Nyckelhantering och autentisering
|
|
- Walter Cooper
- 7 years ago
- Views:
Transcription
1 1 Nyckelhantering och autentisering Daniel Bosk Avdelningen för informations- och kommunikationssytem (IKS), Mittuniversitetet, Sundsvall. keyauth.tex :25:08Z danbos
2 2 Översikt 1 Symmetric Key Distribution Symmetric Crypto Key Distribution Centre (KDC) Authentication Kerberos IV Kerberos V 2 Asymmetric Key Distribution Asymmetric Crypto and Hash Functions Diffie Hellman Key Exchange Public-key Certificates 3 Federated Identity Management Identity Management Identity Federation
3 Litteratur The lecture covers chapter 4 Key Distribution and User Authentication in [Sta13] and chapter 3 Protocols in [And08]. When you are done studying the material you should solve problems 4.1, 4.2, 4.5, 4.6, 4.7, 4.8, 4.9, 4.10, and 4.11 in [Sta13].
4 4 Översikt 1 Symmetric Key Distribution Symmetric Crypto Key Distribution Centre (KDC) Authentication Kerberos IV Kerberos V 2 Asymmetric Key Distribution Asymmetric Crypto and Hash Functions Diffie Hellman Key Exchange Public-key Certificates 3 Federated Identity Management Identity Management Identity Federation
5 5 Symmetric Crypto Secret key shared by sender and recipient Secret key shared by sender and recipient Transmitted ciphertext Plaintext input Encryption algorithm (e.g., DES) Decryption algorithm (reverse of encryption algorithm) Plaintext output Figur : An overview of symmetric crypto. Image: [Sta13].
6 6 Key Distribution Centre (KDC) Deliver a key k from A to B. By themselves or third party. If A and B share a key k, generate a key k and transmit it using k: A B : E k (k ). Secure connection to third party C, C delivers key to A and B.
7 Key Distribution Centre (KDC) Session Key Temporary key used between A and B. Permanent Key Key used to distribute session keys. Key Distribution Centre The central entity with which permanent keys are shared and by whom session keys are generated.
8 8 Authentication once per user logon session 2. AS verifies user's access right in database, creates ticket-granting ticket and session key. Results are encrypted using key derived from user's password. Kerberos 1. User logs on to workstation and requests service on host request ticketgranting ticket ticket + session key request servicegranting ticket ticket + session key Authentication server Ticketgranting server (TGS) 3. Workstation prompts user for password to decrypt incoming message, then send ticket and authentictor that contains user s name, network address and time to TGS. 5. Workstation sends ticket and authenticator to host. once per service session provide server authenticator once per type of service request service Host/ application server 4. TGS decrypts ticket and authenticator, verifies request then creates ticket for requested application server 6. Host verifies that ticket and authenticator match, then grants access to service. If mutual authentication is required, server returns an authenticator. Figur : An overview of Kerberos. Image: [Sta13].
9 Kerberos IV Client Authentication server (AS) Ticket-granter server (AS) Service provider Client authentication IDc IDtgs TS1 Shared key and ticket E(Kc, [Kc,tgs IDtgs TS2 Lifetime2 Tickettgs]) Tickettgs, server ID, and client authentication IDv Tickettgs Authenticatorc Shared key and ticket E(Kc,tgs, [K c,v IDv TS4 Ticketv]) Ticketv and client authentication Ticketv Authenticatorc Service granted E(Kc,v, [TS5 + 1]) Figur : An overview of Kerberos IV authentication dialogue. Image: [Sta13].
