Download presentation
Presentation is loading. Please wait.
Published byKeely Rosett Modified over 9 years ago
1
CIS 725 Key Exchange Protocols
2
Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice (hash(M))
3
Problems: 1.Alice’s private key is stolen or she can claim it was stolen 2.Alice can change her private keys
4
Alice Bob PR Alice: ( M, Bob, t) PB Bob: ( M, Alice, t, PR TP (M, Alice, t)) M Use a trusted third party Third Party (TP) Alice wants to send M to Bob Alice sends message (M, Bob, t) encrypted with her private key to TP, where t is a timestamp. TP sends (M, Alice, t, Sn) encrypted using Bob’s public key to Bob, where Sn is (M,Alice,t) encrypted using TP’s private key.
5
Session, Interchange Keys Alice wants to send a message m to Bob –Assume public key encryption –Alice generates a random cryptographic key k s and uses it to encipher m To be used for this message only Called a session key –She enciphers k s with Bob’s public key Pb Bob enciphers all session keys Alice uses to communicate with Bob Called an interchange key –Alice sends k s (m); Pb B (k s )
6
Benefits Limits amount of traffic enciphered with single key –Standard practice, to decrease the amount of traffic an attacker can obtain Prevents some attacks –Example: Alice will send Bob message that is either “BUY” or “SELL”. Eve computes possible ciphertexts k B { “BUY” } and k B { “SELL” }. Eve intercepts enciphered message, compares, and gets plaintext at once
7
Key Exchange Algorithms Goal: Alice, Bob get shared key –Key cannot be sent in clear Attacker can listen in Key can be sent enciphered, or derived from exchanged data plus data not known to an eavesdropper –Alice, Bob may trust third party –All cryptosystems, protocols publicly known Only secret data is the keys Anything transmitted is assumed known to attacker
8
Authentication Based on a Shared Secret Key Two-way authentication using a challenge-response protocol. Assumes that the shared key K AB is only known to Alice and Bob ARBRB K AB (R B ) RARA K AB (R A ) A = id of Alice, B = id of Bob R A = random number (nonce) Alice Bob
9
Authentication Based on a Shared Secret Key A shortened two-way authentication protocol. A, R A R B,K AB (R A ) K AB (R B )
10
Authentication Based on a Shared Secret Key The reflection attack. A, R T R B,, K AB (R T ) A,R B R B2,K AB (R B ) K AB (R B ) Trudy Bob
11
Authentication Based on a Shared Secret Key A K AB (R A2 ) RARA K AB (R A ) B RARA R A2 K AB (R A2 ) -Use different keys for each direction -Different sets of random number for each direction
12
Establishing a Shared Key: The Diffie-Hellman Key Exchange - Alice and Bob agree on two large numbers, n and g (these are public) Shared key
13
Establishing a Shared Key: The Diffie-Hellman Key Exchange The bucket brigade or man-in-the-middle attack.
14
Using a Key Distribution Center (KDC) to establish a shared key A, K A (B, K S ) K B (A, K S ) K A = Shared key between Alice and KDC K B = Shared key between Bob and KDC K S = session key picked by Alice Alice KDC Bob
15
Using a Key Distribution Center (KDC) to establish a shared key A, K A (B, K S ) K B (A, K S ) K A = Shared key between Alice and KDC K B = Shared key between Bob and KDC K S = session key picked by Alice Alice KDC Bob Problem: Trudy can replay the second message to Bob K B (A, K S )
16
Use timestamps - Include timestamps in messages - Requires synchronized clocks - Otherwise replay attacks are possible - Use nonces: not repeated - Requires entities to remember them -Use a combination of timestamps and nonces to bound how long they need to be remembered
17
Authentication Using a Key Distribution Center The Needham-Schroeder authentication protocol. R A, A, B K B (A, K S ), K S (R A2 ) K A (R A, B, K S, K B (A, K S ) ) K S (R A2 -1), R B K S (R B -1) Alice KDC Bob
18
The Needham-Schroeder authentication protocol. R A, A, B K B (A, K S ), K S (R A2 ) K A (R A, B, K S, K B (A, K S ) ) K S (R A2 -1), R B K S (R B -1) Alice KDC Bob K B (A, K S ), K S (R A2 ) K S (R A2 -1), R B’ K S (R B’ -1) Attacker acquires an old key
19
Authentication Using Kerberos K TGS (A, K s ), B, K S (t)K S (B, K AB ), K B (A, K AB )K B (A, K AB ), K AB (t)K AB (t+1) A Alice Authentication Server Ticket-Granting Server Bob K A (K S, K TGS (A, K S ) ) Ticket; proves that the sender is Alice Prevents replay attacks
20
Authentication Using Public-Key Cryptography Mutual authentication using public-key cryptography. Alice Directory Here is Pb Alice Give me Pb Bob Give me Pb Alice Here is Pb Bob Pb Bob (A, R A ) Pb Alice (R A, R B, K S ) K S (R B )
21
Cryptographic Key Infrastructure Public key: bind identity to public key –Crucial as people will use key to communicate with principal whose identity is bound to key
22
Certificates Create token (message) containing –Identity of principal (here, Alice) –Corresponding public key –Timestamp (when issued) –Other information (perhaps identity of signer) signed by trusted authority C A = Pr CA ( PB A || Alice || T ) Or only sign the hash of the certificate
23
Use Bob gets Alice’s certificate –If he knows CA’s public key, he can decipher the certificate When was certificate issued? Is the principal Alice? –Now Bob has Alice’s public key Problem: Bob needs CA’s public key to validate certificate –Problem pushed “up” a level
24
Certificate Signature Chains - Chain of certificates: “chain of trust” or “certification path”
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.