CS 392/681 - Computer Security



Similar documents
Key Management and Distribution

Key Management and Distribution

Expert Reference Series of White Papers. Fundamentals of the PKI Infrastructure

Elements of Applied Cryptography. Key Distribution. Trusted third party: KDC, KTC Diffie-Helmann protocol The man-in-the-middle attack

Introduction to Network Security Key Management and Distribution

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, Page 1

CSCE 465 Computer & Network Security

Lecture slides by Lawrie Brown for Cryptography and Network Security, 5/e, by William Stallings, Chapter 14 Key Management and Distribution.

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Chapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

SSL/TLS: The Ugly Truth

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

Digital Certificates (Public Key Infrastructure) Reshma Afshar Indiana State University

KEY DISTRIBUTION: PKI and SESSION-KEY EXCHANGE. Mihir Bellare UCSD 1

Module 7 Security CS655! 7-1!

CIS 6930 Emerging Topics in Network Security. Topic 2. Network Security Primitives

Asymmetric cryptosystems fundamental problem: authentication of public keys

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Lecture VII : Public Key Infrastructure (PKI)

CS549: Cryptography and Network Security

Key Management and Distribution

Dr. Cunsheng DING HKUST, Hong Kong. Security Protocols. Security Protocols. Cunsheng Ding, HKUST COMP685C

Cryptography and Network Security

Cryptography and Network Security Digital Signature

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Key Management. CSC 490 Special Topics Computer and Network Security. Dr. Xiao Qin. Auburn University

Computer and Network Security. Outline

CS 393 Network Security. Nasir Memon Polytechnic University Module 11 Secure

Public Key Cryptography in Practice. c Eli Biham - May 3, Public Key Cryptography in Practice (13)

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

Introduction to Cryptography

Purpose of PKI PUBLIC KEY INFRASTRUCTURE (PKI) Terminology in PKIs. Chain of Certificates

CS 356 Lecture 28 Internet Authentication. Spring 2013

Cryptography and Network Security Chapter 14

How To Make A Trustless Certificate Authority Secure

Authentication Applications

Authentication Applications

Network Security. Gaurav Naik Gus Anderson. College of Engineering. Drexel University, Philadelphia, PA. Drexel University. College of Engineering

Using etoken for SSL Web Authentication. SSL V3.0 Overview

CSE543 - Introduction to Computer and Network Security. Module: Public Key Infrastructure

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

Public Key Infrastructure for a Higher Education Environment

Overview. SSL Cryptography Overview CHAPTER 1

CS 758: Cryptography / Network Security

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

Authentication. Computer Security. Authentication of People. High Quality Key. process of reliably verifying identity verification techniques

Network Security Protocols

How To Understand And Understand The Security Of A Key Infrastructure

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Network Security: Public Key Infrastructure

Public Key Infrastructure (PKI)

7 Key Management and PKIs

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

IT Networks & Security CERT Luncheon Series: Cryptography

CUNSHENG DING HKUST, Hong Kong. Computer Security. Computer Security. Cunsheng DING, HKUST COMP4631

TELSTRA RSS CA Subscriber Agreement (SA)

Computer Security: Principles and Practice

Public Key Infrastructure

Ciphire Mail. Abstract

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Controller of Certification Authorities of Mauritius

Ciphermail S/MIME Setup Guide

The DoD Public Key Infrastructure And Public Key-Enabling Frequently Asked Questions

Report to WIPO SCIT Plenary Trilateral Secure Virtual Private Network Primer. February 3, 1999

Chapter 7 Managing Users, Authentication, and Certificates

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Chapter 8. Network Security

SSL A discussion of the Secure Socket Layer

Certificate Management. PAN-OS Administrator s Guide. Version 7.0

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Class 3 Registration Authority Charter

SSL Protect your users, start with yourself

MCTS Guide to Configuring Microsoft Windows Server 2008 Active Directory. Chapter 11: Active Directory Certificate Services

Message authentication and. digital signatures

WiMAX Public Key Infrastructure (PKI) Users Overview

Strong Security in Multiple Server Environments

Chapter 10. Network Security

SBClient SSL. Ehab AbuShmais

Neutralus Certification Practices Statement

1 Public Key Cryptography and Information Security

Final Exam. IT 4823 Information Security Administration. Rescheduling Final Exams. Kerberos. Idea. Ticket

Configuring Digital Certificates

Websense Content Gateway HTTPS Configuration

AD CS.

