2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries
|
|
- Belinda Baker
- 8 years ago
- Views:
Transcription
1 Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer 2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries Chapter 5: Security Concepts for Networks Page 1
2 Authentication Types Authentication can be the process of reliably verifying the identity of a user, a computer, or both computer and user. Forms of authentication (combinations are possible): password-based address-based cryptographic Page 2
3 Password-based Authentication Simple: people log into a computer by typing a user name and a password Problems with using passwords for authentication: The user himself/herself Eavesdroppers might see the password when careless users log in The password might be easy to guess (on-line attack) because users choose passwords they can remember easily Attempts to force users to choose unguessable passwords might render the system so inconvenient that users write down passwords Password management For login, the system has to know the valid passwords they are stored in an own file. An attacker might read the system file with the password information Thus: encrypt stored password information Store hashes of passwords Encrypt the stored passwords Combination: Encrypt a database of hashed passwords Page 3
4 Off-Line Password Guessing But: the password may be cracked by an off-line attack A common approach is to store a hash of the password (as e.g. within UNIX) An attacker can obtain a cryptographic hash of the password through either eavesdropping or reading a database The attacker can guess a password calculating the same hash and comparing it with the stolen value (e.g. Dictionary attack) Approach to slow down an attacker: When choosing a password, the system chooses a random number (salt) The system stores the salt and a hash of the combination of the stored salt and the chosen password userid alice salt value 2758 password hash hash(2758 password ) Page 4
5 Address-based Authentication Computers are identified by hierarchical IP addresses: Network Subnet Computer Possible forms of authentication: Maintain list of network addresses of equivalent machines, i.e., give users who have access to machine X the same access rights for machine Y Problem: user must have identical account names on all systems Extension: store entry: remote address, remote account name, local account name Implementation e.g. in UNIX: /etc/hosts.equiv file contains list of computers that have identical user account assignments.rhosts file in a user s home directory contains a list of tuples computer, account that are granted access to this user s account But: if someone gains privileged access to a node, he can access all users resources on this node. He can also get access to other machines accessable by users of the current node. Page 5
6 Cryptographic Authentication Protocols Cryptographic authentication is much more secure than password-based or addressbased authentication proves her identity to by performing a cryptographic operation on a quantity provided by The cryptographic operation is based on s secret A computer can do cryptographic operations on behalf of its user: The user only has to remember a password The system has to obtain a cryptographic key based on the password by: doing a hash of the password using the password to decrypt a higher-quality key (e.g. DES key, RSA private key) Keys and cryptographic algorithms e.g. can be stored on a smart card (authentication token) Page 6
7 Lehrstuhl für Informatik 4 How to do Secure Authentication? Problems: eavesdropping and server database reading (reading password files) Protocol 1: protect against server database reading by only storing a hash, fiddlesticks Knows hash h* of s password Computes hash(fiddlesticks) Compares it with stored value h* But: eavesdropping of s password Protocol 2: protect against eavesdropping by sending encrypted password I m Computes X = cryptographic function of her secret and R: X = encr(secr, R) R X Picks random R Knows s secret, computes same function and compares it to X But: server database reading of s secret at s machine Page 7
8 Lehrstuhl für Informatik 4 Authentication with RSA Public key technology protects authentication against eavesdropping and server database reading Widely used: challenge/response Example: authenticates herself to Using her private key priv, performs a cryptographic operation on a value (challenge) R supplied by : I m (in clear text) Knows s public key R (in clear) or publ (R) R signed with s private key priv (R) Picks random R Checks result using s public key publ (priv (R)) = R =? Page 8
9 Nonce Important: use the challenge R only once! A nonce is a challenge only used once Use e.g. a random number, a timestamp, The unpredictability of R is important: I m I m {R R R {R If sequence numbers would be used for R, an attacker needs only to observe R and use R+1 to authenticate with! If sequence numbers would be used for R, a man-in-the-middle attacker could send R+1 to and use the response to authenticate with use unpredictable numbers! Page 9
10 Lamport s Hash Other possibility for authentication: Lamport s Hash One-time password scheme: Allows to authenticate in a way that neither eavesdropping reading s database enables someone to impersonate No need for public key cryptograph Requirements: remembers a password, is a human (the server) has a database; for each user it stores: username n, decremented each time the user authenticates herself hash n (Password), i.e. hash(hash(...(hash(password))...))) Page 10
