Chapter 2. Network Security Protocols
Objectives Key Establishment Technique Key Authentication Authenticated Key Establishment Protocol Key generation in SKC Kerberos : Key generation in SKC Key Establishment in PKC Authentication Protocols Security of password Authentication using SKC Authentication using PKC
Introduction The three important aspect of network security: authentication, encryption, message authentication Key : Central to the idea of cryptography. Some definitions related to key. key establishment : a process or protocol where by a shared secret becomes available to two or more parties, for subsequent cryptographic use.
Key establishment technique Key transport : a key establishment technique where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s). Key agreement : a key establishment technique in which a shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, (ideally) such that no part can predetermine the resulting value.
Key establishment technique Key pre-distribution : key establishment protocols whereby the resulting established keys are completely determined apriori by initial keying material. Dynamic key establishment : the key is established by a fixed pair (or group) of users varies on subsequent executions. Also referred to as session key establishment .
Key authentication Key authentication : the property whereby one party is assured that no other party asides from a specifically identified second party( and possibly additional identified trusted parties) may gain access to a particular secret key. It need not involve any action whatsoever by the second party. For this reason, it is some times referred to more precisely as (implicit) key authentication. Key conformation : the property whereby one party is assured that a second (possibly unidentified) party actually has possession of particular secret key. Explicit key authentication : the property obtained when (implicit) key authentication and key conformation hold. The focus in key authentication is the identity of the second party rather than the value of the key, whereas in key conformation the opposite is true. Key conformation typically involves one party receiving a message from a second containing evidence demonstrating the latter’s possession of the key. For further information pls refer to handbook of applied cryptography
Authentication Summary Authentication term Central focus authentication Depends on context of usage Entity authentication Identity of a party, and aliveness at a given instant Data origin authentication Identity of the source of data (implicit) key authentication Identity of party which may possibly share a key Key conformation Evidence that a key is possessed by some party Explicit key authentication Evidence an identified party possesses a given key
Authenticated key establishment protocol Authentication protocol : to provide to one party some degree of assurance regarding the identity of another with which it is purportedly communicating Key establishment protocol : to establish a shared secret. Authenticated key establishment protocol : to establish a shared secret with a party whose identity has been (or can be) collaborated.
Key Generation in SKC Requirement for a SKC : - random and long enough to deter a brute force attack. - practical key size : AES : 128, 192, 256 bits Key distribution in SKC - For a network with n nodes, each nodes wish to talk securely to every other node. How many keys would this require? n = 50 1,225 keys n = 250 31,125 keys
Key Generation in SKC Solutions for key distribution in SKC : Key distribution center (KDC) KDC stores keys for all nodes in the network Each node in the network is configured with only one key How does it work? 1) Alice KDC : request session key for Bob. 2) KDC B, A : send same session key
Kerberos : Key Generation in SKC Entity authentication and session key generation Based on Needham-Schroeder protocol Drawback Bottleneck single point of failure
Key Establishment in PKC Public key Cryptography - each entity : (public key, private key) pair. - Certificate Authority(CA) : - trusted third party : certifying the owner of a public key - combine public key with entity’s identity. - issue certificate = “Alice’s public key is Kwa” + SignPCA( hash(“Alice’s public key is Kwa”)) - provide certificate verification service
Diffie-Hellman Key Exchange Remember DHP !!!
Man-in-the-middle attack against Diffie-Hellman Alice and Bob think they are talking each other. Eve impersonate Alice and Bob to Bob and Alice respectively.
Enhanced Diffie-Hellman Key Exchange Static Diffie Hellman - g, n is fixed, - CA Alice : - CA Bob : Dynamic Diffie-Hellman - g, n : ephemeral (established dynamically)
See the chap. 8 of handbook!! RSA RSA encryption See the chap. 8 of handbook!!
RSA RSA signing
RSA based cryptographic schemes PKCS#1 homomorphic property of basic RSA RSA based cryptographic schemes see [ this ] for security analysis
Authentication Protocol Authentication : the Process of verifying that a node or users is who they claim to be. Usage in network : access control Access control : primary defense mechanisms in network security and computer security.
