Principles of Security Part 4: Authentication protocols Sections 3 and 4
|
|
- Jewel Dennis
- 6 years ago
- Views:
Transcription
1 Principles of Security Part 4: protocols Sections 3 and 4 Oxford Michaelmas Term 2008
2 Outline asic ideas of authentication Challenge-Response ttacks What did we learn?
3 Outline asic ideas of authentication Challenge-Response ttacks What did we learn?
4 Outline asic ideas of authentication Challenge-Response ttacks What did we learn?
5 Outline asic ideas of authentication Challenge-Response Examples ttacks Examples of impersonation ttack on (CRS0) ttack on (CRS0-nest) ttack on (CRS 0 ) ttack on (CRS 0 -nest) What did we learn?
6 Recall from Part 1: CPTCH Examples ttack on (CRS0) ttack on (CRS0-nest)
7 Man-in-the-Middle (MitM) ttack Examples ttack on (CRS0) ttack on (CRS0-nest)
8 Man-in-the-Middle (MitM) ttack Smart card relay Examples ttack on (CRS0) ttack on (CRS0-nest)... much easier with NFC phones!
9 Refining authentication to capture MitM attacks Examples ttack on (CRS0) The definition of authentication needs to be strengthened to capture not only ttack on (CRS0-nest) the challenge and the response messages, but also principals intent to respond to a challenge.
10 (CRS 0 ) authentication Here is the protocol (CRS 0 ), initiated by ob. Examples ttack on (CRS0) ttack on (CRS0-nest) to : y νy to : S y
11 (CRS 0 ) authentication Here is the protocol (CRS 0 ), initiated by ob. We proved that it correctly implements (CR). Examples ttack on (CRS0) ttack on (CRS0-nest) to : y νy to : S y
12 (CRS 0 ) authentication ut here is a Man-in-the-Middle attack on it. M Examples ttack on (CRS0) ttack on (CRS0-nest) to : y νy M to : y to M: S y to : S y
13 (CRS 0 ) authentication ut here is a Man-in-the-Middle attack on it. (CRS 0 ) does not guarantee agreement about the identities. M Examples ttack on (CRS0) ttack on (CRS0-nest) to : y νy M to : y to M: S y to : S y
14 Ping authentication in (CRS 0 ) We proved that from ob s actions νy Examples ttack on (CRS0) ttack on (CRS0-nest) y (S y)
15 Ping authentication in (CRS 0 ) We proved that from ob s actions, it follows that lice must have been on-line recently. νy Examples ttack on (CRS0) ttack on (CRS0-nest) ((y)) y S y (S y)
16 Ping authentication in (CRS 0 ) We did not prove that from ob s intent to challenge lice νy Examples ttack on (CRS0) ttack on (CRS0-nest) to : y ( to : S y)
17 Ping authentication in (CRS 0 ) We did not prove that from ob s intent to challenge lice follows lice s intent to respond to ob. νy Examples ttack on (CRS0) ttack on (CRS0-nest) ( to : y) to : y to : S y ( to : S y)
18 No agreement in (CRS 0 ) We did not prove that from ob s intent to challenge lice follows lice s intent to respond to ob. νy Examples ttack on (CRS0) ttack on (CRS0-nest) ( to : y) to : y to : S y ( to : S y)
19 Mutual authentication: (CRS 0 -nest) Here is a protocol that we proved secure, assuming that lice and ob are honest, and that they both know it. νx to : x Examples ttack on (CRS0) ttack on (CRS0-nest) to : y νy to : S (x.y) to : S (x.y)
20 Mutual authentication: (CRS 0 -nest) ut here is a what may happen if lice tries to talk to Mallory, who is not honest. νx to M: x M to : y to M: S (x.y) M to : S M (x.y) M to : x to : y to : S (x.y) to : S (x.y) νy Examples ttack on (CRS0) ttack on (CRS0-nest)
21 Moral Examples ttack on (CRS0) ttack on (CRS0-nest) To avoid impersonation, always specify the participants of the the challenge-response exchange in the protected message.