11 Lamport s Hash - Initialization, password s Workstation x n =hash n (password), n Database x n =hash n (password), n Initialization of a password: chooses a password The workstation of chooses the number n and computes x 1 =hash(password) x 2 =hash(x 1 ),..., x n =hash(x n-1 )=hash n (password) and sends it to together with n Page 11
12 Lamport s Hash - Authentication, password s Workstation n x=hash n-1 (password) knows <n,hash n (password)> compare hash(x) to hash n (password) if equal, replace <n, hash n (password)> with <n-1,x> Authentication of a user: enters her username and password Her workstation sends the name to which returns n The workstation computes hash n-1 (password) and sends the result to takes the received value, hashes it once, and compares it with its database In case of a match, considers the response as valid, replaces the stored quantity with the received quantity, and replaces n by n-1 Page 12
13 Lamport s Hash Setting up a new password: Ifn = 1 needs to set her password again In many situations it is sufficient to choose a new password, compute hash n (new password), and transmit hash n (new password) and n to An enhancement is to add a salt value to the password, with the same advantages as in password storage like e.g. in UNIX Another advantage of salt is that will not need to change her password if n = 1 Properties: Similar to public key schemes regarding database reading But: user can only log-in a finite number of times before having to re-install the password at the server Problem: small n attack Page 13
14 Small n Attack Lehrstuhl für Informatik 4 Worst weakness of Lamport s Hash: Oscar, who is able to impersonate s network address, waits for s log-in When attempts to log in, Oscar returns a small value for n, e.g. 50 When responds with hash 50 (password), Oscar has enough information to impersonate for some time, if the actual value of n at is greater than 50 Two possible solutions: Human and Paper environment: When <n, hash n (password)> is installed at the server, all values of hash i (password) for i < n are computed, encoded into a typeable string, printed on paper, and given to When logs in, she uses the string at the top of the page, crosses that value, and uses the next value the next time Workstation environment: s workstation displays n to the human If remembers approximately what n should be she can at least do a rough probability check on n Page 14
15 Mutual Authentication Often required: each of both communication partners has to identify the other one (mutual authentication), e.g. with a shared secret: I m R 1 {R 1 R 2 {R 2 Improvement, using only 3 instead of 5 messages for authentication: I m, R 2 R 1, {R 2 {R 1 But: reflection attack Page 15
16 Reflection Attack Oscar starts the mutual authentication, but when he receives the challenge from, he cannot proceed further because he cannot encrypt R 1 : Oscar I m, R 2 R 1, {R 2 Oscar opens a second session to and uses R 1 as the challenge: Oscar I m, R 1 R 3, {R 1 Oscar cannot continue this session because he cannot encrypt R 3, but he knows {R 1, so he can complete the first session Countermeasures: don t have and do exactly the same thing Different-keys: the key used to authenticate should be different from the key used to authenticate. For example: s key might be - or +1 or Different-challenges: the initiator s challenge must be different from the one of the responder. For example, use R as challenge Page 16
17 Password Guessing Other problem: Oscar can mount an off-line password-guessing attack without need to eavesdrop: Oscar has to send a message to claiming to be will obligingly return the encrypted value Then Oscar has the pair <R, {R> which he can use to check password guesses This weakness can fixed by adding another message, forcing to send an encrypted value first: I m R 1 {R 1, R 2 {R 2 But still: an attacker listening to the communication can learn <R, {R> pairs, and could try an off-line attack guessing passwords to derive Page 17
18 Bellovin-Merrit Lehrstuhl für Informatik 4 Solution: and do a Diffie-Hellman exchange, but encrypt the values they exchange The Diffie-Hellman key is K = g RA RB mod p Subsequently, they do a standard mutual authentication exchange proving each other that they know K = g RA RB mod p {g RA mod p {g RB mod p K{R 1 0 R 1, K{R 2 1 R 2 Page 18
19 Mutual Authentication with Public Keys I m, {R 2 B R 2,{R 1 A R 1 Mutual authentication can also be done with public key technology, assuming that and know each other s public key. Problems: How does know s public key? How could s workstation obtain s private key when a password is all knows? Page 19
20 Session Key Establishment There are still security vulnerabilities after authentication: After the authentication between and, data integrity checks and/or message encryption is done during communication using secret key cryptography Keys wear out if used a lot. The more encrypted data an attacker has the better his chances of finding the key It might be possible for an intruder to record messages from a previous conversation and inject those packets into a current conversation If the long-term shared secret key were compromised, it would be desirable to prevent an old recorded conversation from being decrypted Keys could be stored by a communication partner for future misuse use a secret per-session key generated at the time of authentication Therefore, authentication protocols usually establish a session key in addition to providing authentication Page 20
