Presentation is loading. Please wait.

Presentation is loading. Please wait.

Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and.

Similar presentations

Presentation on theme: "Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and."— Presentation transcript:

1 Intro To Secure Comm. Exercise 2

2 Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and you trust the phone company to have secured phone lines (no eaves dropping on the line).  All the users must use “good” passwords. 1.What is a “good” password? 2.What is the problem with “good” passwords? 3.How can you build a device that can help the user? Hint: the device may generate the passwords

3 Solution  A good password is one that is immune to common dictionary- attacks, and is pseudo random  Good passwords are hard to remember so users tend to write them down  The device may be PRF K (USER|DATE|TIME) MD5(K|USER|DATE|TIME)

4 Problem  You wish your users to login to a remote computer  You wish that ADV getting hold of that computer won’t be able to retrieve the stored passwords easily  What method would you use to store the passwords?

5 Solution  The simplest solution would be to store a hash of the passwords.

6 Problem  What hash attributes do we require for this scheme?

7 Solution  We would like OWF So that ADV can’t efficiently find a pre image for our passwords  We would like CRHF So that ADV can’t efficiently find a collision to our password

8 Problem  Authentication possibilities Something You know Something You have Something You are  Give examples for the above  What may be the problems?

9 Solution – Something you know  Password/secrets are things you suppose to know and no other  The cost is minimal, however we usually choose intuitive things to know.  When secrets are not intuitive we tend to forget them/write them down so we don’t forget them.

10 Solution – Something you have  Usually smart cards are things we have and no one else.  Problems are higher cost  We tend to forget the devices if they are small  We tend not to use them if they are big  They may be stolen, and then what?

11 Solution – Something you are  Biometrics is a common way to identify a person (eye, finger print …)  Costs a lot (smart devices, training time)  May not have high precision, i.e. long retries, forgeries

12 Suggested solution  Hybrid approach  A small device which incorporates a PIN or a password to operate  Something like a SecureID device, Portable phone with a key…

13 Problem  Devise a simple secure way to prove the knowledge of the secret (password) without ADV being able to know the password

14 Solution  Send h(password) to server  Against what types of ADV is it secure?  What may be the problem with the following protocol in case of an eavesdropper/spoofer ADV?

15 Solution 2  ADV may not have to know the password in order to login, he just has to listen to it and send it to the server.

16 Problem  Find a way to simply defend against an eavesdropper/spoofer ADV

17 Solution  Use S/KEY password scheme Each user has n successful login attempts. At startup, the server receives h(x) n Each login the server receives h(x) n-i The server validates h(h(x) n-i )=h(x) n-(i-1)  Against what type of attack is this protocol not immune to? What are its weaknesses?

18 Solution  The protocol is not immune against a spoofer/eavesdropper which spoofs the server  When establishing a new chain of hashes, the spoofer can intercept the transmission and send it as it was his own (or send h(x) n+1 ).

19 Problem  Common antivirus programs have the feature of “immune”\”sign” a file.  In case the file is changed the software knows it immediately.  Common method is using a hash function to create a digest for the file.  What are the requirements from the hash function?

20 Solution  The hash function must be at least WCRHF.  This is because the file may already be known to the virus and the virus will need to find a collision in order to fool the antivirus program.  What other methods would you use to ensure that the file wasn’t tempered with?

21 Problem  The following scenario is suggested for establishing session keys Alice and Bob share a secret (key phrase/password) Alice generates Session key K and send E P (K) to Bob Bob receives E P (K), deciphers and uses K as the new session key.  What are the threats to the model?  Is this solution secure against an eavesdropper?

22 Solution  The solution is problematic when a password is used.  Passwords are susceptible to dictionary attack.  The eavesdropper may discover p and thus the session key k (and may discover any other session keys)  Suggest a better protocol

23 Solution  Alice Generates pub A and priv A.  Alice sends E P (pub A ) to Bob  Bob deciphers and sends to Alice Pub A (k)  Alice sends to Bob E k (challengeA)  Bob responds E k (challengeA||challengeB)  Alice responds (challengeB)  What cryptographic method is E?

24 Solution  The cryptographic method is a MAC  Why not simply use an encryption method?

25 Problem  Some designs attempt to provide message authentication by sending the encryption of the message concatenated with its hash (or simply with an error detection code).  Namely, they send Encrypt(Message||Hash(Message)), and hope that in so doing, they achieve encryption and authentication together.  Show that this design is insecure (an attacker can modify a message and it would still be considered authentic).  Hint: this is easy to show, when using one-time-pad or OFB mode encryption.

26 Solution  Assuming OTP is used and ADV knows some information about the message.  ADV knows the algorithm, so knows which hash function is used.  Knowing so, he can figure out the key encrypting the message (known plain text).  Since he knows the message and hash of the message, he can figure out the key encrypting the hash.  ADV can now calculate new message and new hash for the message and replace them.

27 Solution  ADV’s playout: k m =mc m (revealing the key of m) k h(m) =h(m) c h(m) Forge: m’k m ||h(m’)k h(m)  This is a poor MAC because it isn’t even immune to KMA.

Download ppt "Intro To Secure Comm. Exercise 2. Problem  You wish for your users to access a remote server via user and password.  All of the users have modems and."

Similar presentations

Ads by Google