Cryptography and Network Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Cryptography and Network Security"

Transcription

1 Cryptography and Network Security Spring Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1

2 Overview of the course I. CRYPTOGRAPHY Secret-key cryptography Classical encryption techniques DES, AES, RC5, RC4 Public-key cryptography RSA Key management II. AUTHENTICATION MAC Hashes and message digests Digital signatures Kerberos III. NETWORK SECURITY security IP security Web security (SSL, secure electronic transactions) Firewalls Wireless security IV. OTHER ISSUES Viruses Digital cash Secret sharing schemes Zero-knowledge techniques 2

3 Topics today In a confidential communication the authenticity needs to be carefully established for: The two partners Before sending any confidential information one needs to be sure to whom it sends that information: authentication protocols The messages received by each partner One needs to be sure that the message received has not been modified it coincides with the sent message: message authentication If the two partners do not quite trust each other, they need to make sure that the sender cannot later deny having sent the message and the receiver cannot have devised the message himself: digital signatures 3

4 I. Authentication protocols Such protocols enable communicating parties to satisfy themselves mutually about each other s identity and possibly, to exchange session keys Two central problems here: confidentiality and timeliness Essential identification information and the session keys must be communicated in encrypted form Because of the threat of replay, timeliness is essential here Replays could allow the attacker to get a session key or to impersonate another party At minimum, the attacker could disrupt operations by presenting parties with messages that appear genuine but are not aims at a denial of service attack Two approaches are generally used to defend replay attacks Timestamps: A accepts a message as fresh only if it contains a timestamp that, in A s judgment, is close enough to A s knowledge of current time clocks need to be synchronized Challenge/response: A, expecting a fresh message from B, first sends B a random number (challenge) and requires that the subsequent message (response) received from B contains that random number or some agree-upon transformation on it (this is also called hand-shaking sometimes) 4

5 Authentication protocols and setting up secret keys A. Direct authentication 1. Based on a shared secret master key 2. Based on a public-key system 3. Diffie-Hellman B. Mediated authentication 1. Based on key distribution centers 2. Otway-Rees 3. Kerberos 5

6 A1. Direct authentication based on a shared secret key Assume here that A and B already share a secret key this is called sometimes the master key MK because the two will only use this rarely, whenever they need to authenticate each other and establish a session key Master keys will only be used to establish session keys Concentrate here on how to establish session keys Protocol A issues a requests to B for a session key and includes a nonce N 1 B responds with a message encrypted using the shared master key include there the session key he selects, A s id, a value f(n 1 ) (say the successor of N 1 ) and another nonce N 2 At this point, A is sure of B s identity: only he knows the master key; B is not sure of anything yet A knows that the message is fresh: B sends a transformation on N 1 Using the new session key, A return f(n 2 ) to B B is sure of A s identity: only A can read the message he sent, including the session key B knows that the message is fresh: A sends a transformation on N 2 6

7 A2. A general scheme of public-key authentication (and distribution of secret keys) Assume here that A and B know each other s public key (through a protocol such as those in Lecture 8) N 1 and N 2 in the scheme are random numbers they ensure the authenticity of A and B (because only they can decrypt the messages and read N 1 and N 2 ) After Step 2, A is sure of B s identity: right response to its challenge After Step 3, B is sure of A s identity: right response to its challenge 7

8 A3. A concrete scheme: Diffie-Hellman key exchange This is the first ever published public-key algorithm used in a number of commercial products Elegant idea: establish a secret key based on each other s public keys Protocol Alice and Bob need to agree on two large numbers n,g, where n is prime, (n-1)/2 is also prime and some extra conditions are satisfied by g (to defeat math attacks) these numbers may be public so Alice could generate this on her own Alice picks a large (say, 512-bit) number x and B picks another one, say y Alice initiates the key exchange protocol by sending Bob a message containing (n,g,g x mod n) Bob sends Alice a message containing g y mod n Alice raises the number Bob sent her to the x-th power mod n to get the secret key: (g y mod n) x mod n=g xy mod n Bob raises the number Alice sent to the y-th power modulo n to get the secret key: (g x mod n) y mod n=g xy mod n 8