21 Session Key Establishment with Shared Secret I m Go back to first scheme for mutual authentication: having a shared key Re-use the shared key in a modified way as session key R 1 {R 1 R 2 {R 2 There is sufficient information in this protocol for and to establish a shared session key at this point: For example, they can use ( +1){R. In general: Take the shared secret and modify it in some way, then encrypt the challenge R (here: R 1 or R 2 ) using the modified as the key, and use the result as the session key. ( +1){R 1 {message Page 21
22 Session Key Establishment with Public Keys There are several methods to establish session keys with public keys: chooses a random number R, encrypts it with s public key, and sends {R B to, attached to one of the messages in the authentication exchange An attacker could hijack the conversation by picking his own R, encrypting it with s public key, and sending it to can additionally sign the result. In this case, she sends [{R B ] A to. first has to verify s signature before decrypting R The attacker could record the entire conversation between and. If he can later take over he will be able to decrypt the conversation Additionally, picks R 1 and R 2. sends {R 1 B to. sends {R 2 A to. The session key will R 1 R 2 An attacker is not able to learn R 1 and R 2 only by overtaking or and can do a Diffie-Hellman key establishment exchange, where every partner signs the quantity he is sending Page 22
23 Session Key Establishment with Lamport s Hash With Lamport s Hash neither side has a public key, and they do not have a shared secret key. Nevertheless, there are several possibilities to establish a shared session key: They can first do the authentication handshake, and then a Diffie-Hellman exchange to establish a session key An attacker could hijack the conversation after the initial authentication and before the Diffie-Hellman exchange They can do a Diffie-Hellman exchange first, and then do the authentication handshake as part of a conversation protected with the Diffie-Hellman key An attacker could do a bucket-brigade attack, establishing a separate Diffie-Hellman key with both and Secret or public key technology seem to be more secure but a general problem remains: how to get a public key of or a shared key with a possible communication partner? Page 23
24 Trusted Intermediaries Assume that network security is based on secret key technology Consider a large network with n nodes. Each computer may need to authenticate each other computer each computer needs to know n-1 keys Adding a new node would cause generation of n keys, as the new node needs to have a shared secret with each other node The keys would have to be securely (i.e. encrypted) distributed to all the other nodes e.g. by public key schemes Possibilities Key Distribution Center (KDC) for secret keys Certification Authorities (CAs) for public key schemes Multiple Trusted Intermediaries extended (mesh) structure if the networks (and thus the KDCs/CAs) become too large Page 24
25 KDC Lehrstuhl für Informatik 4 Key Distribution Center (KDC) The KDC holds a database with keys for all nodes A new node registers with the KDC; any node registered with the KDC can securely communicate with it (authentication + encryption) Nodes ask for a temporary key (ticket) if they want to communicate with each other [, K KDC- {Key for?] ticket K KDC- {K - K KDC- {K - [, K - {message] Disadvantages of KDCs: KDC has enough information to impersonate all nodes and users (vulnerability) KDC is a single point of failure - if it goes down, nobody can use anything on the network KDC might be a performance bottleneck for large number of users Page 25
26 KDC Variant Lehrstuhl für Informatik 4 On the following slides: = K - K A = K KDC- K B = K KDC- wants K A {use for ticket to = K B {use for KDC I am, ticket = K B {use for KDC operation in practice (improvement of the previous protocol): The KDC gives the information it would have sent to (the ticket) The ticket holds information that will allow to access This prevents e.g. problems with message runtimes, if connection attempt comes to early for to have received the shared key from KDC Page 26
27 Needham-Schroeder The Needham-Schroeder protocol is a classic KDC authentication protocol (e.g. used by Kerberos): 1 2 N 1, wants K A {N 1,,, ticket to where ticket to = K B {, KDC ticket, {N 2 {N 2-1, N 3 {N 3-1 Page 27
28 Security of Needham-Schroeder Nonce N 1 is used to prove that is really talking to the KDC, not to an attacker who had listened to a KDC answer before and replies to with this answer The string is filled in to avoid that an attacker Oscar has intercepted message 1 and substituted with Oscar, to make the KDC generating a key between and Oscar (and sending back this key to who thinks to have a key with ) Nonce N 2 is sent to along with the ticket, and only someone being able to decrypt s ticket is able to decrypt N 2 proves to be himself answering with N 2-1 because N 2 only can be decrypted by him. Additionally, nonce N 3 is sent as challenge for authentication by authenticates with by sending back a modified nonce N 3 Page 28
29 Needham-Schroeder Enhancement I want to talk you K B {N B N 1, wants, K B {N B K A {N 1,,, ticket to where ticket to = K B {,, N B KDC ticket, {N 2 {N 2-1, N 3 {N 3-1 Fix a security hole: If an attacker finds out s key he can claim to be and obtain from the KDC a shared key with, and a ticket to, The problem with the original protocol is that the ticket to remains valid even if changes her key The additional nonce N B proves for that the key was newly generated Page 29
