Presentation is loading. Please wait.

Presentation is loading. Please wait.

9.2 SECURE CHANNELS Medisetty Swathy.

Published byMervyn Summers Modified over 5 years ago

Similar presentations

Presentation on theme: "9.2 SECURE CHANNELS Medisetty Swathy."— Presentation transcript:

1 9.2 SECURE CHANNELS Medisetty Swathy

2 Content Introduction Authentication
Message Integrity and Confidentiality Secure Group Communications Example: Kerberos

3 Introduction How to make communication between clients and servers secure ? Authentication ? Communication within a distributed system Setting up a secure channel Protection against Interception, Modification and Fabrication Ensuring Confidentiality Protocols for mutual Authentication and message Integrity

4 Authentication Authentication and Message Integrity should always come together Example of Alice & Bob For Authentication a secure channel is set up For Message Integrity secret-key Cryptography by means of session keys is used Keys are securely destroyed when the channel is closed

5 Authentication Based on Shared Secret Key
Secret key is already shared between A and B One party challenges other to a response Response is authenticated with shared secret key Challenge-Response protocols Alice(A) Bob (B) A RB KA,B(RB) RA KA,B(RA)

6 Authentication Based on Shared Secret Key
Designing protocols that actually works Optimizing number of messages to three Sending secret key along with the message Alice(A) Bob(B) A, RA RB,KA,B(RA) KA,B(RB)

7 Authentication Based on Shared Secret Key
The reflection attack C sends message along with the challenge B returns challenge along with the response Chucky (C) Bob (B) A,RC First Session RB ,KA,B(RC) A,RB Second Session RB2 ,KA,B(RB) First Session KA,B(RB)

8 Authentication Based on Shared Secret Key
C tires to establish another session by using the challenge of B B sends another challenge and responds with his key C sets up First session with the key and leaves Second session Chucky (C) Bob (B) A,RC First Session RB ,KA,B(RC) A,RB Second Session RB2 ,KA,B(RB) First Session KA,B(RB)

9 Authentication Using Key Distribution Center
Scalability is one of the problems with shared secret key If the distribution system has N hosts, it is difficult to manage when N is large Key Distribution Center shares a secret key with each host; instead of pairs sharing the key In SSK, the system needs to manage N(N-1)/2 keys; where as in KDC only N keys

10 Authentication Using Key Distribution Center
KDC hands out key to both Alice(A) and Bob(B) A sends message to KDC and tells about B KDC returns with a message with shared secret key KA,B Alice (A) KDC, generates KA,B Bob (B) A,B KA,KDC(KA,B) KB,KDC(KA,B)

11 Authentication Using Key Distribution Center
The message is encrypted with secret key KA,KDC KDC also sends KA,B to B encrypted with secret key KB,KDC Tinku (A) KDC, generates KA,B Pinky (B) A,B KA,KDC(KA,B) KB,KDC(KA,B)

12 Authentication Using Key Distribution Center
There are certain drawbacks, like A wants to set up connection with B even before KDC contacts B KDC needs to pass the key to the B before it brings in the loop Instead KDC can just pass the keys to A and lets A to contact B with ticket

13 Authentication Using Public Key Cryptography
Does not require KDC A and B has each others public keys with them A sends challenge encrypted with B’s public key B returns the decrypted challenge, along with his own challenge. Alice (A) Bob (B) K+B (A,RA) K+A(RA,RB,KA,B) KA,B(RB)

14 Authentication Using Public Key Cryptography
B generates session key KA,B to use for further communication B’s response to A, B’s challenge, session key are put in a message encrypted with public key of A A returns the response using session key to acknowledge Alice (A) Bob (B) K+B (A,RA) K+A(RA,RB,KA,B) KA,B(RB)

15 Message Integrity and Confidentiality
Message Integrity ensures protection from modification Confidentiality ensures protection from interception Confidentiality can be achieved by encryption through a shared secret key or public key Message Integrity is a difficult task

16 Message Integrity and Confidentiality Digital Signatures
Message Integrity goes beyond the actual transfer through a secure channel Example of A buying a collection item from B In addition to authentication, digital signatures helps in improving integrity Several ways to place digital signatures Popular form is to use a public-key cryptosystem such as RSA

