Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

Published byJagger Crummett Modified over 10 years ago

Similar presentations

Presentation on theme: "CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz."— Presentation transcript:

1 CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz

2 Administrative stuff HW4 is out

3 One-way authentication If only the server has a known public key (e.g., SSL) –Server sends R –Client sends E pk (R, password, session-key) Insecure in general!!! –But secure if encryption scheme is chosen appropriately

4 Using session keys Generally, want to provide both secrecy and integrity for subsequent conversation –Use encrypt-then-MAC –Use sequence numbers to prevent replay attacks –Use a directionality bit –Periodically refresh the session key

5 Mediated authentication E.g., using KDC Simple protocol: –Alice requests to talk to Bob –KDC generates K AB and sends it to Alice and Bob, encrypted with their respective keys –Note: no authentication here, but impostor cant determine K AB

6 Improvement… Have KDC send to Alice the encryption of K AB under Bobs key –Reduces communication load on KDC –Resilient to message delays in network

7 Needham-Schroeder A KDC: N 1, Alice, Bob KDC A: K A (N 1, Bob, K AB, ticket), where ticket = K B (K AB, Alice) A B: ticket, K AB (N 2 ) B A: K AB (N 2 +1, N 3 ) A B: K AB (N 3 +1)

8 Analysis? N 1 assures Alice that she is talking to KDC –Prevents key-replay, in case Bob changes K B Important: authenticate Bob in message 2, and Alice in ticket Uses encryption to authenticate… –Leads to actual flaw if, e.g., ECB mode is used! Vulnerable if Alices key is compromised –Bobs ticket is always valid –Use timestamps, or request (encrypted) nonce from Bob at the very beginning of the protocol

9 Otway-Rees A B: N C, K A (N A, N C, Alice, Bob) B KDC: K A (…), K B (N B, N C, Alice, Bob) –KDC checks that N C is the same… KDC B: N C, K A (N A, K AB ), K B (N B, K AB ) B A: K A (…) A B: K AB (timestamp) –Note: KDC already authenticated Bob

10 Analysis? N C should be unpredictable, not just a nonce –Otherwise, can impersonate B to KDC Send first message: (next N C ), garbage B forwards to KDC along with encryption of the next N C Next time A initiates a conversation, replay previous message from B Still uses encryption for authentication… –Serious attack if ECB is used Replace K AB with N C

11 Kerberos (Will possibly discuss in more detail later) A KDC: N 1, Alice, Bob KDC A: K A (N 1, Bob, K AB, ticket), where ticket = K B (K AB, Alice, expiration time) A B: ticket, K AB (time) B A: K AB (time+1)

Download ppt "CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
COEN 350 Kerberos.

COEN 350 Kerberos.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
A less formal view of the Kerberos protocol J.-F. Pâris.

A less formal view of the Kerberos protocol J.-F. Pâris.
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.

Kerberos Part 2 CNS 4650 Fall 2004 Rev. 2. PARC Once Again Once again XEROX PARC helped develop the basis for wide spread technology Needham-Schroeder.
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
CSC 474 Information Systems Security

CSC 474 Information Systems Security
Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.

1 Distributed Computer Security: Authentication and Key Distribution Vijay Jain CSc 8320, Spring 2007.
The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M030 17 th November, 2008.

The Kerberos Authentication System Brad Karp UCL Computer Science CS GZ03 / M th November, 2008.

Similar presentations

Ads by Google