NIST ITL July 2012 CA Compromise

Discrete logarithms within computer and network security Prof Bill Buchanan, Edinburgh Napier

CSC/ECE 574 Computer and Network Security. What Is PKI. Certification Authorities (CA)

Understanding Digital Certificates & Secure Sockets Layer (SSL): A Fundamental Requirement for Internet Transactions

Entrust Managed Services PKI. Getting an end-user Entrust certificate using Entrust Authority Administration Services. Document issue: 2.

CS Network Security: Public Key Infrastructure

Practice Questions. CS161 Computer Security, Fall 2008

Lecture 10 - Authentication

Chapter 7: Network security

HMRC Secure Electronic Transfer (SET)

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

Danske Bank Group Certificate Policy

Transcription:

CS 392/681 - Computer Security Module 3 Key Exchange Algorithms Nasir Memon Polytechnic University

Course Issues HW 3 assigned. Any lab or course issues? Midterm in three weeks. 8/30/04 Module 3 - Key Exchange 2

Key Exchange Cryptographic primitives seen so far assume Alice and Bob share a secret key which is unknown to Oscar. Alice has a trusted copy of Bob s public key. But how does this happen in the first place?!! Alice and Bob meet and exchange key. Not always practical or possible. We need key exchange protocols! There are key distribution protocols and key agreement protocols. 8/30/04 Module 3 - Key Exchange 3

Session Key Exchange With KDC. Protocol assumes that Alice and Bob share a session key K A and K B with a Key Distribution Center (KDC). Alice calls Trent (Trusted KDC) and requests a session key to communicate with Bob. Trent generates random session key K and sends E KA (K) to Alice and E KB (K) to Bob. Alice and Bob decrypt with K A and K B respectively to get K. This is a key distribution protocol. Susceptible to replay attack! 8/30/04 Module 3 - Key Exchange 4

Session Key Exchange With KDC. A -> KDC ID A ID B N 1 (Hello, I am Alice, I want to talk to Bob, I need a session Key and here is a random nonce identifying this request) KDC -> A E KA ( K ID B N 1 E KB (K ID A )) Encrypted(Here is a key, for you to talk to Bob as per your request N 1 and also an envelope to Bob containing the same key) A -> B E KB (K ID A ) (I would like to talk using key in envelope sent by KDC) B -> A E K (N 2 ) (OK Alice, But can you prove to me that you are indeed Alice and know the key?) A -> A E K (f(n 2 )) (Sure I can!) Last two steps - challenge-response. Commonly used to thwart replay attack. 8/30/04 Module 3 - Key Exchange 5

Session Key Exchange With Public Keys Alice gets Bob s public key from KDC. Alice generates a random session key, encrypts with Bob s public key and sends to Bob. Bob decrypts using his private key to get session key. Alice and Bob exchange a challengeresponse. Above is still susceptible to man-in-the-middle attack. 8/30/04 Module 3 - Key Exchange 6

Man-in-the-middle Attack Alice send request to KDC. Mallory intercepts and sends his own public key. Alice generates random session key and encrypts using Mallory s (she thinks Bob s) public key and send to Bob. Mallory intercepts session key, decrypts, then encrypts with Bob s public key and send to Bob. Bob decrypts session key. Alice and Bob use a session key to communicate that Bob knows! 8/30/04 Module 3 - Key Exchange 7