10 10 Kerberos IV (1) C AS ID c ID tgs TS 1 (2) AS C E(K c, [K c,tgs ID tgs TS 2 Lifetime 2 Ticket tgs ]) Ticket tgs = E(K tgs, [K c,tgs ID C AD C ID tgs TS 2 Lifetime 2 ]) (a) Authentication Service Exchange to obtain ticket granting ticket (3) C TGS ID v Ticket tgs Authenticator c (4) TGS C E(K c,tgs, [K c,v ID v TS 4 Ticket v ]) Ticket tgs = E(K tgs, [K c,tgs ID C AD C ID tgs TS 2 Lifetime 2 ]) Ticket v = E(K v, [K c,v ID C AD C ID v TS 4 Lifetime 4 ]) Authenticator c = E(K c,tgs, [ID C AD C TS 3 ]) (b) Ticket Granting Service Exchange to obtain service granting ticket (5) C V Ticket v Authenticator c (6) V C E(K c,v, [TS 5 + 1]) (for mutual authentication) Ticket v = E(K v, [K c,v ID C AD C ID v TS 4 Lifetime 4 ]) Authenticator c = E(K c,v, [ID C AD C TS 5 ]) (c) Client/Server Authentication Exchange to obtain service Figur : Kerberos IV authentication protocol. Image: [Sta13].
11 11 Kerberos V (1) C AS Options ID c Realm c ID tgs Times Nonce 1 (2) AS C Realm c ID C Ticket tgs E(K c, [K c,tgs Times Nonce 1 Realm tgs ID tgs ]) Ticket tgs = E(K tgs, [Flags K c,tgs Realm c ID C AD C Times]) (a) Authentication Service Exchange to obtain ticket granting ticket (3) C TGS Options ID v Times Nonce 2 Ticket tgs Authenticator c (4) TGS C Realm c ID C Ticket v E(K c,tgs, [K c,v Times Nonce 2 Realm v ID v ]) Ticket tgs = E(K tgs, [Flags K c,tgs Realm c ID C AD C Times]) Ticket v = E(K v, [Flags K c,v Realm c ID C AD C Times]) Authenticator c = E(K c,tgs, [ID C Realm c TS 1 ]) (b) Ticket Granting Service Exchange to obtain service granting ticket (5) C V Options Ticket v Authenticator c (6) V C E Kc,v [ TS 2 Subkey Seq# ] Ticket v = E(K v, [Flags K c,v Realm c ID C AD C Times]) Authenticator c = E(K c,v, [ID C Realm c TS 2 Subkey Seq#]) (c) Client/Server Authentication Exchange to obtain service Figur : Kerberos V authentication protocol. Image: [Sta13].
12 12 Kerberos V Environmental Differences Encryption system dependence. Internet protocol dependence. Byte ordering. Ticket lifetime. Authentication forwarding. Interrealm authentication.
13 13 Kerberos V Technical differences Double encryption. Propagating Cipher Block Chaining instead of CBC. Session and subsession keys. Password attacks.
14 14 Översikt 1 Symmetric Key Distribution Symmetric Crypto Key Distribution Centre (KDC) Authentication Kerberos IV Kerberos V 2 Asymmetric Key Distribution Asymmetric Crypto and Hash Functions Diffie Hellman Key Exchange Public-key Certificates 3 Federated Identity Management Identity Management Identity Federation
15 15 Asymmetric Crypto and Hash Functions Bobs's public key ring Joy Mike Alice Ted PU a Alice's public key PR a Alice 's private key X Transmitted ciphertext X = D[PR a, Y] Y = E[PU a, X] Plaintext input Encryption algorithm (e.g., RSA) Decryption algorithm Plaintext output Bob (a) Encryption with public key Alice Alice's public key ring Joy Mike Bob Ted PR b Bob's private key PU b Bob's public key X Transmitted ciphertext Y = E[PR b, X] X = D[PU b, Y] Plaintext input Encryption algorithm (e.g., RSA) Decryption algorithm Plaintext output Bob (b) Encryption with private key Alice Figur : An overview of asymmetric crypto. Image: [Sta13].
16 Asymmetric Crypto and Hash Functions Source A Destination B Message Message Message H H K K Compare E (a) Using conventional encryption D Message Message Message H H PR a PU a Compare E S (b) Using public-key encryption S D Message Message Message H H Compare (c) Using secret value Figur : An overview of using hash functions for message integrity and authentication. Image: [Sta13].
