Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information System Security Đại học Quốc Gia TPHCM – Đại học Bách Khoa Khoa Khoa học và Kỹ thuật Máy Tính.

Published byMatilda Shields Modified over 8 years ago

Similar presentations

Presentation on theme: "Information System Security Đại học Quốc Gia TPHCM – Đại học Bách Khoa Khoa Khoa học và Kỹ thuật Máy Tính."— Presentation transcript:

1 Information System Security Đại học Quốc Gia TPHCM – Đại học Bách Khoa Khoa Khoa học và Kỹ thuật Máy Tính

2 Information System Security Đại học Quốc Gia TPHCM – Đại học Bách Khoa Khoa Khoa học và Kỹ thuật Máy Tính Thành viên :  Huỳnh Lưu Triết50702593  Nguyễn Hoàng Tùng50702853

3 Information System Security AUTHENTICATION METHODS  Something you know  Something you have  Something you are AUTHENTICATION PROTOCOLS  Simple authentication protocols  Real-world security protocols

4  Something you know  Something you have  Something you are Information System Security : Password : Smartcard : Fingerprint, Iris Scan

5  Identification  Authentication Information System Security ~ Who is someone ? ~ Is something genuine ?

6  Something you know  Something you have  Something you are Information System Security

7 Password Group AGroup BGroup C >= 6 charactersPassphrases8 randomly characters

8  Password verification  Other password issues Information System Security

9  Password verification Compare with the correct password Password x  y = h(x)  store y  verify z  h(z)  compare h(z) with y Crack : Trudy has “dictionary”  h(x 0,x 1,…x N- 1 )  compare each with y Salt value (s)  y = h(x, s)  store (s, y)  verify z  h(z, s)  compare h(z, s) with y from (s, y)

10  Other password issues Information System Security Social engineering Keystroke logging software and spyware Number password Cracking tools

11  Something you know  Something you have  Something you are Information System Security

12 Like credit card, includes a small amount of memory and computing resources

13  Something you know  Something you have  Something you are Information System Security

14  Types of errors  Biometric examples  Biometric error rates  Biometric conclusions Information System Security

15  Types of errors Fraud rate Insult rate Information System Security

16  Types of errors Information System Security Alice Fraud rate

17  Types of errors Information System Security Not Alice Insult rate

18  Biometrics Examples Fingerprints Information System Security - Used in ancient China - 1798, J. C. Mayer  fingerprints may unique - 1823, Purkinje  nine “fingerprint patterns” - 1883, Mark Twain  “Life on the Mississippi” - 1892, Sir Francis Galton  “minutia” systems

19  Biometric examples Fingerprints Information System Security

20  Biometric examples Hand geometry Information System Security - The width and length of the hand and fingers - Hand geometry is easy and quick to measure

21  Biometric examples Hand geometry Information System Security

22  Biometric examples Iris scan Information System Security - The best for authentication - 1936, Frank Burch suggest using it - The 1980s, resurfaced in James Bond films - 1994, John Daugman - a researcher at Cambridge University, patented  iris scan - A black and white photo of the eye  transform  a 256-byte (2048 bit) “iris code”

23  Biometric examples Iris scan Information System Security - Alice : x ; iris scan stored : y - d(x, y) = non-match bits/bits compared. - d(x, y), same is 0.08 and difference is 0.50 - A match : d (x, y) <= 0.32 - How to attack ? - Picture of Alice  How to prevent ???