Diffie-Hellman Key Exchange Protocol for exchanging secret key over public channel. Select global parameters n and g. n is prime and g is a primitive root in Z n. These parameters are public and known to all. Alice privately selects random a and sends to Bob g a mod n. Bob privately selects random b and sends to Alice g b mod n. Alice and Bob privately compute g ab which is their shared secret. An observer Oscar can only compute g a mod n * g b mod n= g a+b mod n. To compute g ab he needs to know either a or b or solve the discrete log problem. This is a key agreement protocol. 8/30/04 Module 3 - Key Exchange 8

The Discrete Log Problem Given y and a in Z p where p is prime, find the unique x in Z p, such that y = a x mod p. For example given 2 and 5 in Z 7, find the unique x such that 5 x = 2 mod 7. 5 1 = 5, 5 2 = 4, 5 3 = 6, 5 4 = 2, 5 5 = 3, 5 6 = 1 Now, given 949 and 2 in Z 2579, find the unique x such that 2 x = 949 mod 2579!! 2 765 = 949 mod 2579. Check with bc. No efficient algorithm known NP-Hard. Note, a has to be a primitive root. 2 1 = 2, 2 2 = 4, 2 3 = 1, 2 4 = 2, 2 5 = 4, 2 6 = 1 8/30/04 Module 3 - Key Exchange 9

Public Key Management Diffie-Hellman is susceptible to man-in-themiddle attack. Mallory captures a and b in transmission and replaces with own a and b. Essentially runs two Diffie-Hellman s. One with Alice and one with Bob. How do you trust a public key? 1. Public announcement of keys. 2. Publicly available directory. 3. Public Key Authority. 4. Web of Trust (PGP). 8/30/04 Module 3 - Key Exchange 10

Public Key Management 5. Public Key Certificates. Certificate consisting of user s ID and public key. Signed by a trusted third party A Certificate Authority (CA). There could be many CA s. There could be a hierarchy of CA s. Which approach is best? 1 and 2 are really no solution. 3 does not scale well. 4 is interesting but has not succeeded in practice as expected. 5 is the solution embraced by industry. This is what we study in more detail. 8/30/04 Module 3 - Key Exchange 11

Public Directory or Authority Solutions. If Alice and Bob want to talk they both get each others public key from central directory or authority. Disadvantages Does not scale well. KDC has to store every user s public key. KDC provides single point of failure. Performance bottleneck. Multiple directories or authorities do not solve the above problems. Instead Digital Certificates. 8/30/04 Module 3 - Key Exchange 12

Public Key Certificate Public Key Certificate Signed messages specifying a name (identity) and the corresponding public key. Signed by whom Certification Authority (CA), an organization that issues public key certificates. We assume that everyone is in possession of a trusted copy of the CA s public key. CA could be Internal CA. Outsourced CA. Trusted Third-Party CA. 8/30/04 Module 3 - Key Exchange 13

Public Key Certificate Unsigned certificate: contains user ID, user's public key Generate hash code of unsigned certificate H E Encrypt hash code with CA's private key to form signature Note: Mechanism of certification and content of certificate, will vary but at the minimum we have email verification and contains ID and Public Key. Signed certificate: Recipient can verify signature using CA's public key. 8/30/04 Module 3 - Key Exchange 14

Certificate Revocation CA also needs some mechanism to revoke certificates Private key compromised. CA mistake in issuing certificate. Particular service the certificate grants access to may no longer exist. CA compromised. Expiration time solves the problems only partially. Certification Revocation Lists (CRL) a list of every certificate that has been revoked but not expired. CRL s quickly grow large! CRL s distributed periodically. What about time period between revocation and distribution of CRL? 8/30/04 Module 3 - Key Exchange 15

Advantages of CA Over KDC CA does not need to be on-line! CA can be very simple computing device. If CA crashes, life goes on (except CRL). Certificates can be stored in an insecure manner!! Compromised CA cannot decrypt messages. Scales well. 8/30/04 Module 3 - Key Exchange 16

