Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Digest Authentication Herng-Yow Chen. 2 Outline Theory and practice of digest authentication. The improvement of Digest Authentication.

Published byRyley Beckett Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Digest Authentication Herng-Yow Chen. 2 Outline Theory and practice of digest authentication. The improvement of Digest Authentication."— Presentation transcript:

1 1 Digest Authentication Herng-Yow Chen

2 2 Outline Theory and practice of digest authentication. The improvement of Digest Authentication

3 3 Problem of Basic Authentication Basic authentication is convenient and flexible but completely insecure. Usernames and passwords are sent in a clear way (using a base-64 encoding, which can be decoded easily). Base-64 encoding protects against unintentional accidental viewing but offers no confidentiality protection against malicious parties. The only way to use basic authentication securely is to use it conjunction with SSL (talk later).

4 4 Introduction Digest authentication was developed as a compatible, more secure alternative to basic authentication. Even though digest authentication is not yet in wide use, the concepts still are important for anyone implementing secure transaction.

5 5 The improvements of Digest Authentication Digest authentication is an alternate HTTP authentication protocol that tries to fix the most serious flaws of basic authentication. Never send secret passwords across the network in the clear Prevent unscrupulous individuals from capturing and replaying handshakes Optionally can guard against tampering with message content Guards against several other common forms of attacks.

6 6 The improvements of Digest Authentication Cont. Digest authentication is not the most secure protocol possible. Many needs for secure HTTP transaction cannot be met by digest authentication. For those needs, Transport Layer Security (TLS) and Secure HTTP (HTTPS) are more appropriate protocols. However, digest authentication is significantly stronger than basic authentication, which it was designed to replace. Digest authentication also is stronger than many popular schemes proposed for other Internet services, such as CRAM-MD5, which has been proposed for use with LDAP, POP, and IMAP.

7 7 The improvements of Digest Authentication Cont. To date, digest authentication has not been deployed. However, because of the security risks inherent to basic authentication, the HTTP architects counsel in RFC 2617 that “ any service in present use that uses Basic should be switched to Digest as soon as practical.

8 8 Using Digests to Keep Passwords Secret The motto of digest authentication is “ never send the password across the network. ” Instead of sending the password, the client sends a “ fingerprint ” or “ digest ” of the password, which is an irreversible scrambling of the password. The client and the server both know the secret password, so the server can verify that the digest provided is a correct match for the password.

9 9 Using Digests to Keep Passwords Secret Cont. Given only the digest, a bad guy has no easy way to find what password it came from, other than going through every password in the universe, trying each one. However, there are techniques, such as dictionary attacks, where passwords are tried first. These cryptanalysis techniques can dramatically ease the process of cracking passwords.

10 10 Using Digests for password- obscured authentication server client Internet (a)Request Please give me the internal sales forecast. server client (b)Challenge You requested a secret financial document.Please tell me your username and password digests. server client Internet (c)Authorization Please give me the internal sales forecast. My username is “ bri ” My digested password is “ A3F5 ” server client Internet (d)Success OK.The digest you sent me matches the digest of my internal password, so here is the document. digest( “ 0w! ” )=A3F5 ˇ This is a match! Internet Ask user for username and password digest( “ 0w! ” )=A3F5

11 11 One-Way Digests A digest is a “ condensation of a body of information. ” * Merriam-Webster dictionary, 1998. Digests act as one-way functions, typically converting an infinite number of possible input value into a finite range of condensations. In theory, it is possible to have two distinct inputs map to the same digest, called a “ collision. ” In practice, the number of potential outputs is so large that the chance of a collision in real life is vanishingly small and, for the purpose of password matching, unimportant.

12 12 Message Digest #5 (MD5) One popular digest function, MD5, converts any arbitrary sequence of bytes, of any length, into a 128-bit digest. 128 bits = 2 128, or about 1,000,000,000,000,000,000,000,000,000,0 00,000,000,000 = 10 39 possible distinct condensations.

13 13 MD5 Cont. If you don ’ t know the secret password, you ’ ll have an awfully hard time guessing the correct digest to send to the server. And likewise, if you have the digest, you will have an awfully hard time figuring out which of the effectively infinite number of input values generated it.

14 14 MD5 Cont. The 128 bits of MD5 output often are written as 32 hexadecimal characters, each character representing 4 bits. Digest functions sometimes are called cryptographic checksums, one-way hash functions, or fingerprint functions.

15 15 MD5 digest examples InputMD5 digest “ Hi ” C1A5298F939E87E8F962A5EDF C206918 “ bri:0w! ” BEAAA0E34EBDB072F8627C03 8AB211F8 “ 3.1415926535897 ” 475B977E19ECEE70835BC6DF 46F4F6DE “ http://www.http-guide.com/index.htm ” C617C0C7D1D05F66F595E22A 4B0EAAA5 “ We hold these Truths to be self-evident, that all Men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are life, Liberty and the Pursuit of Happiness-That to secure these Rights, Governments are instituted among Men, deriving their just Powers from the Consent of the Governed, that whenever any Form of Government becomes destructive of these Ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its Foundation on such Principles, and organizing its Powers in such Form, as to them shall seem most likely to effect their Safety and Happiness. ” 66C4EF58DA7CB956BD04233F BB64E0A4

16 16 Using Nonces to Prevent Replays One-way digests save us from having to send passwords in the clear. We can just send a digest of the password instead, and rest assured that no malicious party can easily decode the original password from the digest. Unfortunately, obscured password alone do not save us danger, because a bad guy can capture the digest and replay it over and over again to the server, even though the bad guy doesn ’ t know the password. The digest is just as good as the password.