30 Certification Authorities (CAs) Key distribution is easier with public key cryptography: Each node knows its own private key, and the public keys can be obtained from a central entity Problem: How to be sure that the public key information is correct? Solution: Establish a trusted node, a Certification Authority (CA), to generate certificates Certificates consist of a public key, a name () and a signature of a CA: [, privca(publ)] CAs are the public key equivalent of KDCs Page 30
31 Certification Authorities (CAs) Advantages of CAs (compared to KDCs) The CA does not need to be on-line, key exchange may be done by e.g. smart cards Since the CA does not have to be on-line, a comparably simple device can be employed If the CA crashes, the network is still usable, but the installation of new user is impossible One cannot write bogus certificates as only the CA generate signatures A corrupt CA cannot decrypt conversations Disadvantages of CAs Once a certificate has been issued it is difficult to revoke it if the CA is not online As a first solution, a certificate is valid only for a specified time Better solution (similar to credit cards): Publish a list of all revoked certificates Certificate Revocation List (CRL) The CRLs will be distributed periodically A certificate is valid if it has a valid CA signature and is not listed on the CRL Page 31
Authentication Types. Password-based Authentication. Off-Line Password Guessing
Authentication Types Chapter 2: Security Techniques Background Secret Key Cryptography Public Key Cryptography Hash Functions Authentication Chapter 3: Security on Network and Transport Layer Chapter 4:
More informationAuthentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques
Computer Security process of reliably verifying identity verification techniques what you know (eg., passwords, crypto key) what you have (eg., keycards, embedded crypto) what you are (eg., biometric information)
More informationAuthentication Protocols
Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Network Security, C. Kaufman, R. Perlman, M. Speciner, Second Edition, Addison-Wesley,
More informationKey Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.
CSC 490 Special Topics Computer and Network Security Key Management Dr. Xiao Qin Auburn University http://www.eng.auburn.edu/~xqin xqin@auburn.edu Slide 09-1 Overview Key exchange Session vs. interchange
More informationCryptography and Network Security
Cryptography and Network Security Spring 2012 http://users.abo.fi/ipetre/crypto/ Lecture 9: Authentication protocols, digital signatures Ion Petre Department of IT, Åbo Akademi University 1 Overview of
More informationClient Server Registration Protocol
Client Server Registration Protocol The Client-Server protocol involves these following steps: 1. Login 2. Discovery phase User (Alice or Bob) has K s Server (S) has hash[pw A ].The passwords hashes are
More informationLecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.
Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution. 1 Opening quote. 2 The topics of cryptographic key management
More informationChapter 16: Authentication in Distributed System
Chapter 16: Authentication in Distributed System Ajay Kshemkalyani and Mukesh Singhal Distributed Computing: Principles, Algorithms, and Systems Cambridge University Press A. Kshemkalyani and M. Singhal
More information4.2: Kerberos Kerberos V4 Kerberos V5. Chapter 5: Security Concepts for Networks. Lehrstuhl für Informatik 4 Kommunikation und verteilte Systeme
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.2:
More informationCSC 474 -- Network Security. User Authentication Basics. Authentication and Identity. What is identity? Authentication: verify a user s identity
CSC 474 -- Network Security Topic 6.2 User Authentication CSC 474 Dr. Peng Ning 1 User Authentication Basics CSC 474 Dr. Peng Ning 2 Authentication and Identity What is identity? which characteristics
More informationModule 7 Security CS655! 7-1!
Module 7 Security CS655! 7-1! Issues Separation of! Security policies! Precise definition of which entities in the system can take what actions! Security mechanism! Means of enforcing that policy! Distributed
More information: Network Security. Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT
Subject Code Department Semester : Network Security : XCS593 : MSc SE : Nineth Name of Staff: Anusha Linda Kostka Department : MSc SE/CT/IT Part A (2 marks) 1. What are the various layers of an OSI reference
More informationModule 8. Network Security. Version 2 CSE IIT, Kharagpur
Module 8 Network Security Lesson 2 Secured Communication Specific Instructional Objectives On completion of this lesson, the student will be able to: State various services needed for secured communication
More informationKerberos. Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?).
Kerberos Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530 520 BC. From Italy (?). 1 Kerberos Kerberos is an authentication protocol and a software suite implementing this
More informationAlternative: Strong password Protocols
Using Passwords send pwd, compare against h(pwd) send h(pwd), compare against h(pwd) send h(pwd), compare against h(h(pwd)) use h(pwd) as secret in challenge/response, server stores h(pwd). Why not h(h(pwd))?
