Presentation is loading. Please wait.

Presentation is loading. Please wait.

Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols."— Presentation transcript:

1 Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols David L. Mills, University of Delaware 21 January 1997 http://www.eecis.udel.edu/~mills

2 Page # Introduction Authentication for ubiquitous, real-time protocols such as Network Time Protocol Current scheme uses one-way hash functions and private keys New scheme combines with public-key cryptosystem and certificates Avoids public-key computations for every packet Requires no per-client state at busy servers Requires only occasional verification of server credentials

3 Page # NTP capsule summary Network Time Protocol (NTP) Synchronizes clocks of hosts and routers in the Internet Provides submillisecond accuracy on LANs, low tens of milliseconds on WANs Reliability assured by redundant servers and diverse network paths Engineered algorithms used to reduce jitter, mitigate multiple sources and avoid improperly operating servers

4 Page # NTP authentication - issues Configuration and authentication and synchronization are inseparable Clients and servers must require no manual configuration Ultimate security must be based on private values known only to servers and public values obtained from directory services Must be fast

5 Page # NTP authentication - approach Authentication and synchronization work independently for each peer server Public keys and certificates are obtained and verified relatively infrequently Session keys are derived from public keys using fast algorithms Only when time and authentication are independently verified is the local clock set

6 Page # MD5 message digest

7 Page # MD5/RSA digital signature

8 Page # Authentication scheme A (Kent) Scheme is based on public key encryption and one-way hash function Certificated public values for each server provided by Secure DNS or X.509 Server computes session key as one-way hash of server private value, server/client IP addresses and key identifier as each client request is received On request, server sends session key to client using public-key cryptography

9 Page # Authentication scheme B (S-Key) Scheme is based on public key encryption and S/KEY scheme Server generates list of session keys, where each key is a one-way hash of the previous key Server uses keys in reverse order and generates a new list when the current one is exhausted; Clients verify the hash of the current key equals the previous key On request, the server signs the current key and sends to client

10 Page # Current status Complete analysis of security model and authentication scheme in TR 96-10-3 Preliminary design for integration in Unix/Windows NTP daemon completed Implementation plan in progress Complete set of status reports and briefing slides at: http://www.eecis.udel.edu/~mills

Download ppt "Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.

PIS: Unit III Digital Signature & Authentication Sanjay Rawat PIS Unit 3 Digital Sign Auth Sanjay Rawat1 Based on the slides of Lawrie.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Copyright © 2014 EMC Corporation. All Rights Reserved. Basic Network Configuration for File Upon completion of this module, you should be able to: Configure.

Copyright © 2014 EMC Corporation. All Rights Reserved. Basic Network Configuration for File Upon completion of this module, you should be able to: Configure.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.

Presented by Fengmei Zou Date: Feb. 10, 2000 The Secure Sockets Layer (SSL) Protocol.
SSL CS772 Fall 2011. Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.

SSL CS772 Fall Secure Socket layer Design Goals: SSLv2) SSL should work well with the main web protocols such as HTTP. Confidentiality is the top.
An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.

An Introduction to Secure Sockets Layer (SSL). Overview Types of encryption SSL History Design Goals Protocol Problems Competing Technologies.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.

Real-Time Authentication Using Digital Signature Schema Marissa Hollingsworth BOISECRYPT ‘09.
Cryptography Basic (cont)

Cryptography Basic (cont)
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.

Similar presentations

Ads by Google