Security, part 2. The systems

Similar documents
Take-home points. Distributed Systems Security II. Remember digital signatures. Today: Auth protocols

Key Management and Distribution

Network Security. Computer Networking Lecture 08. March 19, HKU SPACE Community College. HKU SPACE CC CN Lecture 08 1/23

Strong Encryption for Public Key Management through SSL

Security: Focus of Control. Authentication

Two SSO Architectures with a Single Set of Credentials

CSE331: Introduction to Networks and Security. Lecture 29 Fall 2006

Cryptosystems. Bob wants to send a message M to Alice. Symmetric ciphers: Bob and Alice both share a secret key, K.

Understanding Digital Certificates and Secure Sockets Layer (SSL)

Secure Sockets Layer

Overview. SSL Cryptography Overview CHAPTER 1

3.2: Transport Layer: SSL/TLS Secure Socket Layer (SSL) Transport Layer Security (TLS) Protocol

CS 356 Lecture 28 Internet Authentication. Spring 2013

Cornerstones of Security

Authentication. Agenda. IT Security course Lecture April 14 th Niels Christian Juul 2. April 14th, 2003

CRYPTOGRAPHY IN NETWORK SECURITY

WEB Security & SET. Outline. Web Security Considerations. Web Security Considerations. Secure Socket Layer (SSL) and Transport Layer Security (TLS)

Using etoken for SSL Web Authentication. SSL V3.0 Overview

Authentication Application

Authentication Applications

SSL A discussion of the Secure Socket Layer

Web Security Considerations

IT Networks & Security CERT Luncheon Series: Cryptography

Authentication Applications

Key Management and Distribution

How To Use Kerberos

Lecture 9 - Network Security TDTS (ht1)

Chapter 17. Transport-Level Security

CS 3251: Computer Networking 1 Security Protocols I

VPN. Date: 4/15/2004 By: Heena Patel

Security Engineering Part III Network Security. Security Protocols (I): SSL/TLS

Authentication Types. Password-based Authentication. Off-Line Password Guessing

Secure Managed File Transfer with Connect:Direct

2.4: Authentication Authentication types Authentication schemes: RSA, Lamport s Hash Mutual Authentication Session Keys Trusted Intermediaries

Transport Level Security

An Introduction to Cryptography and Digital Signatures

Overview of CSS SSL. SSL Cryptography Overview CHAPTER

CHAPTER 1 INTRODUCTION

Chapter 10. Network Security

Chapter 4. Authentication Applications. COSC 490 Network Security Annie Lu 1

Content Teaching Academy at James Madison University

Secure Socket Layer. Introduction Overview of SSL What SSL is Useful For

Chapter 8 Security. IC322 Fall Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Virtual Private Networks

Savitribai Phule Pune University

Communication Security for Applications

NIST PKI 06: Integrating PKI and Kerberos (updated April 2007) Jeffrey Altman

Network Security Protocols

Network Security [2] Plain text Encryption algorithm Public and private key pair Cipher text Decryption algorithm. See next slide

Common security requirements Basic security tools. Example. Secret-key cryptography Public-key cryptography. Online shopping with Amazon

Copyright The McGraw-Hill Companies, Inc. Permission required for reproduction or display. 15.1

Kerberos: An Authentication Service for Computer Networks by Clifford Neuman and Theodore Ts o. Presented by: Smitha Sundareswaran Chi Tsong Su

Security. Contents. S Wireless Personal, Local, Metropolitan, and Wide Area Networks 1

Chapter 7 Transport-Level Security

Secure Sockets Layer (SSL ) / Transport Layer Security (TLS) Network Security Products S31213

Chapter 16: Authentication in Distributed System

Chapter 8. Network Security

Module 8. Network Security. Version 2 CSE IIT, Kharagpur

Entrust Managed Services PKI. Getting started with digital certificates and Entrust Managed Services PKI. Document issue: 1.0

Encryption, Data Integrity, Digital Certificates, and SSL. Developed by. Jerry Scott. SSL Primer-1-1

CS 348: Computer Networks. - Security; 30 th - 31 st Oct Instructor: Sridhar Iyer IIT Bombay

CS 758: Cryptography / Network Security

SYSTEM MODEL KERBEROS OBJECTIVES PHYSICAL SECURITY TRUST: CONSOLIDATED KERBEROS MODEL TRUST: BILATERAL RHOSTS MODEL

CHAPTER 5 ACO BASED MOBILE AGENT FOR SECURED KEY MANAGEMENT

The Secure Sockets Layer (SSL)

Cleaning Encrypted Traffic

Outline. CSc 466/566. Computer Security. 8 : Cryptography Digital Signatures. Digital Signatures. Digital Signatures... Christian Collberg

Network Security. Abusayeed Saifullah. CS 5600 Computer Networks. These slides are adapted from Kurose and Ross 8-1

What is network security?