22 One-way authentication with Signature (CRS 0 ) = (CR) [ c x = x, r x = S x ] NOT νx x Examples ttack on (CRS0) ttack on (CRS0-nest) S x
23 One-way authentication with Signature (CRS) = (CR) [ c x = x, r x = S (.x) ] UT νx x Examples ttack on (CRS0) ttack on (CRS0-nest) S (.x)
24 Mutual authentication with Signatures (CRS 0 -seq) = (ISO ) NOT νx x Examples ttack on (CRS0) ttack on (CRS0-nest) y,s (x.y) νy S (x.y)
25 Mutual authentication with Signatures (CRS-seq) UT νx x Examples ttack on (CRS0) ttack on (CRS0-nest) y,s (.x.y) νy S (.x.y)
26 Mutual authentication with Signatures (CRS 0 -nest) NOT νx x Examples ttack on (CRS0) ttack on (CRS0-nest) νy y S (x.y) S (x.y)
27 Mutual authentication with Signatures (CRS-nest) UT νx x Examples ttack on (CRS0) ttack on (CRS0-nest) νy y S (.x.y) S (.x.y)
28 One-way authentication with Encryptions (CREE 0 ) NOT νx E x Examples ttack on (CRS0) ttack on (CRS0-nest) E x
29 One-way authentication with Encryptions (CREE) UT Examples ttack on (CRS0) ttack on (CRS0-nest) νx E (.x) E x
30 Mutual authentication with Encryptions (CREE 0 -seq) NOT νx E x Examples ttack on (CRS0) ttack on (CRS0-nest) E (x.y) νy E y
31 Mutual authentication with Encryptions (NSPK)... and NOT Examples ttack on (CRS0) ttack on (CRS0-nest) νx E (.x) E (x.y) νy E y
32 Mutual authentication with Encryptions (CREE-seq) = (NSL) UT Examples ttack on (CRS0) ttack on (CRS0-nest) νx E (.x) E (.x.y) νy E y
33 Discussion The definitions of one-way authentication in terms of the challenge-response pattern, Examples ttack on (CRS0) ttack on (CRS0-nest) mutual authentication in terms of the matching conversation records still allow confusion about who is talking to whom.
34 Strong one-way authentication Intended authentication νx Examples ttack on (CRS0) ttack on (CRS0-nest) to : c x ( to : r x)
35 Strong one-way authentication Intended authentication νx Examples ttack on (CRS0) ttack on (CRS0-nest) to : c x ( to : c x) ( to : r x) to : r x
36 Strong mutual authentication greement Strong mutual authentication requires not only matching conversation records: all principals records of the content and the order Examples ttack on (CRS0) ttack on (CRS0-nest) of all messages must coincide, but also matching views of the intent: all principals views of the purported sources and the intended destinations of all messages should also coincide.
37 Strong authentication with signatures Proposition The protocols (CRS), (CRS-seq) and (CRS-nest) all realize strong authentication. Examples ttack on (CRS0) ttack on (CRS0-nest)
38 Strong authentication with signatures Proposition The protocols (CRS), (CRS-seq) and (CRS-nest) all realize strong authentication. Examples ttack on (CRS0) ttack on (CRS0-nest) Homework Prove this.
39 Outline asic ideas of authentication Challenge-Response ttacks What did we learn? Key setup again More on Servers Conclusion ack to key setup More on Servers What has been achieved?
40 Secure key generation Can we now generate keys securely... νx to :g x Key setup again More on Servers Conclusion νy to :g y k =(g y ) x k =(g x ) y
41 Secure key generation... while avoiding the MitM-attacks? M νx to :g x to :gỹ ν x νỹ to :g x νy to :g y Key setup again More on Servers Conclusion k =g xỹ g xỹ g xy k =g xy
42 Secure key generation Yes! Take (CRS-seq) for authentication... νx Key setup again x More on Servers Conclusion νy y, S (.x.y) S (.x.y)
43 Secure key generation... and plug in (DHK) for key agreement. νx g x Key setup again More on Servers Conclusion νy g y, S (. g x.g y ) S (. g x.g y ) k =(g y ) x k =(g x ) y
44 Secure key generation The signatures S are bound to their owners by certificates C. νx g x Key setup again More on Servers Conclusion νy g y, C, S (. g x.g y ) C, S (. g x.g y ) k =(g y ) x k =(g x ) y where C X = S S( X.V X)
45 ootstrapping authentication Symmetric Key Servers using symmetric keys is piped S through an Server S. Key setup again More on Servers Conclusion
46 ootstrapping authentication Symmetric Key Servers using symmetric keys is piped S through an Server S. (Recall Yahalom.) symmetric key Server is often called a Key Distribution Center (KDC). Key setup again More on Servers Conclusion
47 ootstrapping authentication Symmetric Key Servers using symmetric keys is piped S through an Server S. (Recall Yahalom.) symmetric key Server is often called a Key Distribution Center (KDC). Key setup again More on Servers Conclusion Public Key Servers using public keys goes directly, but an Server S must certify public keys in advance, and issue C and C. public key Server is often called a Certifying uthority (C).
48 KDCs and Cs Similarities n Server S shares a key with every principal, in its range. is bootstrapped over S and S. Key setup again More on Servers Conclusion
49 KDCs and Cs Similarities n Server S shares a key with every principal, in its range. is bootstrapped over S and S. Key setup again More on Servers Conclusion Differences KDC directly participates in every authentication session between every and. C authenticates each in advance, and issues a certificate C, which can be used at any time, for any session with any.
