Authentication Types. Password-based Authentication. Off-Line Password Guessing

Size: px
Start display at page:

Download "Authentication Types. Password-based Authentication. Off-Line Password Guessing"

Transcription

1 Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Chapter 5: Security Concepts for Networks 2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Authentication can be the process of reliably verifying the identity of a user, a computer, or both computer and user. Forms of authentication (combinations are possible): password-based address-based cryptographic Page 1 Page 2 Password-based Authentication Off-Line Password Guessing Simple: people log into a computer by typing a user name and a password Problems with using passwords for authentication: The user himself/herself Eavesdroppers might see the password when careless users log in The password might be easy to guess (on-line attack) because users choose passwords they can remember easily Attempts to force users to choose unguessable passwords might render the system so inconvenient that users write down passwords Password management For login, the system has to know the valid passwords they are stored in an own file. An attacker might read the system file with the password information Thus: encrypt stored password information Store hashes of passwords Encrypt the stored passwords Combination: Encrypt a database of hashed passwords But: the password may be cracked by an off-line attack A common approach is to store a hash of the password (as e.g. within UNIX) An attacker can obtain a cryptographic hash of the password through either eavesdropping or reading a database The attacker can guess a password calculating the same hash and comparing it with the stolen value (e.g. Dictionary attack) Approach to slow down an attacker: When choosing a password, the system chooses a random number (salt) The system stores the salt and a hash of the combination of the stored salt and the chosen password userid alice salt value 2758 password hash hash(2758 password ) Page 3 Page 4

2 Address-based Authentication Cryptographic Authentication Protocols Computers are identified by hierarchical IP addresses: Network Possible forms of authentication: Maintain list of network addresses of equivalent machines, i.e., give users who have access to machine X the same access rights for machine Y Problem: user must have identical account names on all systems Extension: store entry: remote address, remote account name, local account name Implementation e.g. in UNIX: /etc/hosts.equiv file contains list of computers that have identical user account assignments.rhosts file in a user s home directory contains a list of tuples computer, account that are granted access to this user s account But: if someone gains privileged access to a node, he can access all users resources on this node. He can also get access to other machines accessable by users of the current node. Subnet Computer Page 5 Cryptographic authentication is much more secure than password-based or addressbased authentication proves her identity to by performing a cryptographic operation on a quantity provided by The cryptographic operation is based on s secret A computer can do cryptographic operations on behalf of its user: The user only has to remember a password The system has to obtain a cryptographic key based on the password by: doing a hash of the password using the password to decrypt a higher-quality key (e.g. DES key, RSA private key) Keys and cryptographic algorithms e.g. can be stored on a smart card (authentication token) Page 6 How to do Secure Authentication? Problems: eavesdropping and server database reading (reading password files) Protocol 1: protect against server database reading by only storing a hash, fiddlesticks But: eavesdropping of s password Knows hash h* of s password Computes hash(fiddlesticks) Compares it with stored value h* Protocol 2: protect against eavesdropping by sending encrypted password Computes X = cryptographic function of her secret and R: X = encr(secr, R) I m But: server database reading of s secret at s machine R X Picks random R Knows s secret, computes same function and compares it to X Authentication with RSA Public key technology protects authentication against eavesdropping and server database reading Widely used: challenge/response Example: authenticates herself to Using her private key priv, performs a cryptographic operation on a value (challenge) R supplied by : I m (in clear text) R (in clear) or publ (R) R signed with s private key priv (R) Knows s public key Picks random R Checks result using s public key publ (priv (R)) = R =? Page 7 Page 8