More informationTOPIC HIERARCHY. Distributed Environment. Security. Kerberos
KERBEROS TOPIC HIERARCHY Distributed Environment Security Privacy Authentication Authorization Non Repudiation Kerberos ORIGIN MIT developed Kerberos to protect network services. Developed under the Project
More informationKEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1
KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE Mihir Bellare UCSD 1 The public key setting Alice M D sk[a] (C) Bob pk[a] C C $ E pk[a] (M) σ $ S sk[a] (M) M, σ Vpk[A] (M, σ) Bob can: send encrypted data
More informationUsing etoken for SSL Web Authentication. SSL V3.0 Overview
Using etoken for SSL Web Authentication Lesson 12 April 2004 etoken Certification Course SSL V3.0 Overview Secure Sockets Layer protocol, version 3.0 Provides communication privacy over the internet. Prevents
More informationNetwork Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec
Network Security #10 Parts modified from Computer Networking: A Top Down Approach Featuring the Internet, 2nd edition. Jim Kurose, Keith Ross, Addison-Wesley, 2002. 1 Overview Encryption Authentication
More informationHow To Use Kerberos
KERBEROS 1 Kerberos Authentication Service Developed at MIT under Project Athena in mid 1980s Versions 1-3 were for internal use; versions 4 and 5 are being used externally Version 4 has a larger installed
More informationKey Management and Distribution
and Distribution CSS322: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 23 January 2011 CSS322Y10S2L12, Steve/Courses/CSS322/Lectures/key.tex,
More informationConnected from everywhere. Cryptelo completely protects your data. Data transmitted to the server. Data sharing (both files and directory structure)
Cryptelo Drive Cryptelo Drive is a virtual drive, where your most sensitive data can be stored. Protect documents, contracts, business know-how, or photographs - in short, anything that must be kept safe.
More informationAuthentication Application
Authentication Application KERBEROS In an open distributed environment servers to be able to restrict access to authorized users to be able to authenticate requests for service a workstation cannot be
More informationARCHIVED PUBLICATION
ARCHIVED PUBLICATION The attached publication, NIST Special Publication 800-63 Version 1.0.2 (dated April 2006), has been superseded and is provided here only for historical purposes. For the most current
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationCS 4803 Computer and Network Security
Many-to-Many Authentication CS 4803 Computer and Network Security s? Servers Alexandra (Sasha) Boldyreva Kerberos How do users prove their identities when requesting services from machines on the network?
More informationE- Encryption in Unix
UNIVERSITY of WISCONSIN-MADISON Computer Sciences Department CS 537 A. Arpaci-Dusseau Intro to Operating Systems Spring 2000 Security Solutions and Encryption Questions answered in these notes: How does
More informationNetwork Security Protocols
Network Security Protocols EE657 Parallel Processing Fall 2000 Peachawat Peachavanish Level of Implementation Internet Layer Security Ex. IP Security Protocol (IPSEC) Host-to-Host Basis, No Packets Discrimination
More informationChapter 9 Key Management 9.1 Distribution of Public Keys 9.1.1 Public Announcement of Public Keys 9.1.2 Publicly Available Directory
There are actually two distinct aspects to the use of public-key encryption in this regard: The distribution of public keys. The use of public-key encryption to distribute secret keys. 9.1 Distribution
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Exercise: Chapters 13, 15-18 18 1. [Kaufman] 13.1
More informationHow To Make A Trustless Certificate Authority Secure
Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if
More informationCapture Resilient ElGamal Signature Protocols
Capture Resilient ElGamal Signature Protocols Hüseyin Acan 1, Kamer Kaya 2,, and Ali Aydın Selçuk 2 1 Bilkent University, Department of Mathematics acan@fen.bilkent.edu.tr 2 Bilkent University, Department
More informationNetwork Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide
Network Security [2] Public Key Encryption Also used in message authentication & key distribution Based on mathematical algorithms, not only on operations over bit patterns (as conventional) => much overhead
More informationCIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives
CIS 6930 Emerging Topics in Network Security Topic 2. Network Security Primitives 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange; Hash functions; Application of hash
More informationCS 392/681 - Computer Security
CS 392/681 - Computer Security Module 3 Key Exchange Algorithms Nasir Memon Polytechnic University Course Issues HW 3 assigned. Any lab or course issues? Midterm in three weeks. 8/30/04 Module 3 - Key
More informationNetwork Security. HIT Shimrit Tzur-David
Network Security HIT Shimrit Tzur-David 1 Goals: 2 Network Security Understand principles of network security: cryptography and its many uses beyond confidentiality authentication message integrity key
More informationThe Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems
The Feasibility and Application of using a Zero-knowledge Protocol Authentication Systems Becky Cutler Rebecca.cutler@tufts.edu Mentor: Professor Chris Gregg Abstract Modern day authentication systems
More informationName: 1. CSE331: Introduction to Networks and Security Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35.
