Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Intro To Encryption Exercise 12. 2 Problem What may be the problem with a central KDC?

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Intro To Encryption Exercise 12. 2 Problem What may be the problem with a central KDC?"— Presentation transcript:

1 1 Intro To Encryption Exercise 12

2 2 Problem What may be the problem with a central KDC?

3 3 Solution Performace may decrease when clients increase. Especially when multicast clients are present Security may be a very big issue (single point of failure, master keys recovery).

4 4 Problem How should you improve performance? Is replication a good performance improvement? How does it affects security?

5 5 Solution A naïve approach may be to replicate the KDC This may solve some performance issues when done properly This may decrease security because of multiple exact copies of the same information.

6 6 Problem Suggest a solution for sharing the load of computation and communication among servers. The solution must maintain the security and not degrade it.

7 7 Solution Use secret sharing with threshold. Is this solution sufficient? NO!!!!  We must define (how?) the amount of servers and the threshold needed

8 8 Problem Revise the previous solution to accommodate better definitions for security

9 9 Solution After conducting surveys and cryptanalysis we have come to the conclusion that in a given time 20% of our servers are (may be) corrupt. Thus we shall decide on the scheme (n,80%n) for secret sharing.

10 10 Problem Is this solution sufficient for secret consistency?

11 11 Solution NO!!!! We don’t know which 20% of our server are corrupt. Which 80% should we trust? How do we know that some servers don’t sent bogus secrets?

12 12 Problem Modify the solution to provide secret verification.

13 13 Solution Use verifiable secret sharing by distributing public verification values. Where do we publish the values? Who signs the values to ensure they are authentic?  May be other sets of servers that act as a CA  May be a single server which is “super secured” (later)

14 14 Problem How do we refresh the servers’ secrets?

15 15 Solution A simple solution may be a single server which acts as the refresher. I.e. calculates the new secret and spreads it. The server may remain offline while not needed, thus preventing corruption.

16 16 Problem How can we check when a server is being tempered?

17 17 Solution Limit number of failed logins Lock accounts on several wrong logins  Lock for a certain period  Lock indefinitely Use a WORM logging mechanism.  Most attackers will not want to be detected Use a cookie mechanism/Reverse DNS/IDENT  Ensure that the client is indeed using his IP address and not using a bogus one.

Download ppt "1 Intro To Encryption Exercise 12. 2 Problem What may be the problem with a central KDC?"

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13
DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.

DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 DIGITAL SIGNATURES and AUTHENTICATION PROTOCOLS - Chapter 13 Digital Signatures Authentication.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Last Class: The Problem BobAlice Eve Private Message Eavesdropping.

Last Class: The Problem BobAlice Eve Private Message Eavesdropping.
Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.

Distributed Systems 1 Topics  What is a Distributed System?  Why Distributed Systems?  Examples of Distributed Systems  Distributed System Requirements.
1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.

1 Lecture 12: Kerberos terms and configuration phases –logging to network –accessing remote server replicated KDC multiple realms message privacy and integrity.
Authentication & Kerberos

Authentication & Kerberos
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.

A Framework for Secure Data Aggregation in Sensor Networks Yi Yang Xinran Wang, Sencun Zhu and Guohong Cao The Pennsylvania State University MobiHoc’ 06.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.

SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 11, 2003Mårten Trolin1 Previous lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.

Similar presentations

Ads by Google