Chapter 9 Key Management 9.1 Distribution of Public Keys Public Announcement of Public Keys Publicly Available Directory

Cryptography and Key Management Basics

Authenticity of Public Keys

Cryptography and network security CNET4523

Forward Secrecy: How to Secure SSL from Attacks by Government Agencies

Lab 7. Answer. Figure 1

Is your data safe out there? -A white Paper on Online Security

HTTPS is Fast and Hassle-free with CloudFlare

Internet Programming. Security

Network Security #10. Overview. Encryption Authentication Message integrity Key distribution & Certificates Secure Socket Layer (SSL) IPsec

Authentication applications Kerberos X.509 Authentication services E mail security IP security Web security

Key Management and Distribution

Chapter 7: Network security

Web Payment Security. A discussion of methods providing secure communication on the Internet. Zhao Huang Shahid Kahn

Lab Exercise SSL/TLS. Objective. Step 1: Open a Trace. Step 2: Inspect the Trace

TLS and SRTP for Skype Connect. Technical Datasheet

Understanding Digital Certificates and Wireless Transport Layer Security (WTLS)

Spirent Abacus. SIP over TLS Test 编 号 版 本 修 改 时 间 说 明

SECURITY IN NETWORKS

Chapter 14. Key management and Distribution. Symmetric Key Distribution Using Symmetric Encryption

Message authentication and. digital signatures

Network Security. Security Attacks. Normal flow: Interruption: 孫 宏 民 Phone: 國 立 清 華 大 學 資 訊 工 程 系 資 訊 安 全 實 驗 室

2014 IBM Corporation

Information Security

Security. Friends and Enemies. Overview Plaintext Cryptography functions. Secret Key (DES) Symmetric Key

Cryptography and Network Security Chapter 14. Key Distribution. Key Management and Distribution. Key Distribution Task 4/19/2010

VALLIAMMAI ENGINEERING COLLEGE

SSH, SSL, and IPsec: wtf?

E-commerce. business. technology. society. Kenneth C. Laudon Carol Guercio Traver. Second Edition. Copyright 2007 Pearson Education, Inc.

Kerberos. Guilin Wang. School of Computer Science, University of Birmingham

Programming OpenSSL. The Server Perspective. by Sean Walton. Copyright 2001 Sean Walton

Transcription:

Security, part 2 The systems

Announcements HW3, coming soon No class next week for Thanksgiving

Last time Max Krohn and OKCupid

Last Thursday Security, part one: The tools Public- and private-key cryptography Feistel block ciphers and DES Cryptographic hashing

Today: Security, part 2 Digital signatures Needham-Schroeder and Kerberos Hybrid cryptographic protocols TLS / SSL

Digital signature goals Authentication Prove that a message has not been altered Unforgeability Prove that the message was created by a specific person (a.k.a. the principal) Non-repudiation Once a message is signed, the principal cannot deny that they signed the message

Signatures with public-key crypto One option (not used in practice): Encrypt with private key to sign a message: s = E(K priv, m) Send m,s Decrypt with public key to verify the signature: m = D(K pub, s) Check that m == m Because private key is not shared, the signature is unforgeable and unrepudiable Because public key is shared, anyone can verify the signature A problem: public-key cryptography is slow

Signatures with public-key crypto An improvement: Hash the message with a cryptographic hash function first, sign the hash: h = H(m) s = E(K priv, h) Send m,s Use the hash function and public key to verify the signature: h = H(m) h = D(K pub, s) Check that h == h Cryptographic hash functions are often 30-100x faster than public-key cryptography Public-key crypto needed just to sign the short hash Hash function must be cryptographic to prevent attacker from replacing m with m such that H(m ) == H(m)

Signatures with private-key crypto Using a cryptographic hash function H and shared private key K: To verify: s = H(m + K) Send m,s Compute s = H(m + K) Check s == s Bit-string append (not addition) Very fast: no encryption/decryption needed A problem: need to reveal private key to verify the signature

Needham-Schroeder and Kerberos Goal: to create a secure, usable system providing authentication and privacy without public-key cryptography Will use private-key cryptography A key problem to solve: private-key cryptography requires a shared private key Will use a trusted third party to negotiate the shared private key

The trusted third party Stores private keys for all users Generates tickets which contain a session key when two parties need to communicate

Needham-Schroeder and Kerberos In following diagrams: Client C initiating a connection to server S Authentication server A generates a session key K SC Client C has private key K C, which only A and C share Server S has private key K S, which only A and S share

Needham-Schroeder and Kerberos 1 Authentication server A Messages: 1: C to A: C,S,n Client C Server S A nonce: a number used once. In Kerberos this is usually the time.

