Security Handshake Pitfalls

Size: px
Start display at page:

Download "Security Handshake Pitfalls"

Transcription

1

2 Hello

3 Challenge R

4 f(k, R

5 f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R.

6 f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. 2. Connection can be hijacked if the rest of the transaction is without cryptographic protection and attacker makes packets with addr

7 f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. 2. Connection can be hijacked if the rest of the transaction is without cryptographic protection and attacker makes packets with addr 3. Off line password guessing attack if K is derived from password because both R and f(k,r are observable.

8 f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. 2. Connection can be hijacked if the rest of the transaction is without cryptographic protection and attacker makes packets with addr 3. Off line password guessing attack if K is derived from password because both R and f(k,r are observable. 4. Someone reading the database may be able to impersonate later or to another server that the client uses

9 Hello

10 K{R}

11 R

12 R Concerns: 1. Requires reversible cryptography no hash

13 R Concerns: 1. Requires reversible cryptography no hash 2. No need to eavesdrop if R is recognizable Attacker says hello and gets back K{R}, if K derived from password can generate lots of Ks for a dictionary attack.

14 R Concerns: 1. Requires reversible cryptography no hash 2. No need to eavesdrop if R is recognizable Attacker says hello and gets back K{R}, if K derived from password can generate lots of Ks for a dictionary attack. 3. If R is recognizable by, then protocol authenticates but only if life of R is short, otherwise K{R} can be replayed by attacker

15 Hello, K{time}

16 Hello, K{time} Advantage: 1. One direction, more efficient is drop in replacement for existing prot.

17 Hello, K{time} Advantage: 1. One direction, more efficient is drop in replacement for cleartext prot. 2. The server does not need to keep volatile state (such as R

18 Hello, K{time} Advantage: 1. One direction, more efficient is drop in replacement for cleartext prot. 2. The server does not need to keep volatile state (such as R Problems: 1. Attacker can use K{time} to impersonate within acc clock skew

19 Hello, K{time} Advantage: 1. One direction, more efficient is drop in replacement for cleartext prot. 2. The server does not need to keep volatile state (such as R Problems: 1. Attacker can use K{time} to impersonate within acc clock skew But can be foiled if remembers all timestamps sent.

20 Hello, K{time} Advantage: 1. One direction, more efficient is drop in replacement for cleartext prot. 2. The server does not need to keep volatile state (such as R Problems: 1. Attacker can use K{time} to impersonate within acc clock skew But can be foiled if remembers all timestamps sent. 2. If multiple s, same K, K{time} on one can work on others

21 Hello, K{time} Advantage: 1. One direction, more efficient is drop in replacement for cleartext prot. 2. The server does not need to keep volatile state (such as R Problems: 1. Attacker can use K{time} to impersonate within acc clock skew But can be foiled if remembers all timestamps sent. 2. If multiple s, same K, K{time} on one can work on others Can be foiled by sending K{time server}

22 Hello, K{time} Advantage: 1. One direction, more efficient is drop in replacement for cleartext prot. 2. The server does not need to keep volatile state (such as R Problems: 1. Attacker can use K{time} to impersonate within acc clock skew But can be foiled if remembers all timestamps sent. 2. If multiple s, same K, K{time} on one can work on others Can be foiled by sending K{time server} 3. Vulnerable to attacker setting time back on!!

23 Hello, K{time} Problems: 4. Setting time requires a security handshake better make it chllng/resp (that is, not depending on time or else there is a problem if clocks of machines are too far apart the negotiation will fail.

24 Hello, time, hash{k,time}

25 Hello, time, hash{k,time} Advantage: 1. Otherwise, if time not sent, for to check hash, must try lots of different acceptable times before one matches the hash

26 (K c, S c Hello (K s, S s

27 (K c, S c Challenge R (K s, S s

28 (K c, S c signed[r] Sc (K s, S s Advantage: Like secret key protocol except database not vulnerable to peeking

29 (K c, S c signed[r] Sc (K s, S s Advantage: Like secret key protocol except database not vulnerable to peeking Problem: Can trick someone into signing something. Wait for to say Hello, send back something you want client to sign, get the signed item use it.

30 (K c, S c Hello (K s, S s

31 (K encrypt{r} c, S c Kc (K s, S s

32 (K R c, S c (K s, S s Concerns: 1. Some public key systems can only do signatures, not reversible encryption

33 (K R c, S c (K s, S s Concerns: 1. Some public key systems can only do signatures, not reversible encryption 2. Attacker can get an encrypted message sent to client, impersonate, send the message to who decrypts it. Gets back the decrypted message.

