Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication.

Slides:



Advertisements
Similar presentations
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Advertisements

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Interlock Protocol - Akanksha Srivastava 2002A7PS589.
Digital Signatures and Hash Functions. Digital Signatures.
Feb 12, 2002Mårten Trolin1 Applied Cryptography Main goal –Give some practical experience on cryptographic technics used today. –Show how to use existing.
Mar 19, 2002Mårten Trolin1 This lecture On the assignment Certificates and key management SSL/TLS –Introduction –Phases –Commands.
Feb 18, 2003Mårten Trolin1 Previous lecture Block ciphers Modes of operations First assignment Hash functions.
Apr 2, 2002Mårten Trolin1 Previous lecture On the assignment Certificates and key management –Obtaining a certificate –Verifying a certificate –Certificate.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Session 5 Hash functions and digital signatures. Contents Hash functions – Definition – Requirements – Construction – Security – Applications 2/44.
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Apr 9, 2002Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication The second assignment.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Apr 30, 2002Mårten Trolin1 Previous lecture – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Apr 22, 2003Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
Mar 25, 2003Mårten Trolin1 Previous lecture – smart-cards Card-terminal authentication Card-issuer authentication.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz.
Secure Hashing and DSS Sultan Almuhammadi ICS 454 Principles of Cryptography.
Ariel Eizenberg PPP Security Features Ariel Eizenberg
May 21, 2002Mårten Trolin1 Agenda Course high-lights – Symmetric and asymmetric cryptography – Digital signatures and MACs – Certificates – Protocols Interactive.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Feb 19, 2002Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Cryptography and Network Security Chapter 11 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Lecture 18 Page 1 CS 111 Online Design Principles for Secure Systems Economy Complete mediation Open design Separation of privileges Least privilege Least.
Hash Functions A hash function H accepts a variable-length block of data M as input and produces a fixed-size hash value h = H(M) Principal object is.
CIS 450 – Network Security Chapter 8 – Password Security.
Authentication and Authorization Authentication is the process of verifying a principal’s identity (but how to define “identity”?) –Who the person is –Or,
Cryptography, Authentication and Digital Signatures
Lecture 11: Strong Passwords
Authentication Key HMAC(MK, “auth”) Server Encryption Key HMAC(MK, “server_enc”) User Password Master Key (MK) Client Encryption Key HMAC(MK, “client_enc”)
1 Chapter 11: Authentication Basics Passwords. 2 Establishing Identity Authentication: binding of identity to subject One or more of the following –What.
Feb 11, 2003Mårten Trolin1 Applied Cryptography Main goal –Give some practical experience on cryptographic technics used today. –Show how to use existing.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
Feb 17, 2003Mårten Trolin1 Previous lecture Practical things about the course. Example of cryptosystem — substitution cipher. Symmetric vs. asymmetric.
CS 525M – Mobile and Ubiquitous Computing Seminar Bradley Momberger Randy Chong.
Operating Systems Security 1. The Boot Sequence The action of loading an operating system into memory from a powered-off state is known as booting or.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
COEN 350: Network Security Authentication. Between human and machine Between machine and machine.
Securing Passwords Against Dictionary Attacks Presented By Chad Frommeyer.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
CS426Fall 2010/Lecture 51 Computer Security CS 426 Lecture 5 Cryptography: Cryptographic Hash Function.
Implementing Secure IRC App with Elgamal By Hyungki Choi ID : Date :
April 20023CSG11 Electronic Commerce Encryption John Wordsworth Department of Computer Science The University of Reading Room.
Mar 28, 2003Mårten Trolin1 This lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
IT 221: Introduction to Information Security Principles Lecture 5: Message Authentications, Hash Functions and Hash/Mac Algorithms For Educational Purposes.
CSCI 530 Lab Passwords. Overview Authentication Passwords Hashing Breaking Passwords Dictionary Hybrid Brute-Force Rainbow Tables Detection.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
Mar 18, 2003Mårten Trolin1 Agenda Parts that need to be secured Card authentication Key management.
Zac Fenigshtien  Introduction: 3 Tier Architecture  SQL Injection ◦ Parameter Sandboxing ◦ Blacklisting, Whitelisting.
Cryptographic Hash Function. A hash function H accepts a variable-length block of data as input and produces a fixed-size hash value h = H(M). The principal.
Apr 1, 2003Mårten Trolin1 Previous lecture Certificates and key management Non-interactive protocols –PGP SSL/TLS –Introduction –Phases –Commands.
Previous lecture – smart-cards
Cryptographic Hash Function
PPP – Point to Point Protocol
Security.
ICS 454 Principles of Cryptography
ICS 454 Principles of Cryptography
DISSERTATION ON CRYPTOGRAPHY.
Exercise: Hashing, Password security, And File Integrity
Hashing Hash are the auxiliary values that are used in cryptography.
Presentation transcript:

Apr 4, 2003Mårten Trolin1 Previous lecture TLS details –Phases Handshake Securing messages –What the messages contain –Authentication

Apr 4, 2003Mårten Trolin2 Today’s program – passwords Passwords for authentication –Storing hashed passwords –Use of salt Passwords for key generation –PKCS#5

Apr 4, 2003Mårten Trolin3 Passwords for authentication Simple way to achieve authentication. –Does not require any special hardware. Users tend to choose simple passwords. –Counter-measures exist. Storing passwords requires extended security measures. –Security breach in password database has major consequences.

