Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSE331: Introduction to Networks and Security Lecture 24 Fall 2002.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CSE331: Introduction to Networks and Security Lecture 24 Fall 2002."— Presentation transcript:

1 CSE331: Introduction to Networks and Security Lecture 24 Fall 2002

2 CSE331 Fall 20022 Announcements Class is cancelled on Wednesday (Nov. 6 th ) Prof. Zdancewic will be out of town until Nov. 14 th –Should be available by e-mail (sporadically) Project 3 is due on Nov. 18 th

3 CSE331 Fall 20023 Recap Authentication –Passwords & Human Authentication Today –Machine Authentication Protocols

4 CSE331 Fall 20024 Aim For honest parties, the claimant A is able to authenticate itself to the verifier B. That is, B will complete the protocol having accepted A’s identity. Alice Bart

5 CSE331 Fall 20025 Threats Transferability: B cannot reuse an identification exchange with A to successfully impersonate A to a third party C. Impersonation: The probability is negligible that a party C distinct from A can carry out the protocol in the role of A and cause B to accept it as having A’s identity.

6 CSE331 Fall 20026 Assumptions A large number of previous authentications between A and B may have been observed. The adversary C has participated in previous protocol executions with A and/or B. Multiple instances of the protocol, possibly instantiated by C, may be run simultaneously.

7 CSE331 Fall 20027 Attacks Not Addressed Identification affirms that communication with the expected party occurred at a given point in time. Two active attacks are not addressed: –Usurpation: The session beginning with the identification is “usurped” by the attacker as a man-in-the-middle. –Grand Master Postal Attack Problem: A man-in- the-middle relays messages between two parties without changing them. (End-to-end authentication, not hop-by-hop)

8 CSE331 Fall 20028 Challenge-Response Background. –Random numbers (nonces). –Sequence numbers. –Timestamps. Symmetric keys. –With timestamps or random numbers. Asymmetric keys. –With encryption or signature.

9 CSE331 Fall 20029 Replay Replay: the threat in which a transmission is observed by an eavesdropper who subsequently reuses it as part of a protocol, possibly to impersonate the original sender. –Example: Monitor the first part of a telnet session to obtain a sequence of transmissions sufficient to get a log-in. Three strategies for defeating replay attacks –Nonces –Timestamps –Sequence numbers.

10 CSE331 Fall 200210 Nonces: Random Numbers Nonce: A number chosen at random from a range of possible values. –Each generated nonce is valid only once. In a challenge-response protocol nonces are used as follows. –The verifier chooses a (new) random number and provides it to the claimant. –The claimant performs an operation on it showing knowledge of a secret. –This information is bound inseparable to the random number and returned to the verifier for examination. –A timeout period is used to ensure “freshness”.

11 CSE331 Fall 200211 Time Stamps The claimant sends a message with a timestamp. The verifier checks that it falls within an acceptance window of time. The last timestamp received is held, and identification requests with older timestamps are ignored. Good only if clock synchronization is close enough for acceptance window.

12 CSE331 Fall 200212 Sequence Numbers Sequence numbers provide a sequential or monotonic counter on messages. If a message is replayed and the original message was received, the replay will have an old or too-small sequence number and be discarded. Cannot detect forced delay. Difficult to maintain when there are system failures.

13 CSE331 Fall 200213 Unilateral Symmetric Key Unilateral authentication with timestamp generated by A. –A&B have synchronized clocks –B accepts only in certain time window Unilateral authentication with nonce. K AB {t, B} n K AB {n, B}

14 CSE331 Fall 200214 Mutual Symmetric Key Using Nonces: nBnB K AB {n A, n B, B} K AB {n A, A}

15 15 Passkey Systems F S PIN A Display Claimant AVerifier B e y Challenge Generator Login Request Passcode Generator F Secret Database Compare ( challenge ) ( response ) PIN S

16 CSE331 Fall 200216 Unilateral Public Key Decryption Encryption under A’s public key is K A {-}: –The witness H(n) shows knowledge of n and prevents chosen plaintext attacks on EA. H(n), B, K A {n,B} n

17 CSE331 Fall 200217 Mutual Public Key Decryption Exchange nonces K B {n A, A} K A {n A, n B } nBnB

18 CSE331 Fall 200218 Unilateral Digital Signatures S A {M} is A’s signature on message M. Unilateral authentication with timestamps: Unilateral authentication with random numbers: The n A prevents chosen plaintext attacks. t, B, S A {t, B} n A, B, S A {n A, n B, B} nBnB

19 CSE331 Fall 200219 Mutual Digital Signatures Using random numbers. nBnB n A, B, S A {n A, n B, B} A, S B {n A, n B, A}

20 CSE331 Fall 200220 Primary Attacks Replay. Interleaving. Reflection. Forced delay. Chosen plaintext.

21 CSE331 Fall 200221 Primary Controls Replay: –use of challenge-response techniques –embed target identity in response. Interleaving –link messages in a session with chained nonces. Reflection: – embed identifier of target party in challenge response –use asymmetric message formats –use asymmetric keys.

22 CSE331 Fall 200222 Primary Controls, continued Chosen text: –embed self-chosen random numbers (“confounders”) in responses –use “zero knowledge” techniques. Forced delays: –use nonces with short timeouts –use timestamps in addition to other techniques.

23 CSE331 Fall 200223 Usurpation Attacks Identification protocols provide assurances corroborating the identity of an entity only at a given instant in time. Techniques to assure ongoing authenticity: –Periodic re-identification. –Tying identification to an ongoing integrity service. For example: key establishment and encryption.

Download ppt "CSE331: Introduction to Networks and Security Lecture 24 Fall 2002."

Similar presentations

AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.

Overview Network security involves protecting a host (or a group of hosts) connected to a network Many of the same problems as with stand-alone computer.
Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 14 – Authentication Applications

Chapter 14 – Authentication Applications
SCSC 455 Computer Security

SCSC 455 Computer Security
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
Systematic Design of a Family of Attack Resistant Authentication Protocols By:- Ray Bird, I Gopal, Amir Herzberg, Philippe A Jnason, Shay Kutten, Refik.

Systematic Design of a Family of Attack Resistant Authentication Protocols By:- Ray Bird, I Gopal, Amir Herzberg, Philippe A Jnason, Shay Kutten, Refik.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.

Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York.
CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.

CSE331: Introduction to Networks and Security Lecture 22 Fall 2002.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)

Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Authentication & Kerberos

Authentication & Kerberos
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.

Similar presentations

Ads by Google