Name: 1 CSE331: Introduction to Networks and Security Final Fall 2003 Dec. 12, 2003 1 /14 2 /16 3 /16 4 /10 5 /14 6 /5 7 /5 8 /20 9 /35 Total /135 Do not begin the exam until you are told to do so. You
More informationKerberos. Login via Password. Keys in Kerberos
Kerberos Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos
More informationAuthentication Applications
Authentication Applications CSCI 454/554 Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures Kerberos a symmetric-key
More informationTELE 301 Network Management. Lecture 18: Network Security
TELE 301 Network Management Lecture 18: Network Security Haibo Zhang Computer Science, University of Otago TELE301 Lecture 18: Network Security 1 Security of Networks Security is something that is not
More informationCopyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1
Chapter 15 Key Management Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1 Symmetric-key Distribution Symmetric-key cryptography is more efficient than asymmetric-key
More informationSSL Protect your users, start with yourself
SSL Protect your users, start with yourself Kulsysmn 14 december 2006 Philip Brusten Overview Introduction Cryptographic algorithms Secure Socket Layer Certificate signing service
More information1. a. Define the properties of a one-way hash function. (6 marks)
1. a. Define the properties of a one-way hash function. (6 marks) A hash function h maps arbitrary length value x to fixed length value y such that: Hard to reverse. Given value y not feasible to find
More informationChapter 7: Network security
Chapter 7: Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice: application layer: secure e-mail transport
More informationCSCI 454/554 Computer and Network Security. Final Exam Review
CSCI 454/554 Computer and Network Security Final Exam Review Topics covered by Final Topic before Midterm 20% Topic after Midterm 80% Date: 05/13/2015 9:00am noon Place: the same classroom Open book/notes
More informationIntroduction to Network Security Key Management and Distribution
Introduction to Network Security Key Management and Distribution Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University of Science and Technology cetinkayae@mst.edu http://web.mst.edu/~cetinkayae/teaching/cpe5420fall2015
More informationNetwork Security. Computer Networking Lecture 08. March 19, 2012. HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23
Network Security Computer Networking Lecture 08 HKU SPACE Community College March 19, 2012 HKU SPACE CC CN Lecture 08 1/23 Outline Introduction Cryptography Algorithms Secret Key Algorithm Message Digest
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationAuthentication Applications
Authentication Applications will consider authentication functions developed to support application-level authentication & digital signatures will consider Kerberos a private-key authentication service
More informationElements of Applied Cryptography. Key Distribution. Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack
Elements of Applied Cryptography Key Distribution Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack Point-to-point key establishment Alice Bob Each pair of users must share
More informationCS 356 Lecture 28 Internet Authentication. Spring 2013
CS 356 Lecture 28 Internet Authentication Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists
More information12/3/08. Security in Wireless LANs and Mobile Networks. Wireless Magnifies Exposure Vulnerability. Mobility Makes it Difficult to Establish Trust
Security in Wireless LANs and Mobile Networks Wireless Magnifies Exposure Vulnerability Information going across the wireless link is exposed to anyone within radio range RF may extend beyond a room or
More informationKerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su
Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o Presented by: Smitha Sundareswaran Chi Tsong Su Introduction Kerberos: An authentication protocol based on
More informationApplication Layer (1)
Application Layer (1) Functionality: providing applications (e-mail, www, USENET etc) providing support protocols to allow the real applications to function properly security comprising a large number
More informationOverview of CSS SSL. SSL Cryptography Overview CHAPTER
CHAPTER 1 Secure Sockets Layer (SSL) is an application-level protocol that provides encryption technology for the Internet, ensuring secure transactions such as the transmission of credit card numbers
More informationSecure Remote Password (SRP) Authentication
Secure Remote Password (SRP) Authentication Tom Wu Stanford University tjw@cs.stanford.edu Authentication in General What you are Fingerprints, retinal scans, voiceprints What you have Token cards, smart
More informationCryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationTake-home points. Distributed Systems Security II. Remember digital signatures. Today: Auth protocols 15-440
Distributed Systems Security II 5-440 Take-home points What does using public-key for our authentication buy us? Compare kerberos (needham-schroeder) and SSL with a certificate authority Metrics: Scaling,