3 Nonce Important: use the challenge R only once! A nonce is a challenge only used once Use e.g. a random number, a timestamp, The unpredictability of R is important: I m {R R If sequence numbers would be used for R, an attacker needs only to observe R and use R+1 to authenticate with! I m R {R If sequence numbers would be used for R, a man-in-the-middle attacker could send R+1 to and use the response to authenticate with Lamport s Hash Other possibility for authentication: Lamport s Hash One-time password scheme: Allows to authenticate in a way that neither eavesdropping reading s database enables someone to impersonate No need for public key cryptograph Requirements: remembers a password, is a human (the server) has a database; for each user it stores: username n, decremented each time the user authenticates herself hash n (Password), i.e. hash(hash(...(hash(password))...))) use unpredictable numbers! Page 9 Page 10 Lamport s Hash - Initialization Lamport s Hash - Authentication, password s Workstation x n =hash n (password), n Database x n =hash n (password), n, password s Workstation n x=hash n-1 (password) knows <n,hash n (password)> compare hash(x) to hash n (password) if equal, replace <n, hash n (password)> with <n-1,x> Initialization of a password: chooses a password The workstation of chooses the number n and computes x 1 =hash(password) x 2 =hash(x 1 ),..., x n =hash(x n-1 )=hash n (password) and sends it to together with n Authentication of a user: enters her username and password Her workstation sends the name to which returns n The workstation computes hash n-1 (password) and sends the result to takes the received value, hashes it once, and compares it with its database In case of a match, considers the response as valid, replaces the stored quantity with the received quantity, and replaces n by n-1 Page 11 Page 12

4 Lamport s Hash Setting up a new password: Ifn = 1 needs to set her password again In many situations it is sufficient to choose a new password, compute hash n (new password), and transmit hash n (new password) and n to An enhancement is to add a salt value to the password, with the same advantages as in password storage like e.g. in UNIX Another advantage of salt is that will not need to change her password if n = 1 Properties: Similar to public key schemes regarding database reading But: user can only log-in a finite number of times before having to re-install the password at the server Problem: small n attack Small n Attack Worst weakness of Lamport s Hash: Oscar, who is able to impersonate s network address, waits for s log-in When attempts to log in, Oscar returns a small value for n, e.g. 50 When responds with hash 50 (password), Oscar has enough information to impersonate for some time, if the actual value of n at is greater than 50 Two possible solutions: Human and Paper environment: When <n, hash n (password)> is installed at the server, all values of hash i (password) for i < n are computed, encoded into a typeable string, printed on paper, and given to When logs in, she uses the string at the top of the page, crosses that value, and uses the next value the next time Workstation environment: s workstation displays n to the human If remembers approximately what n should be she can at least do a rough probability check on n Page 13 Page 14 Mutual Authentication Reflection Attack Often required: each of both communication partners has to identify the other one (mutual authentication), e.g. with a shared secret: I m { R 2 Improvement, using only 3 instead of 5 messages for authentication: I m, R 2, { But: reflection attack Oscar starts the mutual authentication, but when he receives the challenge from, he cannot proceed further because he cannot encrypt : Oscar opens a second session to and uses as the challenge: Oscar Oscar I m, R 2, I m, R 3, { Oscar cannot continue this session because he cannot encrypt R 3, but he knows {, so he can complete the first session Countermeasures: don t have and do exactly the same thing Different-keys: the key used to authenticate should be different from the key used to authenticate. For example: s key might be - or +1 or Different-challenges: the initiator s challenge must be different from the one of the responder. For example, use R as challenge Page 15 Page 16

5 Password Guessing Bellovin-Merrit Other problem: Oscar can mount an off-line password-guessing attack without need to eavesdrop: Oscar has to send a message to claiming to be will obligingly return the encrypted value Then Oscar has the pair <R, {R> which he can use to check password guesses This weakness can fixed by adding another message, forcing to send an encrypted value first: I m {, R 2 Solution: and do a Diffie-Hellman exchange, but encrypt the values they exchange The Diffie-Hellman key is K = g RA RB mod p Subsequently, they do a standard mutual authentication exchange proving each other that they know K = g RA RB mod p {g RA mod p {g RB mod p K{ 0, K 1 R 2 But still: an attacker listening to the communication can learn <R, {R> pairs, and could try an off-line attack guessing passwords to derive Page 17 Page 18 Mutual Authentication with Public Keys Session Key Establishment I m, B R 2,{ A Mutual authentication can also be done with public key technology, assuming that and know each other s public key. Problems: How does know s public key? How could s workstation obtain s private key when a password is all knows? There are still security vulnerabilities after authentication: After the authentication between and, data integrity checks and/or message encryption is done during communication using secret key cryptography Keys wear out if used a lot. The more encrypted data an attacker has the better his chances of finding the key It might be possible for an intruder to record messages from a previous conversation and inject those packets into a current conversation If the long-term shared secret key were compromised, it would be desirable to prevent an old recorded conversation from being decrypted Keys could be stored by a communication partner for future misuse use a secret per-session key generated at the time of authentication Therefore, authentication protocols usually establish a session key in addition to providing authentication Page 19 Page 20