17 17 Using Nonces to Prevent Replays Cont. To prevent such replay attacks, the server can pass along to the client a special token called a nonce, which changes frequently (perhaps every millisecond, or for every authentication). The client appends this nonce token to the password before computing the digest. Mixing the nonce in with the password causes the digest to change each time the nonce change. This prevent replay attacks.

18 18 Using Nonces to Prevent Replays Cont. Digest authentication requires the use of nonces, because a trivial replay weakness would make un-nonced digest authentication effectively as weak as basic authentication. Nonces are passed from server to client in the WWW-Authenticate challenge.

19 19 The Digest Authentication Handshake www.ncnu.edu.tw Client (1)Server generates nonce (5)Server verifies digest [generate rspauth digest] [generate next nonce] WWW-Authenticate (challenge) (2)Server sends realm, nonce, algorithms (3)Choose algorithm from set [generate response digest] [generate client-nonce] (7)Client verifies rspauth digest Authorization (response) (4)Client sends response digest [send algorithm] [send client-nonce] Authentication-Info (info) (6)Server sends next nonce [send client rspauth digest]

20 20 Basic versus digest authentication syntax server client server client server client server (a)Query (b)Challenge (c)Response (d)Success GET /cgi-bin/checkout?cart=17854 HTTP/1.1 HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm= “ Shopping Cart ” GET /cgi-bin/checkout?cart=17854 HTTP/1.1 Authorization: Basic YnJpYW4tdG90dHk6T3ch HTTP/1.1 200 OK … Shopping Cart Username: Password: Basic authentication

21 21 Basic versus digest authentication syntax (cont.)

22 22 The Security-Related Data (A1) AlgorithmA1 MD5A1 = : : MD5-sessA1 = MD5( : : ) : :

23 23 The Message-Related Data(A2) qopA2 undefined : auth : auth-int : : H( )

24 24 Overall Digest Algorithm qopDigest algorithmNotes undefinedKD(H(A1), :H(A2)) Deprecated auth or auth-intKD(H(A1), : : : :H(A2)) Preferred

25 25 Overall Digest Algorithm (cont.) qopAlgorithmUnfolded algorithm undefined MD5 MD5-sess MD5(MD5(A1): : (A2)) auth MD5 MD5-sess MD5(MD5(A1): : : : : (A2)) auth-int MD5 MD5-sess MD5(MD5(A1): : : : : (A2))

26 26 Preemptive Authorization

27 27 Symmetric Authentication qopA2 undefined : auth : auth-int : :H( )

28 28 Symmetric Authentication (cont.) qopA2 undefined auth auth-int :H( )

29 29 Digest Authentication Headers

30 30 Reference http://www.ietf.org/rfc/rfc2617.txt RFC 2617, ” HTTP Authentication: Basic and Digest Access Authentication ”

Download ppt "1 Digest Authentication Herng-Yow Chen. 2 Outline Theory and practice of digest authentication. The improvement of Digest Authentication."

Similar presentations

Chapter 3 Public Key Cryptography and Message authentication.

Chapter 3 Public Key Cryptography and Message authentication.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

Spring 2000CS 4611 Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
DIRECTIONS 1)Match the U.S. connection on the wall to the Enlightenment thinker using the matrix handout. 2)Identify the thinker’s idea that was used in.

DIRECTIONS 1)Match the U.S. connection on the wall to the Enlightenment thinker using the matrix handout. 2)Identify the thinker’s idea that was used in.
1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.

1 Supplement III: Security Controls What security services should network systems provide? Confidentiality Access Control Integrity Non-repudiation Authentication.
1 Basic Authentication Herng-Yow Chen. 2 Outline Explains HTTP authentication Delve into the most common form of HTTP authentication, basic authentication.

1 Basic Authentication Herng-Yow Chen. 2 Outline Explains HTTP authentication Delve into the most common form of HTTP authentication, basic authentication.
Information Security Principles & Applications Topic 4: Message Authentication 虞慧群

Information Security Principles & Applications Topic 4: Message Authentication 虞慧群
1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:

1 Pertemuan 12 Authentication, Encryption, Digital Payments, and Digital Money Matakuliah: M0284/Teknologi & Infrastruktur E-Business Tahun: 2005 Versi:
The Declaration of Independence The Declaration of Independence was signed on July 4, 1776. The main writer was Thomas Jefferson. The Declaration of Independence.

The Declaration of Independence The Declaration of Independence was signed on July 4, The main writer was Thomas Jefferson. The Declaration of Independence.
Locke’s Ideas in the Declaration of Independence.

Locke’s Ideas in the Declaration of Independence.
Text Compression 1 Assigning 16 bits to each character in a document uses too much file space We need ways to store and transmit text efficiently Text.

Text Compression 1 Assigning 16 bits to each character in a document uses too much file space We need ways to store and transmit text efficiently Text.
Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.

Kerberos Jean-Anne Fitzpatrick Jennifer English. What is Kerberos? Network authentication protocol Developed at MIT in the mid 1980s Available as open.
BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.

BY MUKTADIUR RAHMAN MAY 06, 2010 INTERODUCTION TO CRYPTOGRAPHY.
Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.

Encapsulation Security Payload Protocol Lan Vu. OUTLINE 1.Introduction and terms 2.ESP Overview 3.ESP Packet Format 4.ESP Fields 5.ESP Modes 6.ESP packet.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.

Cryptography1 CPSC 3730 Cryptography Chapter 11, 12 Message Authentication and Hash Functions.
1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.
Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Encryption is a way to transform a message so that only the sender and recipient can read, see or understand it. The mechanism is based on the use of.

Similar presentations

Ads by Google