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 19 th November 2014 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationSecurity. Contents. S-72.3240 Wireless Personal, Local, Metropolitan, and Wide Area Networks 1
Contents Security requirements Public key cryptography Key agreement/transport schemes Man-in-the-middle attack vulnerability Encryption. digital signature, hash, certification Complete security solutions
More informationSecure Socket Layer. Introduction Overview of SSL What SSL is Useful For
Secure Socket Layer Secure Socket Layer Introduction Overview of SSL What SSL is Useful For Introduction Secure Socket Layer (SSL) Industry-standard method for protecting web communications. - Data encryption
More informationTELE 301 Network Management. Lecture 16: Remote Terminal Services
TELE 301 Network Management Lecture 16: Remote Terminal Services Haibo Zhang Computer Science, University of Otago TELE301 Lecture 16: Remote Terminal Services 1 Today s Focus Remote Terminal Services
More information10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture)
Contents 1 / 55 10.1 Kerberos Kerberos V4 Kerberos V5 10.2 World Wide Web Security S-HTTP (secure hypertext transfer protocol) SEA (security extension architecture) Kerberos V4 / Contents 2 / 55 Kerberos
More informationChapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1
Chapter 4 Authentication Applications COSC 490 Network Security Annie Lu 1 OUTLINE Kerberos X.509 Authentication Service COSC 490 Network Security Annie Lu 2 Authentication Applications authentication
More informationDr. Arjan Durresi. Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/
Set of Problems 2 Dr. Arjan Durresi Louisiana State University Baton Rouge, LA 70810 Durresi@csc.LSU.Edu These slides are available at: http://www.csc.lsu.edu/~durresi/csc4601_07/ Louisiana State University
More informationCryptography and network security CNET4523
1. Name of Course 2. Course Code 3. Name(s) of academic staff 4. Rationale for the inclusion of the course/module in the programme Cryptography and network security CNET4523 Major The Great use of local
More informationChapter 8 Security. IC322 Fall 2014. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012
Chapter 8 Security IC322 Fall 2014 Computer Networking: A Top Down Approach 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012 All material copyright 1996-2012 J.F Kurose and K.W. Ross, All
More informationSingle Sign-On Secure Authentication Password Mechanism
Single Sign-On Secure Authentication Password Mechanism Deepali M. Devkate, N.D.Kale ME Student, Department of CE, PVPIT, Bavdhan, SavitribaiPhule University Pune, Maharashtra,India. Assistant Professor,
More informationComputer and Network Security. Outline
Computer and Network Security Lecture 10 Certificates and Revocation Outline Key Distribution Certification Authorities Certificate revocation 1 Key Distribution K A, K B E KA ( K AB, E KB (KAB) ) K A
More informationQ: Why security protocols?
Security Protocols Q: Why security protocols? Alice Bob A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Confidentiality Authentication Example:
More informationCryptographic Key Infrastructure
Cryptographic Key Infrastructure Goal: bind identity to key Classical: not possible as all keys are shared Use protocols to agree on a shared key (see earlier) Public key: bind identity to public key Crucial
More informationKey Management (Distribution and Certification) (1)
Key Management (Distribution and Certification) (1) Remaining problem of the public key approach: How to ensure that the public key received is really the one of the sender? Illustration of the problem
More informationHow To Understand And Understand The Security Of A Key Infrastructure
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography Objectives Define digital certificates List the various types of digital certificates and how they are used
More informationChapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption
Chapter 14. Key management and Distribution Symmetric Key Distribution Using Symmetric Encryption For symmetric encryption to work, the two parties to an exchange must share the same key, and that key
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationChapter 8. Cryptography Symmetric-Key Algorithms. Digital Signatures Management of Public Keys Communication Security Authentication Protocols
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationChapter 8. Network Security
Chapter 8 Network Security Cryptography Introduction to Cryptography Substitution Ciphers Transposition Ciphers One-Time Pads Two Fundamental Cryptographic Principles Need for Security Some people who
More informationCUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631
Cunsheng DING, HKUST Lecture 08: Key Management for One-key Ciphers Topics of this Lecture 1. The generation and distribution of secret keys. 2. A key distribution protocol with a key distribution center.
