Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE 486/586 Distributed Systems Security --- 2

Published byThomas Bell Modified over 5 years ago

Similar presentations

Presentation on theme: "CSE 486/586 Distributed Systems Security --- 2"— Presentation transcript:

1 CSE 486/586 Distributed Systems Security --- 2
Steve Ko Computer Sciences and Engineering University at Buffalo

2 Recap Three types of functions Cryptographic hash
Cryptographic hash, symmetric key crypto, asymmetric key crypto Cryptographic hash Easy to compute h(m) Hard to find an m, given h(m) Hard to find two values that hash to the same h(m) How to find collisions? Birthday paradox: for 50% prob. & m bits, ~ 2m/2 numbers Symmetric key crypto MAC: Compute H = AESK(SHA1 (M)) & Send <M, H> Asymmetric key crypto Guarantees rely on computational hardness

3 Background: Digital Signatures
Asymmetric crypto Signer: compute H = RSAK(SHA1(M)) & send <M, H> Verifier: compute H’ = RSAK’(H) & verify H’ == SHA1(M) Not just integrity, but also authenticity SHA1 gives a “summary” of M. It’s known that without a crypto hash, it’s not secure.

4 Heard of Firesheep? Firesheep Solution? A Firefox extension
A packet sniffer to intercept unencrypted cookies from certain websites (such as Facebook and Twitter) Allows the user to take on the log-in credentials of the victim Solution? Encrypt your traffic! This is before facebook started using https, but now facebook uses https.

5 “Securing” HTTP Threat model Enter HTTP-S
Eavesdropper listening on conversation (confidentiality) Man-in-the-middle modifying content (integrity) Adversary impersonating desired website (authentication, and confidentiality) Enter HTTP-S HTTP sits on top of secure channels All (HTTP) bytes written to secure channel are encrypted and authenticated

6 Encrypted Communication
What is wrong with this? How do you know you’re actually talking to facebook and f-pub belongs to facebook? Hey, I want to be more secure Sure, use this public key and encrypt your traffic Key: f-pub (encrypted communication)

7 Digital Certificates To be useful, certificates must have:
A digital certificate is a statement signed by a third party principal, and can be reused e.g., Verisign Certification Authority (CA) To be useful, certificates must have: A standard format, for construction and interpretation A protocol for constructing chains of certificates A trusted authority at the end of the chain Example When facebook sends you the public key, it also sends a signature for the public key signed by Verisign. You pre-store Verisign’s public keys & certificates (self-signed by Verisign), i.e., you have already established trust with Verisign. Use Verisign’s public key to verify facebook’s public key.

8 On My Mac…

9 X.509 Certificates The most widely used standard format for certificates Format Subject: Distinguished Name, Public Key Issuer: Distinguished Name, Signature Period of validity: Not Before Date, Not After Date Administrative information: Version, Serial Number Extended information Binds a public key to the subject A subject: person, organization, etc. The binding is in the signature issued by an issuer. You need to either trust the issuer directly or indirectly (by establishing a root of trust).

10 X.509 Certificates

11 Transport Layer Security (TLS)
SSL (Secure Socket Layer) was developed by Netscape for electronic transaction security. SSL was adopted as TLS as an Internet standard. A protocol layer is added below the application layer for: Negotiating encryption and authentication methods. Bootstrapping secure communication It consists of two layers: The Record Protocol Layer implements a secure channel by encrypting and authenticating messages The Handshake Layer establishes and maintains a secure session between two nodes.

12 TLS Protocol Stack TLS Handshake protocol TLS Change Cipher Spec
TLS Alert Protocol Transport layer (usually TCP) Network layer (usually IP) TLS Record Protocol HTTP Telnet TLS protocols: Other protocols:

13 TLS Record Protocol The record protocol takes an application message to be transmitted, fragments the data into manageable blocks, optionally compresses the data, computes a message authentication code (MAC), encrypts and adds a header. Application data abcdefghi abc def ghi Record protocol units Compressed units MAC Encrypted TCP packet Fragment/combine Compress Hash Encrypt Transmit

14 TLS Handshake Protocol
Cipher suite: a list of cryptographic algorithm supported by the client Phase 1: Establish security capabilities Phase 2: Sever authentication and key exchange Phase 3: Client authentication and key exchange Phase 4: Finish The client sends a change Cipher Spec message and copies the pending CipherSpec into the current CipherSpec.