17 Diffie Hellman Key Exchange Alice and Bob share a prime q and α, such that α < q and α is a primitive root of q Alice and Bob share a prime q and α, such that α < q and α is a primitive root of q Alice generates a private key XA such that X A < q Bob generates a private key X B such that X B < q Alice calculates a public key YA = α X A mod q YA Y B Bob calculates a public key Y B = α X B mod q Alice receives Bob s public key YB in plaintext Bob receives Alice s public key Y A in plaintext Alice calculates shared secret key K = (YB) X A mod q Bob calculates shared secret key K = (YA) X B mod q Figur : A schematic overview of the Diffie Hellan Key Exchange algorithm. Image: [Sta13].
18 Diffie Hellman Key Exchange Private key XA public key Y A = α X A mod q Y A Y D2 Private keys XD1, X D2 public keys YD1 = α X D1 mod q YD2 = α X D2 mod q Y D1 Secret key K2 = (Y D2) X A mod q Secret key K2 = (Y A) X D2 mod q Private key X B public key Y B = α X B mod q Y B Secret key K1 = (YB) X D1 mod q Secret key K1 = (Y D1) X B mod q Alice and Darth share K2 Bob and Darth share K1 Figur : Schematic overview of a Man-in-the-Middle Attack. Image: [Sta13].
19 19 Public-key Certificates Unsigned certificate: contains user ID, user's public key Bob's ID information Bob's public key H H CA information Recipient can verify signature by comparing hash code values E D Generate hash code of unsigned certificate Signed certificate Encrypt hash code with CA's private key to form signature Decrypt signature with CA's public key to recover hash code Create signed digital certificate Use certificate to verify Bob's public key Figur : An overview of use of public-key certificates. Image: [Sta13].
20 20 Public-key Certificates X.509 Signature algorithm identifier Period of validity Version Certificate Serial Number algorithm parameters Issuer Name not before not after Version 1 Version 2 Signature algorithm identifier Revoked certificate algorithm parameters Issuer Name This Update Date Next Update Date user certificate serial # revocation date Subject's public key info Subject Name algorithms parameters key Issuer Unique Identifier Subject Unique Identifier Version 3 Revoked certificate Signature user certificate serial # revocation date algorithms parameters encrypted Signature Extensions algorithms parameters encrypted hash all versions (b) Certificate Revocation List (a) X.509 Certificate Figur : An overview of X.509 certificate format. Image: [Sta13].
21 21 Public-key Certificates Bob Alice Message M Message M S Bob s public key Bob s private key Cryptographic hash function h Cryptographic hash function h Decrypt h Encrypt Compare S Bob s signature for M Return signature valid or not valid Figur : An overview of the digital signature process. Image: [Sta13].
22 22 Public-key Certificates U<<V>> V<<U>> V U V<<W>> W<<V>> W Y V<<Y>> Y<<V>> W<<X>> X<<W>> X<<Z>> X Z Y<<Z>> Z<<Y>> Z<<X>> C A B X<<C>> X<<A>> Z<<B>> Figur : The X.509 certificate hierarchy. Image: [Sta13].
23 23 Översikt 1 Symmetric Key Distribution Symmetric Crypto Key Distribution Centre (KDC) Authentication Kerberos IV Kerberos V 2 Asymmetric Key Distribution Asymmetric Crypto and Hash Functions Diffie Hellman Key Exchange Public-key Certificates 3 Federated Identity Management Identity Management Identity Federation
24 Identity Management Identity Provider Data consumer Principal Attribute Service Administrator Figur : An overview of a generic identity management system. Image: [Sta13].
25 25 Identity Federation User 4 1 Identity Provider (source domain) 2 Administrator 3 Service Provider (destination domain) 1 End user's browser or other application engages in an authentication dialogue with identity provider in the same domain. End user also provides attribute values associated with user's identity. 2 Some attributes associated with an identity, such as allowable roles, may be provided by an administrator in the same domain. 3 A service provider in a remote domain, which the user wishes to access, obtains identity information, authentication information, and associated attributes from the identity provider in the source domain. 4 Service provider opens session with remote user and enforces access control restrictions based on user's identity and attributes. Figur : An overview of federated identity systems. Image: [Sta13].