34 (K R c, S c (K s, S s Should the same keys be used for encryption and signing? 0. Someone encrypts message M with client public key, sends to client 1. Attacker intercepts M e mod N where <e,n> is the client's key pair 2. Attacker chooses number R, prime relative to modulus N 3. Attacker creates bogus message H = M e *R e (recall e is public 4. Attacker impersonates server, sends H to client for signing 5. Attacker gets H d mod N = (M*R ed mod N = M*R mod N 6. Attacker multiplies by R 1 to get M

35 (K R c, S c (K s, S s Concerns: 1. Some public key systems can only do signatures, not reversible encryption 2. Attacker can get an encrypted message sent to client, impersonate, send the message to who decrypts it. Gets back the decrypted message. Never use the same key for signing and encryption/decryption

36 (K R c, S c (K s, S s Concerns: 1. Some public key systems can only do signatures, not reversible encryption 2. Attacker can get an encrypted message sent to client, impersonate, send the message to who decrypts it. Gets back the decrypted message. Never use the same key for signing and encryption/decryption Observe: several secure independent systems may be insecure when put together (attacker may use one protocol to break another.

37 Hello, R c Mutual Authentication:

38 R s, f(k, R c Mutual Authentication:

39 f(k,r s Mutual Authentication:

40 Imposter Hello, R i Reflection Attack: Attacker wants to impersonate to. Attacker sends Hello and a challenge.

41 Imposter R s, f(k, R i Reflection Attack: Attacker wants to impersonate to. Attacker sends Hello and a challenge. Attacker gets back f(k, R i (who cares and R s.

42 Imposter R s, f(k, R i Hello, R s Reflection Attack: Attacker wants to impersonate to. Attacker sends Hello and a challenge. Attacker gets back f(k, R i (who cares and R s. Attacker opens second connection to using R s.

43 Imposter R s, f(k, R i Reflection Attack: Attacker wants to impersonate to. Attacker sends Hello and a challenge. Attacker gets back f(k, R i (who cares and R s. Attacker opens second connection to using R s. Attacker gets back R s encrypted. R p, f(k, R s

44 Imposter f(k, R s Reflection Attack: Attacker wants to impersonate to. Attacker sends Hello and a challenge. Attacker gets back f(k, R i (who cares and R s. Attacker opens second connection to using R s. Attacker gets back R s encrypted. R p, f(k, R s Attacker abandons second connection and sends back f(k, R s to complete.

45 Imposter f(k, R s R p, f(k, R s Reflection Attack, how to foil it: 1. Instead of the same key K, use different keys K s, K c K s may be almost K c (say times 1 or 1 different etc. 2. Insist the challenge from the is different from that of the

46 Imposter f(k, R s R p, f(k, R s Reflection Attack, how to foil it: 1. Instead of the same key K, use different keys K s, K c K s may be almost K c (say times 1 or 1 different etc. 2. Insist the challenge from the is different from that of the Also, off line password guessing attack vulnerability: Attacker sends message to claiming to be and enclosing a challenge R, returns the challenge encrypted f(k, R, this gives the attacker ability to check passwords

47 Hello Reflection Attack can't succeed with this protocol:

48 R s Reflection Attack can't succeed with this protocol:

49 f(k,r s Reflection Attack can't succeed with this protocol:

50 R c Reflection Attack can't succeed with this protocol:

51 f(k,r c Reflection Attack can't succeed with this protocol: Reason: Initiator always is first to prove its identity!!

52 Hello, encrypt{r c } (K Ks c, S c (K s, S s Public key mutual authentication:

53 R c, encrypt{r s } (K Kc c, S c (K s, S s Public key mutual authentication:

54 R (K s c, S c (K s, S s Public key mutual authentication:

55 R (K s c, S c (K s, S s Public key mutual authentication: Variant: R s and R c are signed by their respective parties

56 R (K s c, S c (K s, S s Public key mutual authentication: Variant: R s and R c are signed by their respective parties How does the client's workstation retrieve the client's private key when all the client knows is a password? usually keys cannot be recovered from passwords, e.g. RSA Use a directory service client workstation retrieves the following: 1. 's private key which is encrypted with 's password 2. Certificate for 's public key, signed with 's private key

57 hello R K{R} Establish a session key (secret key system: After authentication R and K{R} is known by and Can't use K{R} as session key someone may have seen it Can't use K{R+1} as session key Attacker seeing transmission using session key K{R+1} impersonates 's network address to and sends R+1 as the challenge to. responds with K{R+1}. So attacker can decrypt previous transmission.