9 Diffie-Hellman key exchange: an attack Security of the protocol: Eve has seen both messages A and B have changed given g,n, and g x mod n, she must find x In math terms, she needs to compute a discrete logarithm Computing discrete logarithms is thought to be infeasible Is this enough to secure the protocol? Man-in-the-middle attack Eve intercepts all communications between A and B she will impersonate A in communications with B and will impersonate B in communications with A; E may forward a modified message to A and B A and B will never know that they are both actually talking to E Attack can be defeated using signatures both A and B will sign their messages with their private keys 9

10 Second approach to authentication B. Mediated authentication 1. Based on key distribution centers 2. Otway-Rees 3. Kerberos 10

11 B1. Authentication using key distribution centers (KDC) Setting up a shared key was fairly involved with the previous approaches and perhaps not quite worth doing ( sour grape attack ) Each user has to maintain a secret key (perhaps on some plastic card) for each of his friends this may be a problem for popular people Different approach: have a trusted key distribution center (KDC) Each user maintains one single secret key the one to communicate with KDC Authentication and all communications go through KDC Alice picks K s and tells KDC that she wants to talk to Bob using K s A uses secret key K A used only to communicate with KDC KDC decrypts the message and sends K s to Bob together with Alice s id KDC uses key K B used only to communicate with B Authentication here is for free key K A is only known to A and KDC 11

12 Replay attack to the KDC-based protocol Say Eve manages to get a job with Alice and after doing the job, she asks Alice to pay her by bank transfer Alice establishes a secret key with the banker Bob and then sends Bob a message requesting money to be transferred to Eve s account Eve however is back to her old business, snooping on the network she copies message 2 in the protocol and the request for money that follows Later Eve replays both messages to Bob Bob will think that Alice has hired again Eve and pays Eve the money Eve is able to do many iterations of the procedure replay attack Solution 1: include a timestamp with the message any old message will be discarded Problem: clocks are not always exactly synchronized so there will be a period when the message is still valid Solution 2: include a nonce (random number) with the message Problem: the nonces have to be remembered forever and any old one is discarded 12

13 B2. A stronger version of the KDC-based protocol (Otway-Rees protocol) In the figure below, R, R A are random numbers generated by A, R B is a random number generated by B, K A and K B are as before the keys of A and B to communicate with KDC R is for KDC to check the integrity KDC has to see R in both messages encrypted with KA and KB; if so, KDC generates the secret key and sends it to both A and B R A and R B are for A and B to make sure the secret key comes from KDC Resistant to replay attack: in such a case A and B will get keys they did not ask for or messages that do not match the random numbers they sent 13

14 B3. Authentication using Kerberos Kerberos is an authentication protocol used in many systems, including Windows 2000 and later versions, using the KDC-based approach Kerberos was the name of a multi-headed dog in Greek mythology that used to guard the entrance to Hades Designed at MIT to allow workstation users to access network resources securely As such, it relies on the assumption that all locks are fairly well synchronized Kerberos v4 is the most widely used version the one we discuss here Includes three servers that communicate with Alice (at the workstation) Authentication server (AS) verifies the user during login It shares a secret password with each user (plays the role of the KDC) Ticket-granting server (TGS) issues proof of identity tickets Tickets will be used by the user to perform various jobs Bob the server does the work Alice needs to do, based on the identity ticket Based on the identity ticket will grant Alice the right she is entitled to 14

15 Authentication using Kerberos 1. A sits down at an arbitrary public workstation and types her name Workstation sends her name to the AS in plaintext 2. AS sends back a session key K S and a ticket K TGS (A,K S ) for TGS both encrypted with A s secret key At this point the workstation asks for A s password Password is used to generate the secret key and decrypt the message, obtaining the ticket for TGS Password is overwritten immediately to make sure it stays inside just for a few milliseconds, it never leaves the workstation; without the password Eve cannot get the ticket for TGS 15