26 26 Referenser I Ross J. Anderson. Security engineering : a guide to building dependable distributed systems. 2. utg. Indianapolis, IN: Wiley, ISBN: (hbk.) URL: William Stallings. Network security essentials : applications and standards. 5. utg. International Edition. Pearson Education, ISBN:
Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1
Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationCopyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1
Chapter 15 Key Management Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Symmetric-key Distribution Symmetric-key cryptography is more efficient than asymmetric-key
More informationHow To Use Kerberos
KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More informationAuthentication Applications
Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key
More informationHow To Protect Your Data From Being Hacked On A Network (Kerberos) On A Pc Or Mac Or Ipad (Ipad) On An Ipad Or Ipa (Networking) On Your Computer Or Ipam (Network
Introduction to Network Security, Authentication Applications Information: is defined as knowledge obtained from investigation, Study or Instruction, Intelligence, news, facts, data, a Signature or Character
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 20 Public-Key Cryptography and Message Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Public-Key Cryptography
More informationAuthentication Applications
Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos a private-key authentication service
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationIntroduction to Network Security Key Management and Distribution
Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015
More informationFinal Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket
IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles
More informationDigital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University
Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University October 2015 1 List of Figures Contents 1 Introduction 1 2 History 2 3 Public Key Infrastructure (PKI) 3 3.1 Certificate
More informationCS 392/681 - Computer Security
CS 392/681 - Computer Security Module 3 Key Exchange Algorithms Nasir Memon Polytechnic University Course Issues HW 3 assigned. Any lab or course issues? Midterm in three weeks. 8/30/04 Module 3 - Key
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationKey Management and Distribution
Key Management and Distribution Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu udio/video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationChapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption
Chapter 14. Key management and Distribution Symmetric Key Distribution Using Symmetric Encryption For symmetric encryption to work, the two parties to an exchange must share the same key, and that key
More informationNetwork Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering
Network Security Gaurav Naik Gus Anderson, Philadelphia, PA Lectures on Network Security Feb 12 (Today!): Public Key Crypto, Hash Functions, Digital Signatures, and the Public Key Infrastructure Feb 14:
More informationOverview of Cryptographic Tools for Data Security. Murat Kantarcioglu
UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the
More informationKerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk
Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete
More information4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.2:
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationApplication Layer (1)
Application Layer (1) Functionality: providing applications (e-mail, www, USENET etc) providing support protocols to allow the real applications to function properly security comprising a large number
More informationAuthentication. Agenda. IT Security course Lecture April 14 th 2003. Niels Christian Juul 2. April 14th, 2003
Authentication IT Security course Lecture April 14 th 2003 Niels Christian Juul Computer Science, building 42.1 Roskilde University Universitetsvej 1 P.O. Box 260 DK-4000 Roskilde Denmark Phone: +45 4674
More informationCryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More informationCSCE 465 Computer & Network Security
CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and
More informationKerberos. Login via Password. Keys in Kerberos
Kerberos Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationChapter 17. Transport-Level Security
Chapter 17 Transport-Level Security Web Security Considerations The World Wide Web is fundamentally a client/server application running over the Internet and TCP/IP intranets The following characteristics
More informationCUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631
Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.
More informationChapter 15 User Authentication
Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric
More information1. a. Define the properties of a one-way hash function. (6 marks)
1. a. Define the properties of a one-way hash function. (6 marks) A hash function h maps arbitrary length value x to fixed length value y such that: Hard to reverse. Given value y not feasible to find
More informationCS 4803 Computer and Network Security
Many-to-Many Authentication CS 4803 Computer and Network Security s? Servers Alexandra (Sasha) Boldyreva Kerberos How do users prove their identities when requesting services from machines on the network?
More informationComputer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt
Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ MEng. Nguyễn CaoĐạt 1 Lecture 11: Network Security Reference: Chapter 8 - Computer Networks, Andrew S. Tanenbaum, 4th Edition, Prentice
More informationCryptography and network security CNET4523
1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local
More informationOverview. SSL Cryptography Overview CHAPTER 1
CHAPTER 1 Note The information in this chapter applies to both the ACE module and the ACE appliance unless otherwise noted. The features in this chapter apply to IPv4 and IPv6 unless otherwise noted. Secure
More informationAuthentication applications Kerberos X.509 Authentication services E mail security IP security Web security
UNIT 4 SECURITY PRACTICE Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security Slides Courtesy of William Stallings, Cryptography & Network Security,
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationSavitribai Phule Pune University
Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter
More informationAuthentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationCryptography and Network Security
Cryptography and Network Security Fifth Edition by William Stallings Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared
More informationKey Management and Distribution
and Distribution CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 23 January 2011 CSS322Y10S2L12, Steve/Courses/CSS322/Lectures/key.tex,
More informationWhat is network security?