58 hello R K{R} Establish a session key (secret key system: After authentication R and K{R} is known by and Can't use K{R} as session key someone may have seen it Can't use K{R+1} as session key Attacker seeing transmission using session key K{R+1} impersonates 's network address to and sends R+1 as the challenge to. responds with K{R+1}. So attacker can decrypt previous transmission. Session key should not be an encrypted value which can be predicted or extracted later.

59 (K c, S c g, p, [g a mod p] Sc, [g b mod p] Ss (K s, S s Establish a session key (public key system: Authenticate with Diffie Hellman exchange, RSA signing. Use g ab mod p as the session key. Attempt to get root access on either machine does not reveal the a and b needed to generate session key to decrypt recorded messages they were never recorded and the session key was tossed. If session key had been sent across, it could have been recorded and decrypted after getting root access. If session keys get sent across without being signed, attacker can send an R while impersonating 's network address.

60 Request B A KDC (K a K a {K AB } (K s K b {K AB } B (K b KDC operation, in principle Makes K AB

61 A KDC (K a N a, Req B (K s B (K b Needham Schroeder authentication and session key (secret key system: A sends a nonce N a and request to connect to B to the KDC

62 K ab, N a A KDC (K a (K s B (K b Needham Schroeder authentication and session key (secret key system: A sends a nonce N a and request to connect to B to the KDC KDC makes a session key K ab for the connection

63 K ab, N a A KDC K a {N a, B, K ab, T} (K a (K s T=K b {K ab, A} B (K b Needham Schroeder authentication and session key (secret key system: A sends a nonce N a and request to connect to B to the KDC KDC makes a session key K ab for the connection KDC encrypts N a, B, a ticket T with key K a and sends all to A. To make T the KDC encrypts the session key and A with with K b.

64 A KDC (K a (K s B (K b T, K ab {N b } Needham Schroeder authentication and session key (secret key system: A sends a nonce N a and request to connect to B to the KDC KDC makes a session key K ab for the connection KDC encrypts N a, B, a ticket T with key K a and sends all to A. To make T the KDC encrypts the session key and A with with K b. A encrypts a nonce N b with the session key K ab, sends with ticket to B

65 A KDC (K a (K s Needham Schroeder authentication and session key (secret key system: A sends a nonce N a and request to connect to B to the KDC KDC makes a session key K ab for the connection KDC encrypts N a, B, a ticket T with key K a and sends all to A. K ab {N b 1,N c } To make T the KDC encrypts the session key and A with with K b. B (K b A encrypts a nonce N b with the session key K ab, sends with ticket to B B subtracts 1 from nonce, make new nonce, encrypts with session key sends encrypted message to A.

66 A KDC (K a (K s B (K b K ab {N c 1} Needham Schroeder authentication and session key (secret key system: A sends a nonce N a and request to connect to B to the KDC KDC makes a session key K ab for the connection KDC encrypts N a, B, a ticket T with key K a and sends all to A. To make T the KDC encrypts the session key and A with with K b. A encrypts a nonce N b with the session key K ab, sends with ticket to B B subtracts 1 from nonce, make new nonce, encrypts with session key sends encrypted message to A. A subtracts 1 from nonce, encrypts with session key, sends to B

67 A KDC (K a N a, Req B (K s B (K b Needham Schroeder: What is going on? Nonce N a protects against: attacker, having stolen previous K b and message from A requesting it, waits for A to request a session key from the KDC and immediately plays back KDC's reply to A, and gets the session key encrypted with B's old K b, which it knows, so it can impersonate B to A. K a {N a, B, K ab, T} T=K b {K ab, A} Attacker need not know key of A

68 A KDC K (K a a {N a, B, K ab, T} (K s T=K b {K ab, A} B (K b Needham Schroeder: What is going on? With the identity of B inserted, attacker id substitution is detected by A Nonce is returned to check authenticity of KDC Double encryption of session key (K b for ticket, then K a on the ticket is not considered necessary

69 A KDC (K a (K s B (K b T, K ab {N b } Needham Schroeder: What is going on? A knows that only someone with B's key K b can decrypt and get the session key. With session key, B decrypts N b.

