Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

Published byMakena Hicken Modified over 9 years ago

Similar presentations

Presentation on theme: "CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk."— Presentation transcript:

1 CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk

2 CS470, A.SelcukCryptographic Authentication2 Password authentication subject to eavesdropping Alternative: Cryptographic challenge-response –Symmetric key –Public key

3 CS470, A.SelcukCryptographic Authentication3 Symmetric Key Challenge-Response Alice Bob I’m Alice a challenge R F(K AB,R) An example protocol:

4 CS470, A.SelcukCryptographic Authentication4 Limitations: Authentication not mutual (login only) Subject to connection hijacking (login only) Subject to off-line password guessing (if K is derived from password) Bob’s database has keys in the clear

5 CS470, A.SelcukCryptographic Authentication5 Symmetric Key Challenge-Response Alice Bob I’m Alice, K AB {timestamp} A one-message protocol:

6 CS470, A.SelcukCryptographic Authentication6 Easy integration into password-sending systems More efficient: Single message, stateless Care needed against replays Care needed if key is common across servers Clock has to be protected as well Alternatively, with a hash function, send, I’m Alice, timestamp, H(K AB,timestamp)

7 CS470, A.SelcukCryptographic Authentication7 Public Key Challenge-Response Alice Bob I’m Alice R [R] A By signature:

8 CS470, A.SelcukCryptographic Authentication8 Public Key Challenge-Response Alice Bob I’m Alice {R} A R By decryption:

9 CS470, A.SelcukCryptographic Authentication9 Problem: Bob (or Trudy) can get Alice to sign/decrypt any text he chooses. Solutions: –Never use the same key for different purposes (e.g., for login and signature) –Have formatted challenges

10 CS470, A.SelcukCryptographic Authentication10 Mutual Authentication Both Alice and Bob authenticate each other An example protocol: Alice Bob I’m Alice R1 F(K AB,R1) R2 F(K AB,R2)

11 CS470, A.SelcukCryptographic Authentication11 Alice Bob I’m Alice, R2 R1, F(K AB,R2) F(K AB,R1) Some saving:

12 CS470, A.SelcukCryptographic Authentication12 Reflection attack: Trudy Bob I’m Alice, R1 R3, F(K AB,R1) Trudy Bob I’m Alice, R2 R1, F(K AB,R2) F(K AB,R1)

13 CS470, A.SelcukCryptographic Authentication13 Solutions: –Different keys for Alice and Bob –Formatted challenges, different for Alice and Bob Principle: Initiator should be the first to prove its identity

14 CS470, A.SelcukCryptographic Authentication14 Another weakness: Trudy can do dictionary attack against K AB acting as Alice, without eavesdropping. Solution against both problems: (Dictionary attack still possible if Trudy can impersonate Bob.) Alice Bob R1 F(K AB,R1), R2 F(K AB,R2) I’m Alice

15 CS470, A.SelcukCryptographic Authentication15 Mutual authentication with PKC: Problem: How can the public/private keys be remembered by ordinary users? They can be stored in an electronic token (USB), or can be retrieved from a server with password-based authentication & encryption. Alice Bob I’m Alice, {R2} B R2, {R1} A R1

16 CS470, A.SelcukCryptographic Authentication16 Session Key Establishment A session key is needed to authenticate/encrypt the rest of the session. The session key must be –different for each session –unguessable by an eavesdropper –not K AB {x} for some x predictable/extractable by an attacker Good if both sides contribute –avoids replays (“freshness guarantee”) –works if either side has a good random number generator

17 CS470, A.SelcukCryptographic Authentication17 Nonces Nonce: Something created for one particular occasion Nonce types: –Random numbers –Timestamps –Sequence numbers Random nonces needed for unpredictability Obtaining random nonces from timestamps: encryption with a secret key.

18 CS470, A.SelcukCryptographic Authentication18 Protocol Performance Comparison Computational Complexity: (to minimize CPU time, power consumption) –Number of private-key operations – “ “ public-key “ – “ “ bytes encrypted with secret key – “ “ bytes hashed Communication Complexity: –Number of message rounds –Bandwidth consumption

Download ppt "CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk."

Similar presentations

Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukSSL/TLS & SET1 CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
IPsec – IKE CS 470 Introduction to Applied Cryptography

IPsec – IKE CS 470 Introduction to Applied Cryptography
CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukReal-Time Communication Issues1 Real-Time Communication Security IPsec & SSL Issues CS 470 Introduction to Applied Cryptography Instructor:
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 21 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Chap 3: Key exchange protocols In most systems, we distinguish the short term keys from the long term ones: –A short term key (session key) is used to.

Similar presentations

Ads by Google