Serverless Network File Systems Overview by Joseph Thompson.

Oracle's Distributed Database Bora Yasa. Definition A Distributed Database is a set of databases stored on multiple computers at different locations and.

An analysis of Skype protocol Presented by: Abdul Haleem.

Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

1 Network Security Lecture 7 Overview of Authentication Systems Waleed Ejaz

Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.

PROACTIVE SECRET SHARING Or: How to Cope With Perpetual Leakage Herzberg et al. Presented by: Avinash Ravi Kevin Skapinetz.

Distributed Computing Systems CSCI 4780/6780. Scalability ConceptExample Centralized servicesA single server for all users Centralized dataA single on-line.

Shambhu Upadhyaya 1 Sensor Networks – Hop- by-Hop Authentication Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 22)

User Authentication  fundamental security building block basis of access control & user accountability  is the process of verifying an identity claimed.

Channel Binding Support for EAP Methods Charles Clancy, Katrin Hoeper.

CSCE 201 Identification and Authentication Fall 2015.

Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.

KERBEROS SYSTEM Kumar Madugula.

Key Management and Distribution Anand Seetharam CST 312.

9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.

SECURITY. Security Threats, Policies, and Mechanisms There are four types of security threats to consider 1. Interception 2 Interruption 3. Modification.

Fourth Edition by William Stallings Lecture slides by Lawrie Brown

Secure HTTP (HTTPS) Pat Morin COMP 2405.

Potential L2 security options for UL BCS

Presentation transcript:

1 Intro To Encryption Exercise 12

2 Problem What may be the problem with a central KDC?

3 Solution Performace may decrease when clients increase. Especially when multicast clients are present Security may be a very big issue (single point of failure, master keys recovery).

4 Problem How should you improve performance? Is replication a good performance improvement? How does it affects security?

5 Solution A naïve approach may be to replicate the KDC This may solve some performance issues when done properly This may decrease security because of multiple exact copies of the same information.

6 Problem Suggest a solution for sharing the load of computation and communication among servers. The solution must maintain the security and not degrade it.

7 Solution Use secret sharing with threshold. Is this solution sufficient? NO!!!!  We must define (how?) the amount of servers and the threshold needed

8 Problem Revise the previous solution to accommodate better definitions for security

9 Solution After conducting surveys and cryptanalysis we have come to the conclusion that in a given time 20% of our servers are (may be) corrupt. Thus we shall decide on the scheme (n,80%n) for secret sharing.

10 Problem Is this solution sufficient for secret consistency?

11 Solution NO!!!! We don’t know which 20% of our server are corrupt. Which 80% should we trust? How do we know that some servers don’t sent bogus secrets?

12 Problem Modify the solution to provide secret verification.

13 Solution Use verifiable secret sharing by distributing public verification values. Where do we publish the values? Who signs the values to ensure they are authentic?  May be other sets of servers that act as a CA  May be a single server which is “super secured” (later)

14 Problem How do we refresh the servers’ secrets?

15 Solution A simple solution may be a single server which acts as the refresher. I.e. calculates the new secret and spreads it. The server may remain offline while not needed, thus preventing corruption.

16 Problem How can we check when a server is being tempered?

17 Solution Limit number of failed logins Lock accounts on several wrong logins  Lock for a certain period  Lock indefinitely Use a WORM logging mechanism.  Most attackers will not want to be detected Use a cookie mechanism/Reverse DNS/IDENT  Ensure that the client is indeed using his IP address and not using a bogus one.