50 KDCs and Cs Disadvantages of KDC can impersonate everyone to everyone single point of failure, performance bottleneck must be on-line, otherwise the network halts Key setup again More on Servers Conclusion
51 KDCs and Cs Disadvantages of KDC can impersonate everyone to everyone single point of failure, performance bottleneck must be on-line, otherwise the network halts Key setup again More on Servers Conclusion Disadvantage of C revocation C distributes Certificate Revocation Lists (CRL) every certificate should be checked against CRL often omitted
52 Secure key generation dding key confirmation and identity protection to νx g x Key setup again More on Servers Conclusion νy g y, C, S (. g x.g y ) C, S (. g x.g y ) k =(g y ) x k =(g x ) y
53 Secure key generation... we get in the realm of practical protocols: νx g x Key setup again More on Servers Conclusion g y, E (C, S (. g x.g y )) νy E (C, S (. g x.g y )) k =(g y ) x k =(g x ) y where E (u) = E ( k, u )
54 Secure key generation Problem: ob exposed to DoS attack! νx g x Key setup again More on Servers Conclusion g y, E (C, S (. g x.g y )) νy E (C, S (. g x.g y )) k =(g y ) x k =(g x ) y where E (u) = E ( k, u )
55 Secure key generation Solution: Expand (CRS-nest) by (DHK) νx g x νy g y Key setup again More on Servers Conclusion C, S (. g x.g y ) k =(g y ) x C, S (. g x.g y ) k =(g x ) y
56 Secure key generation... just like before to νx g x νy g y Key setup again More on Servers Conclusion E (C, S (. g x.g y )) k =(g y ) x E (C, S (. g x.g y )) k =(g x ) y
57 Secure key generation If ob is a busy C, he can use cookies H xy... νx Key setup again g x g y, H xy νy More on Servers Conclusion g x, g y, H xy, E (C, S (. g x.g y )) k =(g y ) x E (C, S (. g x.g y )) k =(g x ) y where H xy = H (g x.g y )
58 Secure key generation... and needn t keep the state at all! νx g x g y, H xy νy Key setup again More on Servers Conclusion g x, g y, H xy, E (C, S (. g x.g y )) k =(g y ) x E (C, S (. g x.g y )) k =(g x ) y where H xy = H (g x.g y )
59 Secure key generation The core of IKEv2 (and JFK), the basic IPSec protocol: νx g x νy g y, H xy, C Key setup again More on Servers Conclusion g x, g y, H xy, E (C, S (C. g x.g y )) k =(g y ) x E (S (g x.g y )) k =(g x ) y where H xy = H (g x.g y )
60 Secure key generation Homework What are the security consequences of replacing S (. g x.g y ) by S ( C. g x.g y) in the third message in the preceding protocol? Key setup again More on Servers Conclusion Is this protocol open for a MitM-attack because of S (g x.g y ) instead of S (. g x.g y ) in the final message? What kind of attacks would become possible if the encryptions by E were removed?
61 Summary: Questions of authentication Why is it that it is easy to establish a secure channel, but it is hard to know with whom? Key setup again More on Servers Conclusion
62 Summary: Questions of authentication Why is it that it is easy to establish a secure channel, but it is hard to know with whom? Key setup again More on Servers Conclusion Why is it that crypto systems are broken once in a while, but authentications fail every day?
63 Old answer: is a deep problem From local observations to global conclusions through reflection Key setup again More on Servers Conclusion René to himself: "I think, therefore I exist."
64 New answer: is a technical problem From local observations to global conclusions by cryptography Key setup again More on Servers Conclusion lice to ob: "Noone else could decrypt this, therefore you exist."
65 in Cyberspace ssumptions the network is controlled by the dversary Key setup again More on Servers Conclusion "Satan s computer" the dversary is computationally limited the same algorithmics like everyone else
66 ut computational limitations are relative to the available computational resources Traveling Salesman Problem unfeasible for standard computers NP-hard for Turing machines Key setup again More on Servers Conclusion
67 ut computational limitations are relative to the available computational resources Traveling Salesman Problem easy for the ants in your yard they use pheromones as a computational resource Key setup again More on Servers Conclusion pheromone evaporates at a steady rate new paths are generated at random each ant leaves a pheromone trail behind it old paths are marked and amplified by pheromone the stronger the marking, the more attractive the path shorter paths become more attractive shorter time for evaporation
68 eyond Cyberspace What if computation is not limited to cyberspace? Key setup again More on Servers Conclusion
69 eyond Cyberspace What if computation is not limited to cyberspace? What if lice, ob, Mallory and Satan, besides computers, also use smart cards, mobile phones, fly planes, shoot guns and even talk to each other? Key setup again More on Servers Conclusion
70 eyond Cyberspace What if computation is not limited to cyberspace? What if lice, ob, Mallory and Satan, besides computers, also use smart cards, mobile phones, fly planes, shoot guns and even talk to each other? Key setup again More on Servers Conclusion They do all that in pervasive computation. Next part.