15 CSE 486/586 Administrivia Final: 5/18/2017, Thursday, 6 pm – 8 pm, Knox 110 PA4 due on 5/12/2017 at 12 pm.

16 Authentication Use of cryptography to have two principals verify each others’ identities. Direct authentication: the server uses a shared secret key to authenticate the client. Indirect authentication: a trusted authentication server (third party) authenticates the client. The authentication server knows keys of principals and generates temporary shared key (ticket) to an authenticated client. The ticket is used for messages in this session. E.g., Verisign servers

17 Direct Authentication
Authentication with a secret key “Nonce” (used as a “challenge”)=random num, Bob calculates KA,B (RB ) and matches with reply. Alice is the only one who could have replied correctly.

18 “Optimized” Direct Authentication
Authentication with a secret key with three messages Anything wrong with this?

19 Reflection Attack

20 Needham-Schroeder Authentication
An authentication server provides secret keys. Every client shares a secret key with the server to encrypt their channels. If a client A wants to communicate with another client B, The server sends a key to the client A in two forms. First, in a plain form, so that the client A can use it to encrypt its channel to the client B. Second, in an encrypted form (with the client B’s secret key), so that the client B can know that the key is valid. The client A sends this encrypted key to the client B as well. Basis for Kerberos

21 Needham-Schroeder Authentication
“Nonce”=random num, A asks for a key to communicate with B Authentication System KA KB … <A, B, NA> 1 <NA,B,KAB, {KAB, A} > 2 KA KB Ticket System A KA < {KAB, A} > KB 3 6 < {res} > KAB 5 < {NB-1, req} > KAB < {NB} > KAB 4 System B The authentication server has secret keys of all clients. Response 2 is encrypted with Ka. Na prevents a reply attack (next slide). It sends a shared key between A and B (Kab). And also, Kab and A’s identity are encrypted with B’s secret key---only B can verify and get the shared key, and the communication source. A demonstrates that it is the sender of the previous message KB

22 Nonce NA in Message 1 Because we need to relate message 2 to message 1
Authentication System 1’ <A, B> KA KB … <A, B> 1 <B, KAB, {KAB, A} > KA 2 KB System A KA <B, KAB, {KAB, A} > KB KA 2’ Chuck has stolen KB and intercepted message 2. It can masquerade as the authentication system. System C KB <B, KAB, {KAB, A} > KB KA

23 Kerberos Follows Needham-Schroeder closely Time values used for nonces
To prevent replay attacks To enforce a lifetime for each ticket Very popular An Internet standard Default in MS Windows

24 Kerberos Server Client DoOperation Authentication database Login
session setup Ticket- granting service T Kerberos Key Distribution Centre Authen- tication service A 1. Request for TGS ticket 2. TGS ticket 3. Request for server ticket 4. Server ticket 5. Service request Request encrypted with session key Reply encrypted with session key function Step B Step A Step C C S

25 Summary Digital certificates TLS Authentication
Binds a public key to its owner Establishes a chain of trust TLS Provides an application-transparent way of secure communication Uses digital certificates to verify the origin identity Authentication Needham-Schroeder & Kerberos

26 Acknowledgements These slides contain material developed and copyrighted by Indranil Gupta (UIUC), Jennifer Rexford (Princeton) and Michael Freedman (Princeton).

Download ppt "CSE 486/586 Distributed Systems Security --- 2"

Similar presentations

Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.

Spring 2012: CS419 Computer Security Vinod Ganapathy SSL, etc.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.

1 Lecture 17: SSL/TLS history, architecture basic handshake session initiation/resumption key computation negotiating cipher suites application: SET.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Cryptography and Network Security

Cryptography and Network Security
Secure Socket Layer.

Secure Socket Layer.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)

Working Connection Computer and Network Security - SSL, IPsec, Firewalls – (Chapter 17, 18, 19, and 23)
7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, I've Got You under My Skin“ by Cole Porter.

7-1 Chapter 7 – Web Security Use your mentality Wake up to reality —From the song, "I've Got You under My Skin“ by Cole Porter.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security --- 2 Steve Ko Computer Sciences and Engineering University at Buffalo.

CSE 486/586, Spring 2014 CSE 486/586 Distributed Systems Security Steve Ko Computer Sciences and Engineering University at Buffalo.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Cryptography and Network Security Chapter 17

Cryptography and Network Security Chapter 17
Chapter 8 Web Security.

Chapter 8 Web Security.

Similar presentations

Ads by Google