6 Session Key Establishment with Shared Secret Session Key Establishment with Public Keys Go back to first scheme for mutual authentication: having a shared key Re-use the shared key in a modified way as session key I m { R 2 There are several methods to establish session keys with public keys: chooses a random number R, encrypts it with s public key, and sends {R B to, attached to one of the messages in the authentication exchange An attacker could hijack the conversation by picking his own R, encrypting it with s public key, and sending it to There is sufficient information in this protocol for and to establish a shared session key at this point: For example, they can use ( +1){R. In general: Take the shared secret and modify it in some way, then encrypt the challenge R (here: or R 2 ) using the modified as the key, and use the result as the session key. ( +1){ {message can additionally sign the result. In this case, she sends [{R B ] A to. first has to verify s signature before decrypting R The attacker could record the entire conversation between and. If he can later take over he will be able to decrypt the conversation Additionally, picks and R 2. sends { B to. sends A to. The session key will R 2 An attacker is not able to learn and R 2 only by overtaking or and can do a Diffie-Hellman key establishment exchange, where every partner signs the quantity he is sending Page 21 Page 22 Session Key Establishment with Lamport s Hash Trusted Intermediaries With Lamport s Hash neither side has a public key, and they do not have a shared secret key. Nevertheless, there are several possibilities to establish a shared session key: They can first do the authentication handshake, and then a Diffie-Hellman exchange to establish a session key An attacker could hijack the conversation after the initial authentication and before the Diffie-Hellman exchange They can do a Diffie-Hellman exchange first, and then do the authentication handshake as part of a conversation protected with the Diffie-Hellman key An attacker could do a bucket-brigade attack, establishing a separate Diffie-Hellman key with both and Secret or public key technology seem to be more secure but a general problem remains: how to get a public key of or a shared key with a possible communication partner? Assume that network security is based on secret key technology Consider a large network with n nodes. Each computer may need to authenticate each other computer each computer needs to know n-1 keys Adding a new node would cause generation of n keys, as the new node needs to have a shared secret with each other node The keys would have to be securely (i.e. encrypted) distributed to all the other nodes e.g. by public key schemes Possibilities Key Distribution Center (KDC) for secret keys Certification Authorities (CAs) for public key schemes Multiple Trusted Intermediaries extended (mesh) structure if the networks (and thus the KDCs/CAs) become too large Page 23 Page 24

7 KDC Key Distribution Center (KDC) The KDC holds a database with keys for all nodes A new node registers with the KDC; any node registered with the KDC can securely communicate with it (authentication + encryption) Nodes ask for a temporary key (ticket) if they want to communicate with each other KDC Variant On the following slides: = K - K A = K KDC- K B = K KDC- [, K KDC- {Key for?] K KDC- {K - ticket K KDC- {K - wants K A {use for ticket to = K B {use for KDC I am, ticket = K B {use for [, K - {message] Disadvantages of KDCs: KDC has enough information to impersonate all nodes and users (vulnerability) KDC is a single point of failure - if it goes down, nobody can use anything on the network KDC might be a performance bottleneck for large number of users Page 25 KDC operation in practice (improvement of the previous protocol): The KDC gives the information it would have sent to (the ticket) The ticket holds information that will allow to access This prevents e.g. problems with message runtimes, if connection attempt comes to early for to have received the shared key from KDC Page 26 Needham-Schroeder Security of Needham-Schroeder The Needham-Schroeder protocol is a classic KDC authentication protocol (e.g. used by Kerberos): N 1, wants K A {N 1,,, ticket to where ticket to = K B {, ticket, {N 2 {N 2-1, N 3 {N 3-1 KDC Nonce N 1 is used to prove that is really talking to the KDC, not to an attacker who had listened to a KDC answer before and replies to with this answer The string is filled in to avoid that an attacker Oscar has intercepted message 1 and substituted with Oscar, to make the KDC generating a key between and Oscar (and sending back this key to who thinks to have a key with ) Nonce N 2 is sent to along with the ticket, and only someone being able to decrypt s ticket is able to decrypt N 2 proves to be himself answering with N 2-1 because N 2 only can be decrypted by him. Additionally, nonce N 3 is sent as challenge for authentication by authenticates with by sending back a modified nonce N 3 Page 27 Page 28