70 A KDC (K a (K s B (K b Needham Schroeder: Vulnerability If attacker finds out A's key K a, then attacker can impersonate itself to the KDC. But if A changes K a, then we require attacker not to be able to impersonate. But the ticket to B remains valid after a such a change. Attacker can save K a {N a, B, K ab, K b {K ab, A}} until it knows the old K a key, then decrypt to get K b {K ab, A} and send that to B to convince it that it is connecting with A using K ab.

71 A KDC (K a (K s B (K b Needham Schroeder: Vulnerability If attacker finds out A's key K a, then attacker can impersonate itself to the KDC. But if A changes K a, then we require attacker not to be able to impersonate. But the ticket to B remains valid after a such a change. Attacker can save K a {N a, B, K ab, K b {K ab, A}} until it knows the old K a key, then decrypt to get K b {K ab, A} and send that to B to convince it that it is connecting with A using K ab Fixed by A connecting to B requesting an encrypted nonce and using that nonce throughout the exchange.

72 A KDC (K a (K s B (K b Otway Rees: N c, A, B, K a {N a, N c, A, B}

73 A KDC (K a (K s K a {N a, N c, A, B}, K b {N b, N c, A, B} B (K b Otway Rees: If N c is not the same in both messages, KDC will stop the transaction.

74 K ab A KDC (K a (K s B (K b Otway Rees:

75 K ab A KDC (K a (K s N c, K a {N a, K ab }, K b {N b, K ab } B (K b Otway Rees: B is reassured that it is talking to KDC since its nonce was extracted using K b and sent back encrypted.

76 K ab A KDC (K a (K s B (K b Otway Rees: K a {N a, K ab } This message reassures A that both the KDC and B are OK because it can check its nonce, which it had encrypted with other things, and to get it back means the KDC used K a and the KDC validated B.

77 K ab A KDC (K a (K s B (K b Otway Rees: K ab {anything recognizable} A proves identity to B by showing it knows K ab.

78 Nonce types: Security Handshake Pitfalls Random number will probably never be reused Timestamp requires synchronized clocks Sequence number requires non volatile memory (system crash?

79 Protocol Checklist: Eavesdropping: attacker should not be able to do any of the following learn the contents of messages between connecting parties learn information enabling impersonation in a future exchange learn anything that permits off line password guessing

80 Protocol Checklist: Eavesdropping: attacker should not be able to do any of the following learn the contents of messages between connecting parties learn information enabling impersonation in a future exchange learn anything that permits off line password guessing Impersonation of Originator: attacker should not be able to do any of these: convince other party it is the real originator learn information that would enable impersonator to do an off line password guessing attack against or 's secret information learn information that would enable impersonation of in the future learn information that would enable impersonation of to trick into signing or decrypting something

81 Protocol Checklist: Eavesdropping: attacker should not be able to do any of the following learn the contents of messages between connecting parties learn information enabling impersonation in a future exchange learn anything that permits off line password guessing Impersonation of Originator: attacker should not be able to do any of these: convince other party it is the real originator learn information that would enable impersonator to do an off line password guessing attack against or 's secret information learn information that would enable impersonation of in the future learn information that would enable impersonation of to trick into signing or decrypting something Pounce attacker gets part way through authentication but should not: convince the attacker is the learn info enabling an off line password guessing attack learn info enabling impersonation of in future or to trick into signing or decrypting something

82 Protocol Checklist: Read Database: Bad news! Then attacker can convince it is the. Attacker can do off line password guessing attack against 's secret (if it is derived from a password since must have enough info to know if party really is the. But: Attacker should not be able to impersonate the to the Attacker should not be able to decrypt recorded messages between S and C

83 Protocol Checklist: Read Database: Bad news! Then attacker can convince it is the. Attacker can do off line password guessing attack against 's secret (if it is derived from a password since must have enough info to know if party really is the. But: Attacker should not be able to impersonate the to the Attacker should not be able to decrypt recorded messages between S and C Read Database: Bad News!! Then attacker can convince that it is the. Attacker can do off line password guessing attack against 's secret. But: Attacker should not be able to impersonate the to the Attacker should not be able to decrypt recorded messages between S and C