Network security Network Security Srinidhi Varadarajan Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application
More informationMessage authentication and. digital signatures
Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation
More informationCryptography and Network Security Digital Signature
Cryptography and Network Security Digital Signature Xiang-Yang Li Message Authentication Digital Signature Authentication Authentication requirements Authentication functions Mechanisms MAC: message authentication
More informationCS3235 - Computer Security Third topic: Crypto Support Sys
Systems used with cryptography CS3235 - Computer Security Third topic: Crypto Support Systems National University of Singapore School of Computing (Some slides drawn from Lawrie Brown s, with permission)
More informationSECURITY IN NETWORKS
SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,
More informationSymmetric Key cryptosystem
SFWR C03: Computer Networks and Computer Security Mar 8-11 200 Lecturer: Kartik Krishnan Lectures 22-2 Symmetric Key cryptosystem Symmetric encryption, also referred to as conventional encryption or single
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationNetwork Security (2) CPSC 441 Department of Computer Science University of Calgary
Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate
More informationEntrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0
Entrust Managed Services PKI Getting started with digital certificates and Entrust Managed Services PKI Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust
More informationChapter 7 Transport-Level Security
Cryptography and Network Security Chapter 7 Transport-Level Security Lectured by Nguyễn Đức Thái Outline Web Security Issues Security Socket Layer (SSL) Transport Layer Security (TLS) HTTPS Secure Shell
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More information2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application
More informationCSC474/574 - Information Systems Security: Homework1 Solutions Sketch
CSC474/574 - Information Systems Security: Homework1 Solutions Sketch February 20, 2005 1. Consider slide 12 in the handout for topic 2.2. Prove that the decryption process of a one-round Feistel cipher
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More informationTransport Level Security
Transport Level Security Overview Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationContent Teaching Academy at James Madison University
Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect
More informationStandards and Products. Computer Security. Kerberos. Kerberos
3 4 Standards and Products Computer Security Standards and Products Public Key Infrastructure (PKI) IPsec SSL/TLS Electronic Mail Security: PEM, S/MIME, and PGP March 24, 2004 2004, Bryan J. Higgs 1 2
More informationPrinciples of Network Security
he Network Security Model Bob and lice want to communicate securely. rudy (the adversary) has access to the channel. lice channel data, control s Bob Kai Shen data secure sender secure receiver data rudy
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management
More information10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture)
Contents 1 / 55 10.1 Kerberos Kerberos V4 Kerberos V5 10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture) Kerberos V4 / Contents 2 / 55 Kerberos
More informationIntroduction to Cryptography
Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationLukasz Pater CMMS Administrator and Developer
Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign
More informationOverview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security
Overview Windows NT 4.0 Security Cryptography SSL CryptoAPI SSPI, Certificate Server, Authenticode Firewall & Proxy Server IIS Security IE Security Ch 7 - Security 1 Confidentiality and privacy: Protect
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Goals v understand principles of network security: cryptography and its many uses beyond
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More informationLecture 9 - Network Security TDTS41-2006 (ht1)
Lecture 9 - Network Security TDTS41-2006 (ht1) Prof. Dr. Christoph Schuba Linköpings University/IDA Schuba@IDA.LiU.SE Reading: Office hours: [Hal05] 10.1-10.2.3; 10.2.5-10.7.1; 10.8.1 9-10am on Oct. 4+5,
More informationCryptography and Network Security Chapter 10
Cryptography and Network Security Chapter 10 Fifth Edition by William Stallings Lecture slides by Lawrie Brown (with edits by RHB) Chapter 10 Other Public Key Cryptosystems Amongst the tribes of Central
More informationChapter 23. Database Security. Security Issues. Database Security
Chapter 23 Database Security Security Issues Legal and ethical issues Policy issues System-related issues The need to identify multiple security levels 2 Database Security A DBMS typically includes a database
More informationFederated Identity and Single-Sign On
CS 6393 Lecture 5 Federated Identity and Single-Sign On Prof. Ravi Sandhu Executive Director and Endowed Chair February 15, 2013 ravi.sandhu@utsa.edu www.profsandhu.com Ravi Sandhu 1 The Web Today User
More informationProperties of Secure Network Communication
Properties of Secure Network Communication Secrecy: Only the sender and intended receiver should be able to understand the contents of the transmitted message. Because eavesdroppers may intercept the message,
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationOOo Digital Signatures. Malte Timmermann Technical Architect Sun Microsystems GmbH
OOo Digital Signatures Malte Timmermann Technical Architect Sun Microsystems GmbH About the Speaker Technical Architect in OpenOffice.org/StarOffice development OOo/StarOffice developer since 1991/94 Main
More informationEntrust Managed Services PKI
Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.