More informationIDRBT Working Paper No. 11 Authentication factors for Internet banking
IDRBT Working Paper No. 11 Authentication factors for Internet banking M V N K Prasad and S Ganesh Kumar ABSTRACT The all pervasive and continued growth being provided by technology coupled with the increased
More informationDesigning a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology
Designing a Secure Client-Server System Master of Science Thesis in the Programme Software Engineering & Technology FREDRIK ANDERSSON Department of Computer Science and Engineering CHALMERS UNIVERSITY
More informationCSE331: Introduction to Networks and Security. Lecture 29 Fall 2006
CSE331: Introduction to Networks and Security Lecture 29 Fall 2006 Announcements Project 3 is due Today Can submit electronically (mail savi@seas) By midnight Project 4 will be on the web this afternoon
More informationWireless Encryption Protection
Wireless Encryption Protection We re going to jump around a little here and go to something that I really find interesting, how do you secure yourself when you connect to a router. Now first and foremost
More informationNetwork Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1
Network Security Abusayeed Saifullah CS 5600 Computer Networks These slides are adapted from Kurose and Ross 8-1 Public Key Cryptography symmetric key crypto v requires sender, receiver know shared secret
More informationContents. Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008
Identity Assurance (Scott Rea Dartmouth College) IdM Workshop, Brisbane Australia, August 19, 2008 Contents Authentication and Identity Assurance The Identity Assurance continuum Plain Password Authentication
More informationSecurity vulnerabilities in the Internet and possible solutions
Security vulnerabilities in the Internet and possible solutions 1. Introduction The foundation of today's Internet is the TCP/IP protocol suite. Since the time when these specifications were finished in
More informationSecurity. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key
Friends and Enemies Security Outline Encryption lgorithms Protocols Message Integrity Protocols Key Distribution Firewalls Figure 7.1 goes here ob, lice want to communicate securely Trudy, the intruder
More informationCS 758: Cryptography / Network Security
CS 758: Cryptography / Network Security offered in the Fall Semester, 2003, by Doug Stinson my office: DC 3122 my email address: dstinson@uwaterloo.ca my web page: http://cacr.math.uwaterloo.ca/~dstinson/index.html
More informationFinal exam review, Fall 2005 FSU (CIS-5357) Network Security
Final exam review, Fall 2005 FSU (CIS-5357) Network Security Instructor: Breno de Medeiros 1. What is an insertion attack against a NIDS? Answer: An insertion attack against a network intrusion detection
More informationKerberos. Guilin Wang. School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk
Kerberos Guilin Wang School of Computer Science, University of Birmingham G.Wang@cs.bham.ac.uk 1 Entity Authentication and Key Exchange In the last talk, we discussed key exchange and reviewed some concrete
More informationWeb Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn
Web Payment Security A discussion of methods providing secure communication on the Internet Group Members: Peter Heighton Zhao Huang Shahid Kahn 1. Introduction Within this report the methods taken to
More informationSY0-201. system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users.
system so that an unauthorized individual can take over an authorized session, or to disrupt service to authorized users. From a high-level standpoint, attacks on computer systems and networks can be grouped
More informationCornerstones of Security
Internet Security Cornerstones of Security Authenticity the sender (either client or server) of a message is who he, she or it claims to be Privacy the contents of a message are secret and only known to
More informationUnderstanding Digital Certificates and Wireless Transport Layer Security (WTLS)
Understanding Digital Certificates and Wireless Transport Layer Security (WTLS) Author: Allan Macphee January 2001 Version 1.1 Copyright 2001-2003 Entrust. All rights reserved. Digital Certificates What
More informationAuthentication Protocols Using Hoover-Kausik s Software Token *
JOURNAL OF INFORMATION SCIENCE AND ENGINEERING 22, 691-699 (2006) Short Paper Authentication Protocols Using Hoover-Kausik s Software Token * WEI-CHI KU AND HUI-LUNG LEE + Department of Computer Science
More informationSecurity Digital Certificate Manager
System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure
More information4.1: Securing Applications Remote Login: Secure Shell (SSH) E-Mail: PEM/PGP. Chapter 5: Security Concepts for Networks
Chapter 2: Security Techniques Background Chapter 3: Security on Network and Transport Layer Chapter 4: Security on the Application Layer Secure Applications Network Authentication Service: Kerberos 4.1:
More informationBasic network security threats
Basic network security threats Packet sniffing Packet forgery (spoofed from address) DNS spoofing wrong IP address for hostname Assume bad guy controls network - Can read all your packets - Can tamper
More informationSecure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213
Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213 UNCLASSIFIED Example http ://www. greatstuf f. com Wants credit card number ^ Look at lock on browser Use https
More informationAsymmetric cryptosystems fundamental problem: authentication of public keys
Network security Part 2: protocols and systems (a) Authentication of public keys Università degli Studi di Brescia Dipartimento di Ingegneria dell Informazione 2014/2015 Asymmetric cryptosystems fundamental
More information