Apr 4, 2003Mårten Trolin4 Password authentication – different approaches Password sent in plain and stored in clear in the database Password hashed by client and sent to the server. Password hash stored in database. Password sent in plain to the server. Password hashed by server. Hash compared to hash in database.

Apr 4, 2003Mårten Trolin5 Password stored in clear User Server User enters password p p Server compares p with the value stored in its database. If the values match, user is allowed.

Apr 4, 2003Mårten Trolin6 Password stored in clear If Oscar captures the password database, he can log in as any user.

Apr 4, 2003Mårten Trolin7 Password sent as hash User Server User enters password p User computes the hash H(p) H(p) Server compares H(p) with the value stored in its database. If the values match, user is allowed.

Apr 4, 2003Mårten Trolin8 Password sent as hash If Oscar captures the database with the hashed passwords, he can log on as any user. –Since only the hash is stored, Oscar will not know the passwords. –Because only the hash is needed to log on, Oscar can log on anyway.

Apr 4, 2003Mårten Trolin9 Password hashed by server User Server User enters password p p Server computes the hash H(p) and compares the value with the database. If the values match, user is allowed.

Apr 4, 2003Mårten Trolin10 Password hashed by server If Oscar captures the database with the hashed passwords, it gives him little information. –Since only the hash is stored, Oscar will not know the passwords (provided a good hash is used). –Without the passwords, Oscar cannot log on.

Apr 4, 2003Mårten Trolin11 Capturing the password database What happens if Oscar captures the password database with hashed passwords? Since he only has the hashes, he cannot retrieve the passwords. If the users of the systems chooses bad passwords, Oscar can try to hash common words until he finds a hit. –To speed up the attack, Oscar can even store a list of commonly used passwords, and compare the password database to his list. –This is called a dictionary attack.

Apr 4, 2003Mårten Trolin12 Password authentication over unsecure lines All the methods discussed require the server to be authenticated and the communication to be secure. If this is not the case – the only common information is the password – other methods must be used. Such methods exist, but are outside the scope of this course...

Apr 4, 2003Mårten Trolin13 Salt To slow down a dictionary attack, instead of storing H(p) in the database, we H(p | s), the hash of the password concatenated with a string s. The string s is called the salt. The salt can be stored in clear in the database. Its purpose is to prevent the use of precalculated lists. –Since. in general, H(p | s 1 ) ≠ H(p | s 2 ), Oscar would need one precalculated list per salt. With a salt that is long enough,this becomes infeasible. –Also, the use of salt prevents the detection of a user having the same password on several systems.

Apr 4, 2003Mårten Trolin14 Avoiding bad passwords Users choosing weak passwords pose a security risk. Several counter-measures exist: –Education. –Automatic password checking Compare with lists of known passwords. Demand that passwords are of a certain length. Tip: Using the term pass phrase may give the user an idea that the password should be long enough. –Minimizing the loss in case of security breach Forcing the users to change passwords regularly means Oscar can only use the password he has found a certain time.

Apr 4, 2003Mårten Trolin15 Passwords for key generation It is quite common to use a password for generation of a symmetric key. –Password protection of a private key. –Encryption of backups. We want a key generation function that takes as input a password p and outputs a key k.

Apr 4, 2003Mårten Trolin16 Password generated keys – problems and solutions Password generated keys suffer from the same general problem as passwords for authentication. –Number of passwords is relatively small – possible to create a list with all possible passwords and corresponding keys. Use a salt to avoid dictionary attacks. Make key generation “slow”, to make brute-force attacks more time consuming.

Apr 4, 2003Mårten Trolin17 Iterations In order to make brute-force attacks harder for the opponent, we want the key generation not to be too fast. –If key generation takes.5 seconds, this is not a problem for the legitimate user. –However, for the opponent, who needs to try a large number of keys, this makes his work considerably harder. Key generation from passwords should include a some kind of loop, and the number of iterations should be possible to configure. –Parallelizing the loop should not be possible.

Apr 4, 2003Mårten Trolin18 PKCS#5 The RSA standard PKCS#5 specifies a method to derive key material from passwords. –Produces key material of arbitrary length. PKCS#5 uses a salt and a configurable number of iterations. –A minimum of 1000 iterations is recommended. Implemented in many cryptography library.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.