More informationIT Networks & Security CERT Luncheon Series: Cryptography
IT Networks & Security CERT Luncheon Series: Cryptography Presented by Addam Schroll, IT Security & Privacy Analyst 1 Outline History Terms & Definitions Symmetric and Asymmetric Algorithms Hashing PKI
More informationEXAM questions for the course TTM4135 - Information Security June 2010. Part 1
EXAM questions for the course TTM4135 - Information Security June 2010 Part 1 This part consists of 6 questions all from one common topic. The number of maximal points for every correctly answered question
More information7 Key Management and PKIs
CA4005: CRYPTOGRAPHY AND SECURITY PROTOCOLS 1 7 Key Management and PKIs 7.1 Key Management Key Management For any use of cryptography, keys must be handled correctly. Symmetric keys must be kept secret.
More informationChapter 6 CDMA/802.11i
Chapter 6 CDMA/802.11i IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Some material copyright 1996-2012 J.F Kurose and K.W. Ross,
More informationNotes on Network Security Prof. Hemant K. Soni
Chapter 9 Public Key Cryptography and RSA Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications
More informationPublic Key Cryptography Overview
Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic
More information7! Cryptographic Techniques! A Brief Introduction
7! Cryptographic Techniques! A Brief Introduction 7.1! Introduction to Cryptography! 7.2! Symmetric Encryption! 7.3! Asymmetric (Public-Key) Encryption! 7.4! Digital Signatures! 7.5! Public Key Infrastructures
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationChapter 16: Authentication in Distributed System
Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal
More informationNetwork Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室
Network Security 孫 宏 民 hmsun@cs.nthu.edu.tw Phone: 03-5742968 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室 Security Attacks Normal flow: sender receiver Interruption: Information source Information destination
More informationSYSTEM MODEL KERBEROS OBJECTIVES PHYSICAL SECURITY TRUST: CONSOLIDATED KERBEROS MODEL TRUST: BILATERAL RHOSTS MODEL
INFS 766 Internet Security Protocols Lecture 9 WORK- STATIONS SYSTEM MODEL NETWORK SERVERS NFS GOPHER Prof. Ravi Sandhu LIBRARY KERBEROS 2 PHYSICAL SECURITY KERBEROS OBJECTIVES CLIENT WORKSTATIONS None,
More informationAn Efficient Online Data Storage in Cloud using Kerberos
Proc. of Int. Conf. on Advances in Communication, Network, and Computing, CNC An Efficient Online Data Storage in Cloud using Kerberos 1 R.Jeena and 2 Dr.S.Saravana Kumar 1 Research Scholar, Department
More informationSSL/TLS: The Ugly Truth
SSL/TLS: The Ugly Truth Examining the flaws in SSL/TLS protocols, and the use of certificate authorities. Adrian Hayter CNS Hut 3 Team adrian.hayter@cnsuk.co.uk Contents Introduction to SSL/TLS Cryptography
More informationSBClient SSL. Ehab AbuShmais
SBClient SSL Ehab AbuShmais Agenda SSL Background U2 SSL Support SBClient SSL 2 What Is SSL SSL (Secure Sockets Layer) Provides a secured channel between two communication endpoints Addresses all three
More information