16 Authentication using Kerberos A tells the workstation she needs to contact the file server Bob 3. Workstation sends a message to TGS asking for a ticket to use Bob Key element here is the ticket for TGS received from AS this proves to TGS that the sender is really A 4. TGS creates and sends back a session key K AB for A to use with B TGS sends a message encrypted with K S so that A can read and get K AB TGS also includes a message intended only for Bob, sending A s identity and the key K AB If Eve replays message 3 she will be foiled by the timestamp t Even if she replays the message quickly she will only get a copy of message 4 that she cannot read 16

17 Authentication using Kerberos 5. Alice can now communicate with Bob using K AB 6. Bob confirms he has received the request and is ready to do the work Multiple realms can be accommodated in Kerberos, each with its own AS and TGS To get a ticket for a distant server B, Alice asks her own TGS for a ticket accepted by the distant TGS She will go through the same protocol with the distant servers The users of the two realms must trust each other s TGS 17

18 II. Digital signatures Having a sort of digital signature replacing handwritten signatures is essential in the cyber-world This is crucial between two parties who do not trust each other and need protection from each other s later false claims Requirements for a digital signature Examples: Must authenticate the content of the message at the time of the signature Must authenticate the author, date, and time of the signature Receiver can verify the claimed identity of the sender Sender cannot later repudiate the content of the message Receiver cannot possibly have concocted the message himself Can be verified by third-parties to resolve disputes The bank needs to verify the identity of the client placing a transfer order The client cannot deny later having sent that order It is impossible for the bank to create transfer orders and claim they actually came from the client 18

19 Digital signatures Computational requirements Must be a bit pattern depending on the message being signed Signature must use some information unique to the sender to prevent forgery and denial Computationally easy to produce a signature Computationally easy to recognize and verify the signature Computationally infeasible to forge a digital signature either by constructing a new message for an existing digital signature or by constructing a fraudulent digital signature for a given message Practical to retain a copy of the digital signature in storage Two general schemes for digital signatures Direct Arbitrated 19

20 Arbitrated digital signatures Every signed message from A to B goes to an arbiter BB (Big Brother) that everybody trusts BB checks the signature and the timestamp, origin, content, etc. BB dates the message and sends it to B with an indication that it has been verified and it is legitimate 20

21 Arbitrated digital signatures E.g., every user shares a secret key with the arbiter A sends to BB in an encrypted form the plaintext P together with B s id, a timestamp and a random number R A BB decrypts the message and thus makes sure it comes from A; it also checks the timestamp to protect against replays BB then sends B the message P, A s id, the timestamp and the random number R A ; he also sends a message encrypted with his own private key (that nobody knows) containing A s id, timestamp t and the plaintext P (or a hash) B cannot check the signature but trusts it because it comes from BB he knows that because the entire communication was encrypted with K B B will not accept old messages or messages containing the same R A to protect against replay In case of dispute, B will show the signature he got from BB (only BB may have produced it) and BB will decrypt it 21

22 Direct digital signatures This involves only the communicating parties and it is based on public keys The sender knows the public key of the receiver Digital signature: encrypt the entire message (or just a hash code of the message) with the sender s private key If confidentiality is required: apply the receiver s public key or encrypt using a shared secret key In case of a dispute, the receiver B will produce the plaintext P and the signature E(KR A, P) the judge will apply KU A and decrypt P and check the match: B does not know KRA and cannot have produced the signature himself 22

23 Direct digital signatures Weaknesses: The scheme only works as long as KR A remains secret: if it is disclosed (or A discloses it herself), then the argument of the judge does not hold: anybody can produce the signature Attack: to deny the signature right after signing, simply claim that the private key has been lost similar to claims of credit card misuse If A changes her public-private keys (she can do that often) the judge will apply the wrong public key to check the signature Attack: to deny the signature change your public-private key pair this should not work if a PKI is used because they may keep trace of old public keys A should protect her private key even after she changes the key Attack: Eve could get hold of an old private key and sign a document with an old timestamp 23