8 Needham-Schroeder Enhancement I want to talk you K B {N B N 1, wants, K B {N B K A {N 1,,, ticket to where ticket to = K B {,, N B ticket, {N 2 {N 2-1, N 3 {N 3-1 Fix a security hole: If an attacker finds out s key he can claim to be and obtain from the KDC a shared key with, and a ticket to, The problem with the original protocol is that the ticket to remains valid even if changes her key The additional nonce N B proves for that the key was newly generated KDC Page 29 Certification Authorities (CAs) Key distribution is easier with public key cryptography: Each node knows its own private key, and the public keys can be obtained from a central entity Problem: How to be sure that the public key information is correct? Solution: Establish a trusted node, a Certification Authority (CA), to generate certificates Certificates consist of a public key, a name () and a signature of a CA: [, privca(publ)] CAs are the public key equivalent of KDCs Page 30 Certification Authorities (CAs) Advantages of CAs (compared to KDCs) The CA does not need to be on-line, key exchange may be done by e.g. smart cards Since the CA does not have to be on-line, a comparably simple device can be employed If the CA crashes, the network is still usable, but the installation of new user is impossible One cannot write bogus certificates as only the CA generate signatures A corrupt CA cannot decrypt conversations Disadvantages of CAs Once a certificate has been issued it is difficult to revoke it if the CA is not online As a first solution, a certificate is valid only for a specified time Better solution (similar to credit cards): Publish a list of all revoked certificates Certificate Revocation List (CRL) The CRLs will be distributed periodically A certificate is valid if it has a valid CA signature and is not listed on the CRL Page 31

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application

More information

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)

More information

Authentication. Readings. Chapters 9, 10 Sections

Authentication. Readings. Chapters 9, 10 Sections Authentication Readings Chapters 9, 10 Sections 11.1-11.3 1 Authentication: Who and How User (human) can be authenticated logging into a workstation using resources of a system issues: humans find it difficult

More information

Authentication Protocols

Authentication Protocols Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Network Security, C. Kaufman, R. Perlman, M. Speciner, Second Edition, Addison-Wesley,

More information

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn. CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management

More information

Chapter 16: Authentication in Distributed System

Chapter 16: Authentication in Distributed System Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal

More information

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity

CSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics

More information

Module 7 Security CS655! 7-1!

Module 7 Security CS655! 7-1! Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed

More information

Key Management and Distribution

Key Management and Distribution and Distribution CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 23 January 2011 CSS322Y10S2L12, Steve/Courses/CSS322/Lectures/key.tex,

More information

Alternative: Strong password Protocols

Alternative: Strong password Protocols Using Passwords send pwd, compare against h(pwd) send h(pwd), compare against h(pwd) send h(pwd), compare against h(h(pwd)) use h(pwd) as secret in challenge/response, server stores h(pwd). Why not h(h(pwd))?

More information

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

KERBEROS. Kerberos Authentication Service

KERBEROS. Kerberos Authentication Service KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed

More information

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1 KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data

More information

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT

: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference

More information

TOPIC HIERARCHY. Distributed Environment. Security. Kerberos

TOPIC HIERARCHY. Distributed Environment. Security. Kerberos KERBEROS TOPIC HIERARCHY Distributed Environment Security Privacy Authentication Authorization Non Repudiation Kerberos ORIGIN MIT developed Kerberos to protect network services. Developed under the Project

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Using etoken for SSL Web Authentication. SSL V3.0 Overview Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents

More information

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)

Connected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure) Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.