Multiple CA s CIA KDC Certificates validating each other s Public Key KGB KDC Alice Bob How does Alice talk to Bob? She obtains Bob s certificate signed by KGB-KDC. She obtains KGB-KDC s certificate signed by CIA-KDC. Concept can be generalized to multiple CA s. Helps if they are organized in a hierarchy. 8/30/04 Module 3 - Key Exchange 17

X.509 Clearly, there is a need for standardization X.509. Originally 1988, revised 93 and 95. X.509 is part of X.500 series that defines a directory service. Defines a framework for authentication services by X.500 directory to its users. Used in S/MIME, IPSEC, SSL, SET etc. Does not dictate use of specific algorithm (recommends RSA). 8/30/04 Module 3 - Key Exchange 18

X.509 Certificate Signature algorithm identifier Period of validity Version Certificate Serial Number algorithm parameters Issuer Name not before not after Version 1 Version 2 Signature algorithm identifier Revoked certificate algorithm parameters Issuer Name This Update Date Next Update Date user certificate serial # revocation date Subject's public key info Subject Name algorithms parameters key Issuer Unique Identifier Subject Unique Identifier Version 3 Revoked certificate Signature user certificate serial # revocation date algorithms parameters encrypted Extensions (b) Certificate Revocation List Signature algorithms parameters encrypted all versions (a) X.509 Certificate 8/30/04 Module 3 - Key Exchange 19

X.509 CA Hierarchy Example. U<<V>> V<<U>> V U Y<<X>> means the certificate of user X issued by CA Y. V<<W>> W<<V>> W<<X>> X<<W>> X<<Z>> C X W A Y V<<Y>> Y<<V>> X<<C>> X<<A>> Z<<B>> Z B Y<<Z>> Z<<Y>> Z<<X>> To talk to B, A obtains the following chain X<<W>> W<<V>> V<<Y>> Y<<Z>> Z<<B>> Simpler if X has X<<Z>> 8/30/04 Module 3 - Key Exchange 20

X.509 Authentication One-way. 1. A{t A, r A, B, sgndata, E KUb [K ab ]} A B Establishes the following Identity of A and message was generated by A Message was intended for B Integrity and originality of message. 8/30/04 Module 3 - Key Exchange 21

X.509 Authentication Two-way. 1. A{t A, r A, B, sgndata, E KUb [K ab ]} A 2. B{t B, r B, A, r A, sgndata, E KUa [K ba ]} B One-Way plus the above which establishes the following Identity of B and message was generated by B Message was intended for A Integrity and originality of message. 8/30/04 Module 3 - Key Exchange 22

X.509 Authentication Three-way. 1. A{t A, r A, B, sgndata, E KUb [K ab ]} A 2. B{t B, r B, A, r B, sgndata, E KUa [K ba ]} B 3. A{r B } Nonce s echoed back and forth to prevent replay attacks. Needed when synchronized clock is not available. 8/30/04 Module 3 - Key Exchange 23

Public-key Infrastructure (PKI) Combination of digital certificates, public-key cryptography, and certificate authorities. A typical enterprise's PKI encompasses issuance of digital certificates to users and servers end-user enrollment software integration with corporate certificate directories tools for managing, renewing, and revoking certificates; and related services and support Verisign, Thawte and Entrust PKI providers. Your own PKI using Netscape/Microsoft certificate servers 8/30/04 Module 3 - Key Exchange 24

Ten Risks of PKI Ellison and Schneier Who do we trust, and for what? Who is using my key? How secure is the verifying computer? Which John Robinson is he? Is the CA an authority? Is the user part of the security design? Was it CA or CA plus Registration Authority? How did the CA identify the certificate holder? How secure are the certificate practices? Why are we using the CA process, anyway? 8/30/04 Module 3 - Key Exchange 25

Further Reading X.509 page http://www.ietf.org/html.charters/pkixcharter.html Ten Risks of PKI - http://www.counterpane.com/pki-risks.html 8/30/04 Module 3 - Key Exchange 26

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information