24 Digital signature standard Any public-key systems may be used the industry de facto choice is RSA The proposed standard (1991) is the Digital Signature Standard (DSS) based on ElGamal (a public-key system) Latest update as a standard in 2009 ElGamal is based on discrete logarithms Immediate complains: Too secret NSA was involved in developing the protocol for using ElGamal in DSS Too slow 10 to 40 times slower than RSA-based signatures Too new ElGamal had not yet been thoroughly analyzed Too insecure only 512-bit key (subsequently 1024-bit keys adopted) 24

25 DSS approach 25

26 DSS The message M is first subjected to a hash function (to compress it) The hash code and a random number k are provided as input to the signature function Signature function depends on the sender s private key KR a and a public key KU G known to several users The result is a signature with 2 components r,s 26

27 Digital Signature Algorithm (not required in the exam) 27

Key Management (Distribution and Certification) (1)

Key Management (Distribution and Certification) (1) Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem

More information

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1 Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication

More information

Authentication requirement Authentication function MAC Hash function Security of

Authentication requirement Authentication function MAC Hash function Security of UNIT 3 AUTHENTICATION Authentication requirement Authentication function MAC Hash function Security of hash function and MAC SHA HMAC CMAC Digital signature and authentication protocols DSS Slides Courtesy

More information

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application

More information

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Module 8. Network Security. Version 2 CSE IIT, Kharagpur Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication

More information

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Authentication Types. Password-based Authentication. Off-Line Password Guessing Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:

More information

Application Layer (1)

Application Layer (1) Application Layer (1) Functionality: providing applications (e-mail, www, USENET etc) providing support protocols to allow the real applications to function properly security comprising a large number

More information

Client Server Registration Protocol

Client Server Registration Protocol Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are

More information

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Network Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23 Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest

More information

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead

More information

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket IT 4823 Information Security Administration Public Key Encryption Revisited April 5 Notice: This session is being recorded. Lecture slides prepared by Dr Lawrie Brown for Computer Security: Principles

More information

CSCE 465 Computer & Network Security

CSCE 465 Computer & Network Security CSCE 465 Computer & Network Security Instructor: Dr. Guofei Gu http://courses.cse.tamu.edu/guofei/csce465/ Public Key Cryptogrophy 1 Roadmap Introduction RSA Diffie-Hellman Key Exchange Public key and

More information

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete

More information

Chapter 16: Authentication in Distributed System

Chapter 16: Authentication in Distributed System Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal

More information

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on

More information

TOPIC HIERARCHY. Distributed Environment. Security. Kerberos

TOPIC HIERARCHY. Distributed Environment. Security. Kerberos KERBEROS TOPIC HIERARCHY Distributed Environment Security Privacy Authentication Authorization Non Repudiation Kerberos ORIGIN MIT developed Kerberos to protect network services. Developed under the Project

More information

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols

Chapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security

More information

KERBEROS. Kerberos Authentication Service

KERBEROS. Kerberos Authentication Service KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed

More information

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay

CS 348: Computer Networks. - Security; 30 th - 31 st Oct 2012. Instructor: Sridhar Iyer IIT Bombay CS 348: Computer Networks - Security; 30 th - 31 st Oct 2012 Instructor: Sridhar Iyer IIT Bombay Network security Security Plan (RFC 2196) Identify assets Determine threats Perform risk analysis Implement

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 1: Introduction Ion Petre Department of IT, Åbo Akademi University January 10, 2012 1 Motto Unfortunately, the technical

More information

Public Key (asymmetric) Cryptography

Public Key (asymmetric) Cryptography Public-Key Cryptography UNIVERSITA DEGLI STUDI DI PARMA Dipartimento di Ingegneria dell Informazione Public Key (asymmetric) Cryptography Luca Veltri (mail.to: luca.veltri@unipr.it) Course of Network Security,

More information

Elements of Applied Cryptography. Key Distribution. Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack

Elements of Applied Cryptography. Key Distribution. Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack Elements of Applied Cryptography Key Distribution Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack Point-to-point key establishment Alice Bob Each pair of users must share

More information

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1 Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret

More information

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash

More information

Midterm Exam Solutions CS161 Computer Security, Spring 2008

Midterm Exam Solutions CS161 Computer Security, Spring 2008 Midterm Exam Solutions CS161 Computer Security, Spring 2008 1. To encrypt a series of plaintext blocks p 1, p 2,... p n using a block cipher E operating in electronic code book (ECB) mode, each ciphertext

More information

Cryptography and Network Security Digital Signature

Cryptography and Network Security Digital Signature Cryptography and Network Security Digital Signature Xiang-Yang Li Message Authentication Digital Signature Authentication Authentication requirements Authentication functions Mechanisms MAC: message authentication

More information

Chapter 10. Network Security

Chapter 10. Network Security Chapter 10 Network Security 10.1. Chapter 10: Outline 10.1 INTRODUCTION 10.2 CONFIDENTIALITY 10.3 OTHER ASPECTS OF SECURITY 10.4 INTERNET SECURITY 10.5 FIREWALLS 10.2 Chapter 10: Objective We introduce

More information

Message authentication and. digital signatures

Message authentication and. digital signatures Message authentication and " Message authentication digital signatures verify that the message is from the right sender, and not modified (incl message sequence) " Digital signatures in addition, non!repudiation

More information

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).

Kerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this

More information

Public Key Cryptography Overview

Public Key Cryptography Overview Ch.20 Public-Key Cryptography and Message Authentication I will talk about it later in this class Final: Wen (5/13) 1630-1830 HOLM 248» give you a sample exam» Mostly similar to homeworks» no electronic

More information

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures

Outline. Computer Science 418. Digital Signatures: Observations. Digital Signatures: Definition. Definition 1 (Digital signature) Digital Signatures Outline Computer Science 418 Digital Signatures Mike Jacobson Department of Computer Science University of Calgary Week 12 1 Digital Signatures 2 Signatures via Public Key Cryptosystems 3 Provable 4 Mike

More information

CS 356 Lecture 28 Internet Authentication. Spring 2013

CS 356 Lecture 28 Internet Authentication. Spring 2013 CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Chapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All

More information

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory

Chapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution

More information

Lecture 9: Application of Cryptography

Lecture 9: Application of Cryptography Lecture topics Cryptography basics Using SSL to secure communication links in J2EE programs Programmatic use of cryptography in Java Cryptography basics Encryption Transformation of data into a form that

More information

Chapter 8. Network Security

Chapter 8. Network Security Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who

More information

SYSTEM MODEL KERBEROS OBJECTIVES PHYSICAL SECURITY TRUST: CONSOLIDATED KERBEROS MODEL TRUST: BILATERAL RHOSTS MODEL

SYSTEM MODEL KERBEROS OBJECTIVES PHYSICAL SECURITY TRUST: CONSOLIDATED KERBEROS MODEL TRUST: BILATERAL RHOSTS MODEL INFS 766 Internet Security Protocols Lecture 9 WORK- STATIONS SYSTEM MODEL NETWORK SERVERS NFS GOPHER Prof. Ravi Sandhu LIBRARY KERBEROS 2 PHYSICAL SECURITY KERBEROS OBJECTIVES CLIENT WORKSTATIONS None,

More information

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext

Part 2 D(E(M, K),K ) E(M, K) E(M, K) Plaintext M. Plaintext M. Decrypt with private key. Encrypt with public key. Ciphertext Part 2 Plaintext M Encrypt with public key E(M, K) Ciphertext Plaintext M D(E(M, K),K ) Decrypt with private key E(M, K) Public and private key related mathematically Public key can be published; private

More information

CS 758: Cryptography / Network Security

CS 758: Cryptography / Network Security CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html

More information

Overview of Public-Key Cryptography

Overview of Public-Key Cryptography CS 361S Overview of Public-Key Cryptography Vitaly Shmatikov slide 1 Reading Assignment Kaufman 6.1-6 slide 2 Public-Key Cryptography public key public key? private key Alice Bob Given: Everybody knows

More information

Authentication Application

Authentication Application Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be

More information

CS 4803 Computer and Network Security

CS 4803 Computer and Network Security Many-to-Many Authentication CS 4803 Computer and Network Security s? Servers Alexandra (Sasha) Boldyreva Kerberos How do users prove their identities when requesting services from machines on the network?