More information

ARCHIVED PUBLICATION

ARCHIVED PUBLICATION ARCHIVED PUBLICATION The attached publication, NIST Special Publication 800-63 Version 1.0.2 (dated April 2006), has been superseded and is provided here only for historical purposes. For the most current

More information

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication

More information

4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme

4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.2:

More information

CS 4803 Computer and Network Security

CS 4803 Computer and Network Security Many-to-Many Authentication CS 4803 Computer and Network Security s? Servers Alexandra (Sasha) Boldyreva Kerberos How do users prove their identities when requesting services from machines on the network?

More information

Hooks could have been left around for the imposter to regain control. A.Arpaci-Dusseau. Remove all files from disk and reinstall all software

Hooks could have been left around for the imposter to regain control. A.Arpaci-Dusseau. Remove all files from disk and reinstall all software UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 A. Arpaci-Dusseau Intro to Operating Systems Spring 2000 Security Solutions and Encryption Questions answered in these notes: How does

More information

CS 494/594 Computer and Network Security

CS 494/594 Computer and Network Security CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Exercise: Chapters 13, 15-18 18 1. [Kaufman] 13.1

More information

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Chapter 15 Key Management Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Symmetric-key Distribution Symmetric-key cryptography is more efficient than asymmetric-key

More information

CS 392/681 - Computer Security

CS 392/681 - Computer Security CS 392/681 - Computer Security Module 3 Key Exchange Algorithms Nasir Memon Polytechnic University Course Issues HW 3 assigned. Any lab or course issues? Midterm in three weeks. 8/30/04 Module 3 - Key

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

TELE 301 Network Management. Lecture 18: Network Security

TELE 301 Network Management. Lecture 18: Network Security TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not

More information

Introduction to Network Security Key Management and Distribution

Introduction to Network Security Key Management and Distribution Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015

More information

8 Key Exchange and Authentication Protocols

8 Key Exchange and Authentication Protocols C547: CRYPTOGRPHY ND SECURITY PROTOCOLS 1 8 Key Exchange and uthentication Protocols 8.1 Introduction Introduction In this section, we are going to explore protocols that solve two general problems: Entity

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution

More information

Elements of Applied Cryptography. Key Distribution. Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack

Elements of Applied Cryptography. Key Distribution. Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack Elements of Applied Cryptography Key Distribution Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack Point-to-point key establishment Alice Bob Each pair of users must share

More information

Authentication Applications

Authentication Applications Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key

More information

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems

The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems

More information

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if

More information

1. a. Define the properties of a one-way hash function. (6 marks)

1. a. Define the properties of a one-way hash function. (6 marks) 1. a. Define the properties of a one-way hash function. (6 marks) A hash function h maps arbitrary length value x to fixed length value y such that: Hard to reverse. Given value y not feasible to find

More information

SSL Protect your users, start with yourself

SSL Protect your users, start with yourself SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Take-home points. Distributed Systems Security II. Remember digital signatures. Today: Auth protocols 15-440

Take-home points. Distributed Systems Security II. Remember digital signatures. Today: Auth protocols 15-440 Distributed Systems Security II 5-440 Take-home points What does using public-key for our authentication buy us? Compare kerberos (needham-schroeder) and SSL with a certificate authority Metrics: Scaling,

More information

CSCI 454/554 Computer and Network Security. Final Exam Review

CSCI 454/554 Computer and Network Security. Final Exam Review CSCI 454/554 Computer and Network Security Final Exam Review Topics covered by Final Topic before Midterm 20% Topic after Midterm 80% Date: 05/13/2015 9:00am noon Place: the same classroom Open book/notes

More information

Authentication Applications

Authentication Applications Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos a private-key authentication service

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Kerberos. Login via Password. Keys in Kerberos

Kerberos. Login via Password. Keys in Kerberos Kerberos Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on

More information

Name: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35.