Address-Based Authentication Use the address of the node in the network. MAC address or IP address Allows only a preconfigured set of MAC or IP address to access the network. Usually implemented in the switch or router Loop holes : Simple one-to-one mapping between a node and a user. So does not really authenticate the user Weak to MAC spoofing and IP spoofing attack.
Password for Local Authentication (Login) Storing <username, password> pair list in a file on the server machine. If the password file is compromised, all user passwords are compromised. Machine store <username, hash(password)> pair Even though the file is compromised, the passwords are still secure. But still open to dictionary attack.
Insecurity of Passwords Human generated passwords Come from a small domain Easy to guess – dictionary attacks Stronger passwords Computer generated or verified Not user friendly Hard to remember
Possible attacks on passwords Eavesdropping. (Solution: encrypt the channel, e.g. using SSL or SSH.) Offline dictionary attacks. Attacker compute < word, hash(word)> pair list Attacker get password file and search hash(password) in his stored list. (Solution: limit access to password file, use salt.) < word, hash(word+salt), salt> Online dictionary attacks: Attacker guesses a username/password pair and tries to login. Real time. Case study : e-Bay user account hacking [ link ] [B. Pinkas] http://www.pinkas.net/PAPERS/pwdweb.pdf [e-bay case] http://news.com.com/2100-1017-868278.html?tag=yt
Countermeasures against online dictionary attacks Username / pwd-1 Answer 1 (No) Delayed answer Username / pwd-2 Answer 2 (No) Username / pwd-5 Answer 5 (No) Account locked
Risks of locking accounts eBay experiences dictionary attacks, but does not implement account locking. Denial of service attacks: To lock a user, try to login into his account with random passwords. (auctions, corporates…) Customer service costs: Users whose accounts are locked call a customer service center – impose call cost
Password for Network Authentication Password for network authentication differ from local login. Hashed password can not be sent over the network. Captured hashed password can be used for offline dictionary attack Using Salt (transmit in plain text) still weak to offline attack.
Authentication using SKC In a network authentication, use password for deriving shared keys to be used in challenge response system. Key = part of hash(password) One-way authentication using SKC
One-way Authentication using SKC-variation
One-way Authentication using SKC-variation Bob : state-less prevent Denial of Service(DoS) attack timestamp : require time synchronization, not trivial in a large network. if stream cipher is used, 1 bit flip in the cipher text flips 1 bit in the plain text. Eve may get an approximate time stamp by flipping the millisecond bits.
Mutual Authentication using SKC Authenticate each other. (Reduced Massages)
Mutual authentication using SKC-Reflection Attack How to prevent the reflection attack Unique format for each direction – even and odd challenge Different symmetric key for each direction
Lamport’s Hash Bob(server) saves (username, ) : (m-1) times hash of R1. Bob(server) saves (username, ) After one authentication, Bob sets raise to (m-1) When m=1, reconfigure new password. How to avoid new password reconfiguration when m=1 use salt with password
Authentication using PKC One-way authentication Mutual Authentication Key Database compromise does not compromise the security of the System.
What to use for authentication : SKC or PKC? (Advantages) less computation intensive more resilient to DoS Attacks. (Disadvantages) Key database compromise security of whole system is compromised. Eve can collect < plaintext, ciphertext> pairs launch dictionary attack. How to: Eve claims to be Bob and send challenge to A, then collect the cipher text for the challenge.
What to use for authentication: SKC or PKC? (advantages) Key database compromise does not compromise the security of whole system dictionary attack is not applicable. (Disadvantages) computation intensive weak to DoS Attacks.
Session Hijacking Instead of trying to break the authentication protocol, it circumvent it completely. Cause : authentication result is not linked to the rest of the session. Solution : Use authenticated key agreement protocol.
Needham Schroeder SKC-based mutual authentication and key establishment
Kerberos
Resources [B. Pinkas] Securing Passwords against Dictionary attack http://www.pinkas.net/PAPERS/pwdweb.pdf [e-bay case] http://news.com.com/2100-1017-868278.html?tag=yt Collin Boyd, Anish Mathuria, Protocols for Authentication and Key Establishment, Springer-Verlag Evaluation of RSA cryptographic Schemes, http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1011_rsa.pdf