More information

Introduction to Computer Security

Introduction to Computer Security Introduction to Computer Security Hash Functions and Digital Signatures Pavel Laskov Wilhelm Schickard Institute for Computer Science Integrity objective in a wide sense Reliability Transmission errors

More information

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Security. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1 Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions

More information

Network Security Protocols

Network Security Protocols Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination

More information

Chapter 7: Network security

Chapter 7: Network security Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport

More information

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006 CSE331: Introduction to Networks and Security Lecture 29 Fall 2006 Announcements Project 3 is due Today Can submit electronically (mail savi@seas) By midnight Project 4 will be on the web this afternoon

More information

SECURITY IN NETWORKS

SECURITY IN NETWORKS SECURITY IN NETWORKS GOALS Understand principles of network security: Cryptography and its many uses beyond confidentiality Authentication Message integrity Security in practice: Security in application,

More information

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier http://asecuritysite.com @billatnapier Introduction. Encryption: Public/Private Key. Key Exchange. Authentication.

More information

Digital Signatures. Good properties of hand-written signatures:

Digital Signatures. Good properties of hand-written signatures: Digital Signatures Good properties of hand-written signatures: 1. Signature is authentic. 2. Signature is unforgeable. 3. Signature is not reusable (it is a part of the document) 4. Signed document is

More information

Is your data safe out there? -A white Paper on Online Security

Is your data safe out there? -A white Paper on Online Security Is your data safe out there? -A white Paper on Online Security Introduction: People should be concerned of sending critical data over the internet, because the internet is a whole new world that connects

More information

Security: Focus of Control. Authentication

Security: Focus of Control. Authentication Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized

More information

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn. CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange

More information

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication

More information

Practice Questions. CS161 Computer Security, Fall 2008

Practice Questions. CS161 Computer Security, Fall 2008 Practice Questions CS161 Computer Security, Fall 2008 Name Email address Score % / 100 % Please do not forget to fill up your name, email in the box in the midterm exam you can skip this here. These practice

More information

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT

Part I. Universität Klagenfurt - IWAS Multimedia Kommunikation (VK) M. Euchner; Mai 2001. Siemens AG 2001, ICN M NT Part I Contents Part I Introduction to Information Security Definition of Crypto Cryptographic Objectives Security Threats and Attacks The process Security Security Services Cryptography Cryptography (code

More information

Q: Why security protocols?

Q: Why security protocols? Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:

More information

TELE 301 Network Management. Lecture 18: Network Security

TELE 301 Network Management. Lecture 18: Network Security TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not

More information

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document?

Digital Signatures. (Note that authentication of sender is also achieved by MACs.) Scan your handwritten signature and append it to the document? Cryptography Digital Signatures Professor: Marius Zimand Digital signatures are meant to realize authentication of the sender nonrepudiation (Note that authentication of sender is also achieved by MACs.)

More information

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu

Overview of Cryptographic Tools for Data Security. Murat Kantarcioglu UT DALLAS Erik Jonsson School of Engineering & Computer Science Overview of Cryptographic Tools for Data Security Murat Kantarcioglu Pag. 1 Purdue University Cryptographic Primitives We will discuss the

More information

Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography

Public Key Cryptography. c Eli Biham - March 30, 2011 258 Public Key Cryptography Public Key Cryptography c Eli Biham - March 30, 2011 258 Public Key Cryptography Key Exchange All the ciphers mentioned previously require keys known a-priori to all the users, before they can encrypt

More information

Applied Cryptology. Ed Crowley

Applied Cryptology. Ed Crowley Applied Cryptology Ed Crowley 1 Basics Topics Basic Services and Operations Symmetric Cryptography Encryption and Symmetric Algorithms Asymmetric Cryptography Authentication, Nonrepudiation, and Asymmetric