84 Protocol Checklist: Read Database: Bad news! Then attacker can convince it is the. Attacker can do off line password guessing attack against 's secret (if it is derived from a password since must have enough info to know if party really is the. But: Attacker should not be able to impersonate the to the Attacker should not be able to decrypt recorded messages between S and C Read Database: Bad News!! Then attacker can convince that it is the. Attacker can do off line password guessing attack against 's secret. But: Attacker should not be able to impersonate the to the Attacker should not be able to decrypt recorded messages between S and C Sit on net and modify messages Attacker should not be able to: do an off line password guessing attack on anybody's secret information read any messages hijack a conversation without the other side knowing this cause messages between and to be misinterpreted

CSC 474/574 Information Systems Security

CSC 474/574 Information Systems Security CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication

More information

Authentication Handshakes

Authentication Handshakes AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.

More information

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication Outline Security Handshake Pitfalls (Chapter 11 & 12.2) Login Only Authentication (One Way) Login i w/ Shared Secret One-way Public Key Lamport s Hash Mutual Authentication Shared Secret Public Keys Timestamps

More information

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols CIS 6930/4930 Computer and Network Security Topic 6.2 Authentication Protocols 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake. Authenticate

More information

Security Handshake Pitfalls

Security Handshake Pitfalls Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Cryptographic Authentication Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response

More information

6. Security Handshake Pitfalls Contents

6. Security Handshake Pitfalls Contents Contents 1 / 45 6.1 Introduction 6.2 Log-in Only 6.3 Mutual Authentication 6.4 Integrity/Encryption of Data 6.5 Mediated Authentication (with KDC) 6.6 Bellovin-Merrit 6.7 Network Log-in and Password Guessing

More information

Security Handshake Pitfalls

Security Handshake Pitfalls Cryptographic Authentication Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response

More information

Security Handshake Pitfalls

Security Handshake Pitfalls Security Handshake Pitfalls 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: Authenticate each other Establish sessions keys This process may

More information

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Security Handshake Pitfalls Login only Mutual

More information

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken 0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple

More information

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012

Ideal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012 Ideal Security Protocol Satisfies security requirements Requirements must be precise Efficient Small computational requirement Small bandwidth usage, network delays Not fragile Works when attacker tries

More information

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni CSCI 667: Concepts of Computer Security Lecture 9 Prof. Adwait Nadkarni 1 Derived from slides by William Enck, Micah Sherr, Patrick McDaniel, Peng Ning, and Vitaly Shmatikov Authentication Alice? Bob?

More information

What did we talk about last time? Public key cryptography A little number theory

What did we talk about last time? Public key cryptography A little number theory Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive

More information

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols

More information

Password. authentication through passwords

Password. authentication through passwords Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse

More information

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management

More information

Cryptographic Protocols 1

Cryptographic Protocols 1 Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange

More information

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Data Security and Privacy. Topic 14: Authentication and Key Establishment Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt

More information

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment. CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How

More information

CS 161 Computer Security

CS 161 Computer Security Paxson Spring 2011 CS 161 Computer Security Discussion 9 March 30, 2011 Question 1 Another Use for Hash Functions (8 min) The traditional Unix system for password authentication works more or less like

More information

Real-time protocol. Chapter 16: Real-Time Communication Security

Real-time protocol. Chapter 16: Real-Time Communication Security Chapter 16: Real-Time Communication Security Mohammad Almalag Dept. of Computer Science Old Dominion University Spring 2013 1 Real-time protocol Parties negotiate interactively (Mutual) Authentication

More information

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba

More information

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications CSE565: Computer Security Lectures 16 & 17 Authentication & Applications Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 Lec 16.1 Acknowledgments Material for some

More information

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is

More information

Cryptography and Network Security

Cryptography and Network Security Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Authentication Applications We cannot enter into alliance with neighbouring princes until

More information

CPSC 467b: Cryptography and Computer Security

CPSC 467b: Cryptography and Computer Security CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management

More information

User Authentication Protocols Week 7

User Authentication Protocols Week 7 User Authentication Protocols Week 7 CEN-5079: 2.October.2017 1 Announcement Homework 1 is posted on the class webpage Due in 2 weeks 10 points (out of 100) subtracted each late day CEN-5079: 2.October.2017

More information

CMSC 414 S09 Exam 2 Page 1 of 6 Name:

CMSC 414 S09 Exam 2 Page 1 of 6 Name: CMSC 414 S09 Exam 2 Page 1 of 6 Name: Total points: 100. Total time: 115 minutes. 6 problems over 6 pages. No book, notes, or calculator Unless stated otherwise, the following conventions are used: K{X}

More information

Key Management and Elliptic Curves

Key Management and Elliptic Curves Key Management and Elliptic Curves Key Management Distribution of ublic Keys ublic-key Distribution of Secret Keys Diffie-Hellman Key Echange Elliptic Curves Mathematical foundations Elliptic curves over

More information

Information Security CS 526

Information Security CS 526 Information Security CS 526 Topic 14: Key Distribution & Agreement, Secure Communication Topic 14: Secure Communication 1 Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric

More information

Authentication Protocols. Outline. Who Is Authenticated?

Authentication Protocols. Outline. Who Is Authenticated? Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People

More information

CS 494/594 Computer and Network Security

CS 494/594 Computer and Network Security CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers

More information

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from

More information

Spring 2010: CS419 Computer Security

Spring 2010: CS419 Computer Security Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics

More information

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018 Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS

More information

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 38 A Tutorial on Network Protocols

More information

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight

More information

L13. Reviews. Rocky K. C. Chang, April 10, 2015

L13. Reviews. Rocky K. C. Chang, April 10, 2015 L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing

More information

Chapter 9: Key Management

Chapter 9: Key Management Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange

More information

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key? ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should

More information

1 Identification protocols

1 Identification protocols ISA 562: Information Security, Theory and Practice Lecture 4 1 Identification protocols Now that we know how to authenticate messages using MACs, a natural question is, how can we use MACs to prove that

More information

HOST Authentication Overview ECE 525

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time

More information

Computer Networks & Security 2016/2017

Computer Networks & Security 2016/2017 Computer Networks & Security 2016/2017 Network Security Protocols (10) Dr. Tanir Ozcelebi Courtesy: Jerry den Hartog Courtesy: Kurose and Ross TU/e Computer Science Security and Embedded Networked Systems

More information

EEC-682/782 Computer Networks I

EEC-682/782 Computer Networks I EEC-682/782 Computer Networks I Lecture 25 Wenbing Zhao wenbingz@gmail.com http://academic.csuohio.edu/zhao_w/teaching/eec682.htm (Lecture nodes are based on materials supplied by Dr. Louise Moser at UCSB

More information

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system

More information

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries CIS 6930/4930 Computer and Network Security Topic 7. Trusted Intermediaries 1 Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC) Representative

More information

Elements of Security

Elements of Security Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 8, 2015 at 12:47 Slideset 7: 1 Car Talk Puzzler You have a friend in a police state

More information

Cryptographic Checksums

Cryptographic Checksums Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;

More information

CIS 6930/4930 Computer and Network Security. Final exam review

CIS 6930/4930 Computer and Network Security. Final exam review CIS 6930/4930 Computer and Network Security Final exam review About the Test This is an open book and open note exam. You are allowed to read your textbook and notes during the exam; You may bring your

More information

Fall 2010/Lecture 32 1

Fall 2010/Lecture 32 1 CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1 Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol

More information

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued)

Cryptology Part 1. Terminology. Basic Approaches to Cryptography. Basic Approaches to Cryptography: (1) Transposition (continued) Cryptology Part 1 Uses of Cryptology 1. Transmission of a message with assurance that the contents will be known only by sender and recipient a) Steganography: existence of the message is hidden b) Cryptography:

More information

Session key establishment protocols

Session key establishment protocols our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session

More information

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L CS 3461/5461: Introduction to Computer Networking and Internet Technologies Network Security Study: 21.1 21.5 Kannan Srinivasan 11-27-2012 Security Attacks, Services and Mechanisms Security Attack: Any

More information

Authentication. Strong Password Protocol. IT352 Network Security Najwa AlGhamdi

Authentication. Strong Password Protocol. IT352 Network Security Najwa AlGhamdi Authentication Strong Password Protocol 1 Strong Password Protocol Scenario : Alice uses any workstation to log to the server B, using a password to authenticate her self. Various way to do that? Use Ur

More information

Session key establishment protocols

Session key establishment protocols our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session

More information

Security protocols and their verification. Mark Ryan University of Birmingham

Security protocols and their verification. Mark Ryan University of Birmingham Security protocols and their verification Mark Ryan University of Birmingham Contents 1. Authentication protocols (this lecture) 2. Electronic voting protocols 3. Fair exchange protocols 4. Digital cash