Name: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35. Name: 1 CSE331: Introduction to Networks and Security Final Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35 Total /135 Do not begin the exam until you are told to do so. You

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

CS 161 Computer Security

CS 161 Computer Security Song Spring 2015 CS 161 Computer Security Discussion 11 April 7 & April 8, 2015 Question 1 RSA (10 min) (a) Describe how to find a pair of public key and private key for RSA encryption system. Find two

More information

Application Layer (1)

Application Layer (1) Application Layer (1) Functionality: providing applications (e-mail, www, USENET etc) providing support protocols to allow the real applications to function properly security comprising a large number

More information

Cryptography and Network Security Chapter 14

Cryptography and Network Security Chapter 14 Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture

More information

Chapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption

Chapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption Chapter 14. Key management and Distribution Symmetric Key Distribution Using Symmetric Encryption For symmetric encryption to work, the two parties to an exchange must share the same key, and that key

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1 Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication

More information

Q: Why security protocols?

Q: Why security protocols? Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:

More information

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 19 th November 2014 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously

More information

Secure Remote Password (SRP) Authentication

Secure Remote Password (SRP) Authentication Secure Remote Password (SRP) Authentication Tom Wu Stanford University tjw@cs.stanford.edu Authentication in General What you are Fingerprints, retinal scans, voiceprints What you have Token cards, smart

More information

Dr. Arjan Durresi. Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/

Dr. Arjan Durresi. Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/ Set of Problems 2 Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/ Louisiana State University

More information

Cryptographic Key Infrastructure

Cryptographic Key Infrastructure Cryptographic Key Infrastructure Goal: bind identity to key Classical: not possible as all keys are shared Use protocols to agree on a shared key (see earlier) Public key: bind identity to public key Crucial

More information

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption

More information

10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture)

10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture) Contents 1 / 55 10.1 Kerberos Kerberos V4 Kerberos V5 10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture) Kerberos V4 / Contents 2 / 55 Kerberos

More information

Cryptography and network security CNET4523

Cryptography and network security CNET4523 1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

More information

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 12 Applying Cryptography Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used

More information

Single Sign-On Secure Authentication Password Mechanism

Single Sign-On Secure Authentication Password Mechanism Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,

More information

TELE 301 Network Management. Lecture 16: Remote Terminal Services

TELE 301 Network Management. Lecture 16: Remote Terminal Services TELE 301 Network Management Lecture 16: Remote Terminal Services Haibo Zhang Computer Science, University of Otago TELE301 Lecture 16: Remote Terminal Services 1 Today s Focus Remote Terminal Services

More information

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

SSH. Partly a tool, partly an application Features:

SSH. Partly a tool, partly an application Features: SSH 1 Secure Shell: SSH Partly a tool, partly an application Features: Encrypted login and shell connections Easy, drop-in replacements for rlogin, rsh, rcp Multiple means of authentication Interesting

More information

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010 Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

Authentication. Steven M. Bellovin September 27,

Authentication. Steven M. Bellovin September 27, Authentication Steven M. Bellovin September 27, 2010 1 Authentication Another trilogy: identification, authentication, authorization ACLs and the like are forms of authorization: what you re allowed to

More information

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust

12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or

More information

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder

More information

Security vulnerabilities in the Internet and possible solutions

Security vulnerabilities in the Internet and possible solutions Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete

More information

Secure Shell: SSH 1 / 43. Secure Shell: SSH. Secure Shell: SSH

Secure Shell: SSH 1 / 43. Secure Shell: SSH. Secure Shell: SSH Features of SSH Simple Login Sequence The Server s Two Keys Authenticating the Server Sample Initial Login An Attack? What is the Security Guarantee? What Should Users Do? A List of Ciphers 1 / 43 Features

More information

Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

IDRBT Working Paper No. 11 Authentication factors for Internet banking

IDRBT Working Paper No. 11 Authentication factors for Internet banking IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased

More information

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What

More information

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https

More information

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006 CSE331: Introduction to Networks and Security Lecture 29 Fall 2006 Announcements Project 3 is due Today Can submit electronically (mail savi@seas) By midnight Project 4 will be on the web this afternoon

More information

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631 Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.

More information

Wireless Encryption Protection

Wireless Encryption Protection Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost

More information

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to

More information

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions May 3, 2004 TABLE OF CONTENTS GENERAL PKI QUESTIONS... 1 1. What is PKI?...1 2. What functionality is provided by a

More information

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology

Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology FREDRIK ANDERSSON Department of Computer Science and Engineering CHALMERS UNIVERSITY

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1 PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority

More information