Needham-Schroeder and Kerberos Authentication server A 1 2 Messages: 1: C to A: C,S,n Client C Server S start and end time for K CS 2: A to C: {K cs,s,n} K c {C,S,K cs,t 1,t 2 } K s the session key K CS,S,n encrypted with private key K C C,S,K CS,t 1,t 2 encrypted with private key K S

Needham-Schroeder and Kerberos Authentication server A Messages: 1: C to A: C,S,n 1 Client C 2 3 Server S 2: A to C: {K cs,s,n} K {C,S,K c cs,t 1,t 2 } K s 3: C to S: {request,n, } K {C,S,K sc cs,t 1,t 2 } K s

Needham-Schroeder and Kerberos Authentication server A 1 2 3 Messages: 1: C to A: C,S,n Client C 4 Server S 2: A to C: {K cs,s,n} K {C,S,K c cs,t 1,t 2 } K s 3: C to S: {request,n, } K {C,S,K sc cs,t 1,t 2 } K s 4: S to C: {n,response, } K sc

Needham-Schroeder and Kerberos Not shown here: In Kerberos, this is just the process for negotiating a session key for a new client-server connection. There s a separate process (with its own authentication server and exchange of messages) for initially authenticating to the Kerberos system. The client and server typically exchange a subsession key as part of their handshake, and use that subsession key for encrypting subsequent communication. (They periodically use the original session key to renegotiate new subsession keys, to avoid encrypting too much information with a single private key.) Kerberos sometimes just used for authentication, not necessarily for encrypting the requests and responses themselves. (e.g., AFS)

Needham-Schroeder and Kerberos Problems: Trust! The trusted 3 rd party can authenticate as any user, and can read any communication Scalability The authentication server needs all keys Single point of failure If the authentication server fails, no new connections can be established

Scaling Kerberos Divide the world into realms Authentication server in each realm has private keys for all users in that realm, but none for users from other realms In Kerberos ver. 4, each realm authentication server has cross-realm private keys for every other realm

Scaling Kerberos cmu.edu authentication server mit.edu authentication server 1 Client C Server S 1: To initiate a connection with a server in a remote realm, client first sends request to authentication server in its own realm

Scaling Kerberos cmu.edu authentication server mit.edu authentication server 1 2 Client C Server S 2: Client gets ticket-granting key; one ticket encrypted with cross-realm key, the other with C s private key, much as before.

Scaling Kerberos cmu.edu authentication server 3 mit.edu authentication server 1 2 4 Client C Server S 3&4: Client uses ticket-granting ticket to authenticate to remote realm authentication server, which sends a session key for C and S

Scaling Kerberos cmu.edu authentication server 3 mit.edu authentication server 1 2 5 4 Client C 6 Server S 5&6: Client and server can now communicate much as before

Scaling Kerberos Problems: Realm servers can authenticate as any users in their realm, read private client-server communication Each realm server needs cross-realm private key for each other realm server they might want to authenticate to O(n) keys for each realm server, O(n 2 ) keys total for n realm servers

Scaling Kerberos Improvements: Kerberos ver. 5 allows multi-hop cross-realm authentication Allows a hierarchy of servers Any realm server in your authentication path can read your private communication When connecting, you get the list of realm servers in your authentication path, so you can decide whether or not you trust them

Hybrid cryptosystems Use public-key cryptography to negotiate a private session key Use private-key cryptography for the actual session E.g., SSH, Secure Socket Layer (SSL), Transport Layer Security (TLS)

Simplified SSL 1 Client C 2 Server S Messages: 1: request 2: S s X.509v3 certificate, containing its public key signed by a certificate authority

Simplified SSL 1 Client C 2 3 Server S Messages: 1: request 2: S s X.509v3 certificate, containing its public key signed by a certificate authority 3: Client verifies the certificate using the certificate authority s public key, sends session key for subsequent communication (encrypted with S s public key)

Hidden from the simplified view Hello messages initiating the communication Client and server negotiate which cryptosystem they will use for the session Client can send its own certificate, for client authentication

Hybrid cryptosystem problems Verifying the public key / certificate in a usable manner is hard SSH essentially makes you verify it How do you get the public certificate for the certificate authority? Pre-installed in web browsers Do you trust your web browser? Did you trust your network connection when you downloaded your browser?

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information