More information

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC) Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value

More information

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another

More information

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018 Distributed Systems 25. Authentication Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 Authentication For a user (or process): Establish & verify identity Then decide whether to

More information

User Authentication Protocols

User Authentication Protocols User Authentication Protocols Class 5 Stallings: Ch 15 CIS-5370: 26.September.2016 1 Announcement Homework 1 is due today by end of class CIS-5370: 26.September.2016 2 User Authentication The process of

More information

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols Cryptography and Network Security Chapter 13 Digital Signatures & Authentication Protocols Digital Signatures have looked at message authentication but does not address issues of lack of trust digital

More information

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Internet and Intranet Protocols and Applications Lecture 9a: Secure Sockets Layer (SSL) March, 2004 Arthur Goldberg Computer Science Department New York University artg@cs.nyu.edu Security Achieved by

More information

CS November 2018

CS November 2018 Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University

More information

8.7 Authentication Protocols

8.7 Authentication Protocols Page 1 of 11 [ Team LiB ] 8.7 Authentication Protocols Authentication is the technique by which a process verifies that its communication partner is who it is supposed to be and not an imposter. Verifying

More information

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005 Authentication in real world: Kerberos, SSH and SSL Zheng Ma Apr 19, 2005 Where are we? After learning all the foundation of modern cryptography, we are ready to see some real world applications based

More information

CS Protocol Design. Prof. Clarkson Spring 2017

CS Protocol Design. Prof. Clarkson Spring 2017 CS 5430 Protocol Design Prof. Clarkson Spring 2017 Review Cryptography: Encryption, block ciphers, block cipher modes, MACs, cryptographic hash functions, digital signatures, authenticated encryption,

More information

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May

More information

CS3235 Seventh set of lecture slides

CS3235 Seventh set of lecture slides CS3235 Seventh set of lecture slides Hugh Anderson National University of Singapore School of Computing October, 2007 Hugh Anderson CS3235 Seventh set of lecture slides 1 Warp 9... Outline 1 Public Key

More information

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper

More information

Trusted Intermediaries

Trusted Intermediaries AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)

More information

AIT 682: Network and Systems Security

AIT 682: Network and Systems Security AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)

More information

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems

More information

The Kerberos Authentication System Course Outline

The Kerberos Authentication System Course Outline The Kerberos Authentication System Course Outline Technical Underpinnings - authentication based on key sharing - Needham-Schroeder protocol - Denning and Sacco protocol Kerbeors V - Login and client-server

More information

Outline More Security Protocols CS 239 Computer Security February 4, 2004

Outline More Security Protocols CS 239 Computer Security February 4, 2004 Outline More Security Protocols CS 239 Computer Security February 4, 2004 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication

More information

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II Hello and welcome to today's lecture on secured communication.

More information

CSC 482/582: Computer Security. Security Protocols

CSC 482/582: Computer Security. Security Protocols Security Protocols Topics 1. Basic Concepts of Cryptography 2. Security Protocols 3. Authentication Protocols 4. Key Exchange Protocols 5. Kerberos 6. Public Key Infrastructure Encryption and Decryption

More information

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 L7: Key Distributions Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/16/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from or are

More information

Key Management and Distribution

Key Management and Distribution CPE 542: CRYPTOGRAPHY & NETWORK SECURITY Chapter 10 Key Management; Other Public Key Cryptosystems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan

More information

T Cryptography and Data Security

T Cryptography and Data Security T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use

More information

Datasäkerhetsmetoder föreläsning 7

Datasäkerhetsmetoder föreläsning 7 Datasäkerhetsmetoder föreläsning 7 Nyckelhantering Jan-Åke Larsson Cryptography A security tool, not a general solution Cryptography usually converts a communication security problem into a key management

More information

Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi

Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi Authentication Overview of Authentication systems 1 Approaches for Message Authentication Authentication is process of reliably verifying the identity of someone. Authentication Schemes 1. Password-based

More information

CS 161 Computer Security

CS 161 Computer Security Popa & Wagner Spring 2016 CS 161 Computer Security Discussion 5 Week of February 19, 2017 Question 1 Diffie Hellman key exchange (15 min) Recall that in a Diffie-Hellman key exchange, there are values

More information

Computer Security 4/12/19

Computer Security 4/12/19 Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers

More information

CS Protocols. Prof. Clarkson Spring 2016

CS Protocols. Prof. Clarkson Spring 2016 CS 5430 Protocols Prof. Clarkson Spring 2016 Review: Secure channel When we last left off, we were building a secure channel The channel does not reveal anything about messages except for their timing

More information

22-security.txt Tue Nov 27 09:13: Notes on Security Protocols , Fall 2012 Carnegie Mellon University Randal E.