24  Biometric examples Iris scan Information System Security

25  Biometric error rates Fraud rate = Insult rate Fingerprints (5%) Hand geometry (0.1%) Iris scan (0.001%) Information System Security

26  Biometric conclusions Difficult to attack Expensive Information System Security

27  Difficult to attack ~ Expensive  Attack : Biometrics < Smartcard < Password  Cost : Password < Smartcard < Biometrics

28 AUTHENTICATION PROTOCOLS I.SIMPLE AUTHENTICATION PROTOCOLS II.REAL-WORLD SECURITY PROTOCOLS

29 Information System Security SIMPLE AUTHENTICATIONPROTOCOLS 1. Introduction 2. Simple Security Protocols 3. Authentication Protocols Authentication Using Symmetric Keys Session Keys Timestamps

30 SIMPLE AUTHENTICATION PROTOCOLS 1. Introduction  What is Protocol?  Security Protocol?  Differences between Authentication Method and Authentication Protocol  A seemingly innocuous change can make a significant difference in a protocol  Security protocol must meet the specified security requirements Information System Security

31 SIMPLE AUTHENTICATION PROTOCOLS 2.Simple Security Protocols Entering into a secure facility, such as the National SecurityAgency Withdraw money from an ATM machine Identify Friend or Foe, or IFF Information System Security

32 Identify Friend or Foe, or IFF SIMPLE AUTHENTICATION PROTOCOLS Information System Security

33 3.Authentication Protocols ◦ Efficient?  Trudy can later replay the messages  Alice’s password is sent in the clear  Bob must know Alice’s password SIMPLE AUTHENTICATION PROTOCOLS Information System Security

34 How to solve? SIMPLE AUTHENTICATION PROTOCOLS Information System Security

35 3.Authentication Protocols SIMPLE AUTHENTICATION PROTOCOLS Information System Security

36 3.Authentication Protocol Authentication Using Symmetric Keys  Encrypting plaintext P with key K to obtain ciphertext C is C = E(P,K)  Decrypting ciphertext C with key K to recover the plaintext P is P = D(C,K).  Alice and Bob share symmetric key K AB SIMPLE AUTHENTICATION PROTOCOLS Information System Security

37 3.Authentication Protocol Authentication Using Symmetric Keys SIMPLE AUTHENTICATION PROTOCOLS Information System Security

38 3.Authentication Protocol Authentication Using Symmetric Keys Is subject to a man-in-the-middle attacks. SIMPLE AUTHENTICATION PROTOCOLS Information System Security

39 3.Authentication Protocol  Authentication Using Symmetric Keys Man in the Middle SIMPLE AUTHENTICATION PROTOCOLS Information System Security

40 3.Authentication Protocol Authentication Using Symmetric Keys  Conclusion:  One-way authentication protocol may not be secure for mutual Authentication.  Protocols and attacks on protocols can be subtle.  “Obvious” changes to protocols can raise serious security issues SIMPLE AUTHENTICATION PROTOCOLS Information System Security

41 3.Authentication Protocol Authentication Using Symmetric Keys Lesson:  Don’t have the two sides do exactly the same thing  Small changes to a protocol can result in big changes in security SIMPLE AUTHENTICATION PROTOCOLS Information System Security

42 3.Authentication Protocol  Session Keys  Encrypt data within each connection  Limits the data encrypted with one particular key  Limits the damage if one session key is compromised  Used for confidentiality or integrity protection. SIMPLE AUTHENTICATION PROTOCOLS Information System Security

43 3.Authentication Protocol  Session Keys SIMPLE AUTHENTICATION PROTOCOLS Information System Security

44 3.Authentication Protocol  Session Keys SIMPLE AUTHENTICATION PROTOCOLS Information System Security

45 3.Authentication Protocol  Session Keys  Sign and Encrypt Mutual Authentication SIMPLE AUTHENTICATION PROTOCOLS Information System Security

46 3.Authentication Protocol  Session Keys  Is Sign and Encrypt Mutual Authentication better? SIMPLE AUTHENTICATION PROTOCOLS Information System Security

47 3.Authentication Protocol  TimeStamp  Contains the current time  Timestamp can be used in place of a nonce  Benefit: don’t need to waste any messages exchanging nonces  Used in many real-world security protocols, such as Kerberos  Timestamps create some security concerns SIMPLE AUTHENTICATION PROTOCOLS Information System Security