17 Message Integrity and Confidentiality Digital Signatures
A sends message m to B by encrypting with its private key If A wants the content of the message to be secret, B’s public key is used which combines m and the signature of A B receives the message and decrypts with A’s public key A’s Computer B’s Computer m m A’s private key K-A B’s public key K+B B’s private key K-B A’s public key K+A m

18 Message Integrity and Confidentiality Digital Signatures
Certain problems are associated with his method If A’s private key is stolen If A changes its private key Encryption costs A’s Computer B’s Computer m m A’s private key K-A B’s public key K+B B’s private key K-B A’s public key K+A m

19 Message Integrity and Confidentiality Digital Signatures
Cryptographic Hash function is used to improve the situation A uses Hash function to calculate the message digest with A’s private key A’s message digest along with the original message is sent to B

20 Message Integrity and Confidentiality Digital Signatures
B decrypts the message digest with A’s public key Compares the original message with the decrypted message If both are same it understands that no modifications are done and the signature is authentic

21 Secure Group Communication
How to enable Secure communication for more than two parties ? It is necessary to enable secure communication between more than just two parties The server is replicated to improve the fault tolerance and performance The replicated sever for which all the replicas exist, should be protected against modification, fabrication, interception

22 Secure Group Communication Confidential Group Communication
To ensure confidentiality, a simple scheme of letting all group members to share same secret key This key is used to encrypt and decrypt all the messages transmitted by the members All the members need to be trusted to keep the key a secret This prerequisite alone makes the use of single key more vulnerable to attacks

23 Secure Group Communication Confidential Group Communication
Another solution is to maintain separate shared secret key between each pair of group members When one attack happens others can stop sending the messages but still use their secret keys However, instead of maintaining one key, it is necessary to maintain N(N-1)/2 keys which is a difficult problem

24 Secure Group Communication Confidential Group Communication
Using public-key cryptosystem the situation can be improved Each member has its own (private key, public key) pair, in which public key can be used by all members for sending confidential messages N key pairs are need for N members Unfaithful members can be removed from group without compromising the other keys

25 Secure Group Communication Secure Replicated Servers

26 Example: Kerberos A logs into A’s work station and its identity is sent to Authentication Server by the work station (AS) AS authenticates the user and provides a key to set up a secure channel This key is known only to AS and Ticket Granting System (TGS)

27 Example: Kerberos Work station asks for the password
When the correct password is entered, then the key is ready to use A requests for the connection with B to TGS A secure channel is established

28 References https://en.wikipedia.org/wiki/Cryptographic_hash_function
Andrew S. Tanenbaum, Maarten Van Steen, “Distributed Systems: Principles and Paradigms”, Prentice-Hall,NJ,USA.

29 Questions?

30 Thank You!!!

Download ppt "9.2 SECURE CHANNELS Medisetty Swathy."

Similar presentations

Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.

SMUCSE 5349/73491 Authentication Protocols. SMUCSE 5349/73492 The Premise How do we use perfect cryptographic mechanisms (signatures, public-key and symmetric.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.

Introduction to Public Key Infrastructure (PKI) Office of Information Security The University of Texas at Brownsville & Texas Southmost College.
1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.

1 CS 194: Distributed Systems Security Scott Shenker and Ion Stoica Computer Science Division Department of Electrical Engineering and Computer Sciences.
Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved. 0-13-239227-5 DISTRIBUTED SYSTEMS.

Tanenbaum & Van Steen, Distributed Systems: Principles and Paradigms, 2e, (c) 2007 Prentice-Hall, Inc. All rights reserved DISTRIBUTED SYSTEMS.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.

Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.

31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.

Computer Security Tran, Van Hoai Department of Systems & Networking Faculty of Computer Science & Engineering HCMC University of Technology.
.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.

.Net Security and Performance -has security slowed down the application By Krishnan Ganesh Madras.
Cryptography, Authentication and Digital Signatures

Cryptography, Authentication and Digital Signatures
10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.

10. Key Management. Contents Key Management  Public-key distribution  Secret-key distribution via public-key cryptography.
Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

Kerberos Named after a mythological three-headed dog that guards the underworld of Hades, Kerberos is a network authentication protocol that was designed.

Similar presentations

Ads by Google