Presentation is loading. Please wait.

Presentation is loading. Please wait.

CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz."— Presentation transcript:

1 CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz

2 One-way authentication  If only the server has a known public key (e.g., SSL) –Server sends R –Client sends E pk (R, password, session-key)  Insecure in general!!! –But secure if encryption scheme is chosen appropriately  Can extend to give mutual authentication

3 Authenticated Diffie-Hellman  Add signatures/MACs and nonces to Diffie- Hellman protocol –Note: achieves forward secrecy –What if we had used encryption instead?

4 Using session keys  Generally, want to provide both secrecy and integrity for subsequent conversation –Use encrypt-then-MAC –Use sequence numbers to prevent replay attacks –Use a directionality bit –Periodically refresh the session key

5 “Dos and Don’ts of Client Authentication on the Web” (Fu, et al.)

6 Authentication using “cookies”  “Single sign-on” for users accessing a site  Full-fledged key-exchange not practical due to limited client (and server!) computation  No public keys, no third parties…  Idea: use “authenticators” stored as cookies –No client-side computation at all  But…must do this securely!

7 Minimal level of security?  Any such scheme must be secure against “interrogative attacks” –These are trivial to mount  Eavesdropping, server impersonation, and man-in-the-middle attacks are more difficult  Confidentiality is an orthogonal issue…

8 Security “hints”…  Use appropriate amount of security –Do you need fine-grained knowledge of the user-id or not? –Is confidentiality, etc. required or not?  Use published schemes…  No security through obscurity…  Use cryptographic tools appropriately –E.g., don’t use crypt( ) as a MAC…

9 More “hints”  Be careful of composing security schemes –E.g., using two authentication systems…  Protect user passwords –Don’t send in the clear –Don’t include in cookie  Re-authenticate before changing password  Avoid predictable session identifiers  Expiration…

10 A simple and secure approach…  Cookie = (username/data, expiration, MAC)

11 Mediated authentication

12  E.g., using KDC  Simple protocol: –Alice requests to talk to Bob –KDC generates K AB and sends it to Alice and Bob, encrypted with their respective keys –Note: no authentication here, but impostor can’t determine K AB

13 Improvement…  Have KDC send to Alice the encryption of K AB under Bob’s key –Reduces communication load on KDC –Resilient to message delays in network

14 Needham-Schroeder  A  KDC: N 1, Alice, Bob  KDC  A: K A (N 1, Bob, K AB, ticket), where ticket = K B (K AB, Alice)  A  B: ticket, K AB (N 2 )  B  A: K AB (N 2 -1, N 3 )  A  B: K AB (N 3 -1)

15 Analysis?  N 1 assures Alice that she is talking to KDC –Prevents key-replay, helps prevent attack when Bob’s key is compromised and then changed  Important: authenticate “Bob” in message 2, and “Alice” in ticket  Uses encryption to authenticate…  –Leads to actual flaw if, e.g., ECB mode is used!  Vulnerable if Alice’s key is compromised –Bob’s ticket is always valid –Use timestamps, or request (encrypted) nonce from Bob at the very beginning of the protocol

Download ppt "CMSC 414 Computer and Network Security Lecture 18 Jonathan Katz."

Similar presentations

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
CSC 474 Information Systems Security

CSC 474 Information Systems Security
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:

CS470, A.SelcukNeedham-Schroeder1 Needham-Schroeder Protocol Authentication & Key Establishment CS 470 Introduction to Applied Cryptography Instructor:
CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 26 Jonathan Katz.
Rennes, 23/10/2014 Cristina Onete Key-Exchange Protocols. Diffie-Hellman, Active Attacks, and TLS/SSL.

Rennes, 23/10/2014 Cristina Onete Key-Exchange Protocols. Diffie-Hellman, Active Attacks, and TLS/SSL.
Authentication & Kerberos

Authentication & Kerberos
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 26 Jonathan Katz.
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

Similar presentations

Ads by Google