48 3.Authentication Protocol  TimeStamp  Reduced the number of messages by a third  Using timestamp with the sign and encrypt is secure  What about encrypt and sign? SIMPLE AUTHENTICATION PROTOCOLS Information System Security

49 3.Authentication Protocol  TimeStamp Unfortunately, the protocol is subject to attack SIMPLE AUTHENTICATION PROTOCOLS Information System Security

50 3. Authentication Protocol  TimeStamp  Timestamp with the sign and encrypt is secure  Timestamp with encrypt and sign is not  So we can never take anything for granted SIMPLE AUTHENTICATION PROTOCOLS Information System Security

51 REAL-WORLD SECURITY PROTOCOLS KERBEROS  Kerberized Login  Kerberos Ticket  Kerberos Security

52 Information System Security REAL-WORLD SECURITY PROTOCOLS KERBEROS  An authentication system that uses symmetric key cryptography  Designed for smaller scale use, such as on a local area network  With N users:  Public key cryptography: requires N key pairs  Symmetric keys: requires N 2 keys  Kerberos: requires N keys

53 Information System Security REAL-WORLD SECURITY PROTOCOLS KERBEROS Relying on a trusted third party, or TTP. Employs a Key Distribution Center, or KDC, that acts as the TTP The KDC has a master key K KDC, known only to the KDC KDC issues various types of tickets: Ticket- Granting Ticket, or TGT TGT is encrypted with K KDC sending to the recipient TGT can only be read by the KDC

54 Information System Security REAL-WORLD SECURITY PROTOCOLS KERBEROS  Kerberized Login TGT = E(“Alice”,S A ;K KDC ).

55 Information System Security REAL-WORLD SECURITY PROTOCOLS KERBEROS  Kerberos Ticket  REQUEST = (TGT, authenticator)  authenticator = E(timestamp,S A )  REPLY = E(“Bob”,K AB, ticket to Bob; S A )  ticket to Bob = E(“Alice”,K AB ;K B )

56 Information System Security REAL-WORLD SECURITY PROTOCOLS KERBEROS  Kerberos Security  Minor Flaw: KDC sends E(S A,TGT;K A ), Where TGT = E(“Alice”,S A ;K KDC ).  KDC does not need to know who is making the REQUEST  why is “ticket to Bob” sent to Alice?  how does Kerberos prevent replay attacks?

57 Information System Security

58

Download ppt "Information System Security Đại học Quốc Gia TPHCM – Đại học Bách Khoa Khoa Khoa học và Kỹ thuật Máy Tính."

Similar presentations

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.

CMSC 414 Computer (and Network) Security Lecture 22 Jonathan Katz.
Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi

Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi
Lecture 10: Mediated Authentication

Lecture 10: Mediated Authentication
Chapter 10 Real world security protocols

Chapter 10 Real world security protocols
Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)

Key Management. Shared Key Exchange Problem How do Alice and Bob exchange a shared secret? Offline – Doesnt scale Using public key cryptography (possible)
Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.

Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must.
Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.

CIS 725 Key Exchange Protocols. Alice ( PB Bob (M, PR Alice (hash(M))) PB Alice Confidentiality, Integrity and Authenication PR Bob M, hash(M) M, PR Alice.
CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.

CS470, A.SelcukCryptographic Authentication1 Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk.
1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.

1 Security Handshake Pitfalls. 2 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: –Authenticate.
Authentication & Kerberos

Authentication & Kerberos
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,

1 Chapter 13 – Digital Signatures & Authentication Protocols Fourth Edition by William Stallings Lecture slides by Lawrie Brown (modified by Prof. M. Singhal,
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (7) AUTHENTICATION.
 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.

 Public key (asymmetric) cryptography o Modular exponentiation for encryption/decryption  Efficient algorithms for this o Attacker needs to factor large.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Symmetric Key Distribution Protocol with Hybrid Crypto Systems Tony Nguyen.

Similar presentations

Ads by Google