More information

Network Security. HIT Shimrit Tzur-David

Network Security. HIT Shimrit Tzur-David Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key

More information

Digital Signature. Raj Jain. Washington University in St. Louis

Digital Signature. Raj Jain. Washington University in St. Louis Digital Signature Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-11/

More information

Authentication Applications

Authentication Applications Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key

More information

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg Outline CSc 466/566 Computer Security 8 : Cryptography Digital Signatures Version: 2012/02/27 16:07:05 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian

More information

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder

More information

Introduction to Cryptography

Introduction to Cryptography Introduction to Cryptography Part 3: real world applications Jean-Sébastien Coron January 2007 Public-key encryption BOB ALICE Insecure M E C C D channel M Alice s public-key Alice s private-key Authentication

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 1 January 9, 2012 CPSC 467b, Lecture 1 1/22 Course Overview Symmetric Cryptography CPSC 467b, Lecture 1 2/22 Course Overview CPSC

More information

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur

Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 02 Overview on Modern Cryptography

More information

Principles of Network Security

Principles of Network Security he Network Security Model Bob and lice want to communicate securely. rudy (the adversary) has access to the channel. lice channel data, control s Bob Kai Shen data secure sender secure receiver data rudy

More information

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Overview of CSS SSL. SSL Cryptography Overview CHAPTER CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers

More information

CS 392/681 - Computer Security

CS 392/681 - Computer Security CS 392/681 - Computer Security Module 3 Key Exchange Algorithms Nasir Memon Polytechnic University Course Issues HW 3 assigned. Any lab or course issues? Midterm in three weeks. 8/30/04 Module 3 - Key

More information

Cryptography and network security CNET4523

Cryptography and network security CNET4523 1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local

More information

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631 Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.

More information

Institute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos

Institute of Computer Technology - Vienna University of Technology. L96 - SSL, PGP, Kerberos SSL, PGP, Kerberos Secure Socket Layer (Web Security), Pretty Good Privacy (Email Security) and Authentication Agenda SSL PGP Kerberos SSL, PGP, Kerberos, v4.4 2 Page 96-1 SSL versus IPsec Application

More information

Capture Resilient ElGamal Signature Protocols

Capture Resilient ElGamal Signature Protocols Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department

More information

Module 7 Security CS655! 7-1!

Module 7 Security CS655! 7-1! Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed

More information

Authenticity of Public Keys

Authenticity of Public Keys SSL/TLS EJ Jung 10/18/10 Authenticity of Public Keys Bob s key? private key Bob public key Problem: How does know that the public key she received is really Bob s public key? Distribution of Public Keys!

More information

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015

Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Network Security CS 5490/6490 Fall 2015 Lecture Notes 8/26/2015 Chapter 2: Introduction to Cryptography What is cryptography? It is a process/art of mangling information in such a way so as to make it

More information

Lecture 6 - Cryptography

Lecture 6 - Cryptography Lecture 6 - Cryptography CSE497b - Spring 2007 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjaeger/cse497b-s07 Question 2 Setup: Assume you and I don t know anything about

More information

Content Teaching Academy at James Madison University

Content Teaching Academy at James Madison University Content Teaching Academy at James Madison University 1 2 The Battle Field: Computers, LANs & Internetworks 3 Definitions Computer Security - generic name for the collection of tools designed to protect

More information

CRYPTOGRAPHY IN NETWORK SECURITY

CRYPTOGRAPHY IN NETWORK SECURITY ELE548 Research Essays CRYPTOGRAPHY IN NETWORK SECURITY AUTHOR: SHENGLI LI INSTRUCTOR: DR. JIEN-CHUNG LO Date: March 5, 1999 Computer network brings lots of great benefits and convenience to us. We can

More information

encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher basic unit is the bit

encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher basic unit is the bit Overview of the DES Introduction to Computer Security Lecture 6 Cryptography October 2, 2003 A block cipher: encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher

More information

NETWORK ADMINISTRATION AND SECURITY

NETWORK ADMINISTRATION AND SECURITY NETWORK ADMINISTRATION AND SECURITY Unit I (NAS) (W- 10) Q. 1) What is Security Attack? Explain general categories of attack with examples. 7 Q. 2) List and define the five security services. 5 Q. 3) Define

