Presentation is loading. Please wait.

Presentation is loading. Please wait.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

Published byKeely Rosett Modified over 9 years ago

Similar presentations

Presentation on theme: "CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice."— Presentation transcript:

1 CIS 725 Key Exchange Protocols

2 Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice (hash(M))

3 Problems: 1.Alice’s private key is stolen or she can claim it was stolen 2.Alice can change her private keys

4 Alice Bob PR Alice: ( M, Bob, t) PB Bob: ( M, Alice, t, PR TP (M, Alice, t)) M Use a trusted third party Third Party (TP) Alice wants to send M to Bob Alice sends message (M, Bob, t) encrypted with her private key to TP, where t is a timestamp. TP sends (M, Alice, t, Sn) encrypted using Bob’s public key to Bob, where Sn is (M,Alice,t) encrypted using TP’s private key.

5 Session, Interchange Keys Alice wants to send a message m to Bob –Assume public key encryption –Alice generates a random cryptographic key k s and uses it to encipher m To be used for this message only Called a session key –She enciphers k s with Bob’s public key Pb Bob enciphers all session keys Alice uses to communicate with Bob Called an interchange key –Alice sends k s (m); Pb B (k s )

6 Benefits Limits amount of traffic enciphered with single key –Standard practice, to decrease the amount of traffic an attacker can obtain Prevents some attacks –Example: Alice will send Bob message that is either “BUY” or “SELL”. Eve computes possible ciphertexts k B { “BUY” } and k B { “SELL” }. Eve intercepts enciphered message, compares, and gets plaintext at once

7 Key Exchange Algorithms Goal: Alice, Bob get shared key –Key cannot be sent in clear Attacker can listen in Key can be sent enciphered, or derived from exchanged data plus data not known to an eavesdropper –Alice, Bob may trust third party –All cryptosystems, protocols publicly known Only secret data is the keys Anything transmitted is assumed known to attacker

8 Authentication Based on a Shared Secret Key Two-way authentication using a challenge-response protocol. Assumes that the shared key K AB is only known to Alice and Bob ARBRB K AB (R B ) RARA K AB (R A ) A = id of Alice, B = id of Bob R A = random number (nonce) Alice Bob

9 Authentication Based on a Shared Secret Key A shortened two-way authentication protocol. A, R A R B,K AB (R A ) K AB (R B )

10 Authentication Based on a Shared Secret Key The reflection attack. A, R T R B,, K AB (R T ) A,R B R B2,K AB (R B ) K AB (R B ) Trudy Bob

11 Authentication Based on a Shared Secret Key A K AB (R A2 ) RARA K AB (R A ) B RARA R A2 K AB (R A2 ) -Use different keys for each direction -Different sets of random number for each direction

12 Establishing a Shared Key: The Diffie-Hellman Key Exchange - Alice and Bob agree on two large numbers, n and g (these are public) Shared key

13 Establishing a Shared Key: The Diffie-Hellman Key Exchange The bucket brigade or man-in-the-middle attack.

14 Using a Key Distribution Center (KDC) to establish a shared key A, K A (B, K S ) K B (A, K S ) K A = Shared key between Alice and KDC K B = Shared key between Bob and KDC K S = session key picked by Alice Alice KDC Bob

15 Using a Key Distribution Center (KDC) to establish a shared key A, K A (B, K S ) K B (A, K S ) K A = Shared key between Alice and KDC K B = Shared key between Bob and KDC K S = session key picked by Alice Alice KDC Bob Problem: Trudy can replay the second message to Bob K B (A, K S )

16 Use timestamps - Include timestamps in messages - Requires synchronized clocks - Otherwise replay attacks are possible - Use nonces: not repeated - Requires entities to remember them -Use a combination of timestamps and nonces to bound how long they need to be remembered

17 Authentication Using a Key Distribution Center The Needham-Schroeder authentication protocol. R A, A, B K B (A, K S ), K S (R A2 ) K A (R A, B, K S, K B (A, K S ) ) K S (R A2 -1), R B K S (R B -1) Alice KDC Bob

18 The Needham-Schroeder authentication protocol. R A, A, B K B (A, K S ), K S (R A2 ) K A (R A, B, K S, K B (A, K S ) ) K S (R A2 -1), R B K S (R B -1) Alice KDC Bob K B (A, K S ), K S (R A2 ) K S (R A2 -1), R B’ K S (R B’ -1) Attacker acquires an old key

19 Authentication Using Kerberos K TGS (A, K s ), B, K S (t)K S (B, K AB ), K B (A, K AB )K B (A, K AB ), K AB (t)K AB (t+1) A Alice Authentication Server Ticket-Granting Server Bob K A (K S, K TGS (A, K S ) ) Ticket; proves that the sender is Alice Prevents replay attacks

20 Authentication Using Public-Key Cryptography Mutual authentication using public-key cryptography. Alice Directory Here is Pb Alice Give me Pb Bob Give me Pb Alice Here is Pb Bob Pb Bob (A, R A ) Pb Alice (R A, R B, K S ) K S (R B )

21 Cryptographic Key Infrastructure Public key: bind identity to public key –Crucial as people will use key to communicate with principal whose identity is bound to key

22 Certificates Create token (message) containing –Identity of principal (here, Alice) –Corresponding public key –Timestamp (when issued) –Other information (perhaps identity of signer) signed by trusted authority C A = Pr CA ( PB A || Alice || T ) Or only sign the hash of the certificate

23 Use Bob gets Alice’s certificate –If he knows CA’s public key, he can decipher the certificate When was certificate issued? Is the principal Alice? –Now Bob has Alice’s public key Problem: Bob needs CA’s public key to validate certificate –Problem pushed “up” a level

24 Certificate Signature Chains - Chain of certificates: “chain of trust” or “certification path”

Download ppt "CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice."

Similar presentations

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Handshake Protocols COEN 350. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.

Csci5233 Computer Security1 Bishop: Chapter 10 (Cont.) Key Management: Certificates.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.

Computer Security Key Management. Introduction We distinguish between a session key and a interchange key ( long term key ). The session key is associated.
Computer Security Key Management

Computer Security Key Management
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 6 Wenbing Zhao Department of Electrical and Computer Engineering.
CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)

CSCI283 Fall 2005 GWU All slides from Bishop’s slide set Public Key Infrastructure (PKI)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.

Similar presentations

Ads by Google