22-security.txt Tue Nov 27 09:13: Notes on Security Protocols , Fall 2012 Carnegie Mellon University Randal E. 22-security.txt Tue Nov 27 09:13:37 2012 1 Notes on Security Protocols 15-440, Fall 2012 Carnegie Mellon University Randal E. Bryant References: Tannenbaum: 9.1, 9.2 (skip 9.2.3), 9.4.1 BASICS Desired

More information

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017 Computer Security 10. Exam 2 Review Paul Krzyzanowski Rutgers University Spring 2017 March 23, 2018 CS 419 2017 Paul Krzyzanowski 1 Question 1(a) Suppose you come across some old text in the form GEPPQ

More information

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security. Trusted Intermediaries CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center () Representative solution:

More information

Outline More Security Protocols CS 239 Computer Security February 6, 2006

Outline More Security Protocols CS 239 Computer Security February 6, 2006 Outline More Security Protocols CS 239 Computer Security February 6, 2006 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication

More information

Password-based authentication and key distribution protocols with perfect forward secrecy

Password-based authentication and key distribution protocols with perfect forward secrecy Journal of Computer and System Sciences 72 (2006) 1002 1011 www.elsevier.com/locate/jcss Password-based authentication and key distribution protocols with perfect forward secrecy Hung-Min Sun a,, Her-Tyan

More information

Proving who you are. Passwords and TLS

Proving who you are. Passwords and TLS Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers

More information

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp. Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)

More information

Overview. Terminology. Password Storage

Overview. Terminology. Password Storage Class: CSG254 Network Security Team: Enigma (team 2) Kevin Kingsbury Tejas Parikh Tony Ryan Shenghan Zhang Assignment: PS3 Secure IM system Overview Our system uses a server to store the passwords, and

More information

Contents Digital Signatures Digital Signature Properties Direct Digital Signatures

Contents Digital Signatures Digital Signature Properties Direct Digital Signatures Contents Digital Signatures... 197 Digital Signature Properties... 198 Direct Digital Signatures... 198 199...قابلداوری Arbitrated Digital Signatures Arbitrated Digital Signature Technaiques... 200 Authentication

More information

CSC/ECE 774 Advanced Network Security

CSC/ECE 774 Advanced Network Security Computer Science CSC/ECE 774 Advanced Network Security Topic 2. Network Security Primitives CSC/ECE 774 Dr. Peng Ning 1 Outline Absolute basics Encryption/Decryption; Digital signatures; D-H key exchange;

More information

Key distribution and certification

Key distribution and certification Key distribution and certification In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification Authority

More information

13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.

13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980. Key distribution and certification Kerberos In the case of public key encryption model the authenticity of the public key of each partner in the communication must be ensured. Problem solution: Certification

More information

Network Security. Chapter 8. MYcsvtu Notes.

Network Security. Chapter 8. MYcsvtu Notes. Network Security Chapter 8 Network Security Some people who cause security problems and why. Cryptography Introduction Substitution ciphers Transposition ciphers One-time pads Fundamental cryptographic

More information

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos ECE596C: Handout #9 Authentication Using Shared Secrets Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we introduce the concept of authentication and

More information

Chapter 9 Public Key Cryptography. WANG YANG

Chapter 9 Public Key Cryptography. WANG YANG Chapter 9 Public Key Cryptography WANG YANG wyang@njnet.edu.cn Content Introduction RSA Diffie-Hellman Key Exchange Introduction Public Key Cryptography plaintext encryption ciphertext decryption plaintext

More information

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic.

Lecture Nov. 21 st 2006 Dan Wendlandt ISP D ISP B ISP C ISP A. Bob. Alice. Denial-of-Service. Password Cracking. Traffic. 15-441 Lecture Nov. 21 st 2006 Dan Wendlandt Worms & Viruses Phishing End-host impersonation Denial-of-Service Route Hijacks Traffic modification Spyware Trojan Horse Password Cracking IP Spoofing DNS

More information