Download presentation

Presentation is loading. Please wait.

Published byMakena Hicken Modified over 6 years ago

1
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk

2
CS470, A.SelcukCryptographic Authentication2 Password authentication subject to eavesdropping Alternative: Cryptographic challenge-response –Symmetric key –Public key

3
CS470, A.SelcukCryptographic Authentication3 Symmetric Key Challenge-Response Alice Bob I’m Alice a challenge R F(K AB,R) An example protocol:

4
CS470, A.SelcukCryptographic Authentication4 Limitations: Authentication not mutual (login only) Subject to connection hijacking (login only) Subject to off-line password guessing (if K is derived from password) Bob’s database has keys in the clear

5
CS470, A.SelcukCryptographic Authentication5 Symmetric Key Challenge-Response Alice Bob I’m Alice, K AB {timestamp} A one-message protocol:

6
CS470, A.SelcukCryptographic Authentication6 Easy integration into password-sending systems More efficient: Single message, stateless Care needed against replays Care needed if key is common across servers Clock has to be protected as well Alternatively, with a hash function, send, I’m Alice, timestamp, H(K AB,timestamp)

7
CS470, A.SelcukCryptographic Authentication7 Public Key Challenge-Response Alice Bob I’m Alice R [R] A By signature:

8
CS470, A.SelcukCryptographic Authentication8 Public Key Challenge-Response Alice Bob I’m Alice {R} A R By decryption:

9
CS470, A.SelcukCryptographic Authentication9 Problem: Bob (or Trudy) can get Alice to sign/decrypt any text he chooses. Solutions: –Never use the same key for different purposes (e.g., for login and signature) –Have formatted challenges

10
CS470, A.SelcukCryptographic Authentication10 Mutual Authentication Both Alice and Bob authenticate each other An example protocol: Alice Bob I’m Alice R1 F(K AB,R1) R2 F(K AB,R2)

11
CS470, A.SelcukCryptographic Authentication11 Alice Bob I’m Alice, R2 R1, F(K AB,R2) F(K AB,R1) Some saving:

12
CS470, A.SelcukCryptographic Authentication12 Reflection attack: Trudy Bob I’m Alice, R1 R3, F(K AB,R1) Trudy Bob I’m Alice, R2 R1, F(K AB,R2) F(K AB,R1)

13
CS470, A.SelcukCryptographic Authentication13 Solutions: –Different keys for Alice and Bob –Formatted challenges, different for Alice and Bob Principle: Initiator should be the first to prove its identity

14
CS470, A.SelcukCryptographic Authentication14 Another weakness: Trudy can do dictionary attack against K AB acting as Alice, without eavesdropping. Solution against both problems: (Dictionary attack still possible if Trudy can impersonate Bob.) Alice Bob R1 F(K AB,R1), R2 F(K AB,R2) I’m Alice

15
CS470, A.SelcukCryptographic Authentication15 Mutual authentication with PKC: Problem: How can the public/private keys be remembered by ordinary users? They can be stored in an electronic token (USB), or can be retrieved from a server with password-based authentication & encryption. Alice Bob I’m Alice, {R2} B R2, {R1} A R1

16
CS470, A.SelcukCryptographic Authentication16 Session Key Establishment A session key is needed to authenticate/encrypt the rest of the session. The session key must be –different for each session –unguessable by an eavesdropper –not K AB {x} for some x predictable/extractable by an attacker Good if both sides contribute –avoids replays (“freshness guarantee”) –works if either side has a good random number generator

17
CS470, A.SelcukCryptographic Authentication17 Nonces Nonce: Something created for one particular occasion Nonce types: –Random numbers –Timestamps –Sequence numbers Random nonces needed for unpredictability Obtaining random nonces from timestamps: encryption with a secret key.

18
CS470, A.SelcukCryptographic Authentication18 Protocol Performance Comparison Computational Complexity: (to minimize CPU time, power consumption) –Number of private-key operations – “ “ public-key “ – “ “ bytes encrypted with secret key – “ “ bytes hashed Communication Complexity: –Number of message rounds –Bandwidth consumption

Similar presentations

© 2021 SlidePlayer.com Inc.

All rights reserved.

To make this website work, we log user data and share it with processors. To use this website, you must agree to our Privacy Policy, including cookie policy.

Ads by Google