More information

Lukasz Pater CMMS Administrator and Developer

Lukasz Pater CMMS Administrator and Developer Lukasz Pater CMMS Administrator and Developer EDMS 1373428 Agenda Introduction Why do we need asymmetric ciphers? One-way functions RSA Cipher Message Integrity Examples Secure Socket Layer Single Sign

More information

Network Security (2) CPSC 441 Department of Computer Science University of Calgary

Network Security (2) CPSC 441 Department of Computer Science University of Calgary Network Security (2) CPSC 441 Department of Computer Science University of Calgary 1 Friends and enemies: Alice, Bob, Trudy well-known in network security world Bob, Alice (lovers!) want to communicate

More information

CPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu

CPS 590.5 Computer Security Lecture 9: Introduction to Network Security. Xiaowei Yang xwy@cs.duke.edu CPS 590.5 Computer Security Lecture 9: Introduction to Network Security Xiaowei Yang xwy@cs.duke.edu Previous lectures Worm Fast worm design Today Network security Cryptography building blocks Existing

More information

Chapter 15 User Authentication

Chapter 15 User Authentication Chapter 15 User Authentication 2015. 04. 06 Jae Woong Joo SeoulTech (woong07@seoultech.ac.kr) Table of Contents 15.1 Remote User-Authentication Principles 15.2 Remote User-Authentication Using Symmetric

More information

Part VII. Digital signatures

Part VII. Digital signatures Part VII Digital signatures CHAPTER 7: Digital signatures Digital signatures are one of the most important inventions/applications of modern cryptography. The problem is how can a user sign a message such

More information

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS

SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS SECURITY ANALYSIS OF A SINGLE SIGN-ON MECHANISM FOR DISTRIBUTED COMPUTER NETWORKS Abstract: The Single sign-on (SSO) is a new authentication mechanism that enables a legal user with a single credential

More information

1 Message Authentication

1 Message Authentication Theoretical Foundations of Cryptography Lecture Georgia Tech, Spring 200 Message Authentication Message Authentication Instructor: Chris Peikert Scribe: Daniel Dadush We start with some simple questions

More information

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1

EXAM questions for the course TTM4135 - Information Security May 2013. Part 1 EXAM questions for the course TTM4135 - Information Security May 2013 Part 1 This part consists of 5 questions all from one common topic. The number of maximal points for every correctly answered question

More information

8 Key Exchange and Authentication Protocols

8 Key Exchange and Authentication Protocols C547: CRYPTOGRPHY ND SECURITY PROTOCOLS 1 8 Key Exchange and uthentication Protocols 8.1 Introduction Introduction In this section, we are going to explore protocols that solve two general problems: Entity

More information

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon 1 Common security requirements Basic security tools Secret-key cryptography Public-key cryptography Example Online shopping with Amazon 2 Alice credit card # is xxxx Internet What could the hacker possibly

More information

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. Cryptosystems Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K. C= E(M, K), Bob sends C Alice receives C, M=D(C,K) Use the same key to decrypt. Public

More information

CIS 5371 Cryptography. 8. Encryption --

CIS 5371 Cryptography. 8. Encryption -- CIS 5371 Cryptography p y 8. Encryption -- Asymmetric Techniques Textbook encryption algorithms In this chapter, security (confidentiality) is considered in the following sense: All-or-nothing secrecy.

More information

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1 KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data

More information

Today ENCRYPTION. Cryptography example. Basic principles of cryptography

Today ENCRYPTION. Cryptography example. Basic principles of cryptography Today ENCRYPTION The last class described a number of problems in ensuring your security and privacy when using a computer on-line. This lecture discusses one of the main technological solutions. The use

More information

Savitribai Phule Pune University

Savitribai Phule Pune University Savitribai Phule Pune University Centre for Information and Network Security Course: Introduction to Cyber Security / Information Security Module : Pre-requisites in Information and Network Security Chapter

More information