Principles of Security Part 4: Authentication protocols Sections 1 and 2
Principles of Security Part 4: protocols Sections 1 and 2 Oxford Michaelmas Term 2008 Outline Basic ideas of authentication Challenge-Response Attacks What did we learn? Outline Basic ideas of authentication
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationCPSC 467b: Cryptography and Computer Security
CPSC 467b: Cryptography and Computer Security Michael J. Fischer Lecture 24 April 16, 2012 CPSC 467b, Lecture 24 1/33 Kerberos Secure Shell (SSH) Transport Layer Security (TLS) Digital Rights Management
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Secured Communications: Key exchange Schneier, Applied Cryptography:
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationKey Management and Distribution
Key Management and Distribution Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-14/
More informationA Limitation of BAN Logic Analysis on a Man-in-the-middle Attack
ISS 1746-7659, England, U Journal of Information and Computing Science Vol. 1, o. 3, 2006, pp. 131-138 Limitation of Logic nalysis on a Man-in-the-middle ttack + Shiping Yang, Xiang Li Computer Software
More informationAuthentication Part IV NOTE: Part IV includes all of Part III!
Authentication Part IV NOTE: Part IV includes all of Part III! ECE 3894 Hardware-Oriented Security and Trust Spring 2018 Assoc. Prof. Vincent John Mooney III Georgia Institute of Technology NOTE: THE FOLLOWING
More informationOverview of Authentication Systems
Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationCryptography and Network Security Chapter 14
Cryptography and Network Security Chapter 14 Fifth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 14 Key Management and Distribution No Singhalese, whether man or woman, would venture
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers
More informationCS 395T. Formal Model for Secure Key Exchange
CS 395T Formal Model for Secure Key Exchange Main Idea: Compositionality Protocols don t run in a vacuum Security protocols are typically used as building blocks in a larger secure system For example,
More informationECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages
ECE 646 Lecture 3 Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E management Chapter 14 Management and Distribution Using the same for multiple messages
More informationA Derivation System for Security Protocols and its Logical Formalization
A Derivation System for Security Protocols and its Logical Formalization Anupam Datta Ante Derek John C. Mitchell Dusko Pavlovic Stanford University CSFW July 1, 2003 Kestrel Institute Contributions Protocol
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationApplied Cryptography and Computer Security CSE 664 Spring 2017
Applied Cryptography and Computer Security Lecture 18: Key Distribution and Agreement Department of Computer Science and Engineering University at Buffalo 1 Key Distribution Mechanisms Secret-key encryption
More informationDigital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)
Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value
More informationCS Computer Networks 1: Authentication
CS 3251- Computer Networks 1: Authentication Professor Patrick Traynor 4/14/11 Lecture 25 Announcements Homework 3 is due next class. Submit via T-Square or in person. Project 3 has been graded. Scores
More informationComputer Networks & Security 2016/2017
Computer Networks & Security 2016/2017 Network Security Protocols (10) Dr. Tanir Ozcelebi Courtesy: Jerry den Hartog Courtesy: Kurose and Ross TU/e Computer Science Security and Embedded Networked Systems
More informationTotal points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator
CMSC 414 F08 Exam 1 Page 1 of 10 Name: Total points: 71. Total time: 75 minutes. 9 problems over 7 pages. No book, notes, or calculator 1. [14 points] a. Are n=221 and e=3 valid numbers for RSA. Explain.
More informationCryptographic Protocols 1
Cryptographic Protocols 1 Luke Anderson luke@lukeanderson.com.au 5 th May 2017 University Of Sydney Overview 1. Crypto-Bulletin 2. Problem with Diffie-Hellman 2.1 Session Hijacking 2.2 Encrypted Key Exchange
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More informationECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #9 Authentication Using Shared Secrets Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we introduce the concept of authentication and
More informationL13. Reviews. Rocky K. C. Chang, April 10, 2015
L13. Reviews Rocky K. C. Chang, April 10, 2015 1 Foci of this course Understand the 3 fundamental cryptographic functions and how they are used in network security. Understand the main elements in securing
More informationKey management. Pretty Good Privacy
ECE 646 - Lecture 4 Key management Pretty Good Privacy Using the same key for multiple messages M 1 M 2 M 3 M 4 M 5 time E K time C 1 C 2 C 3 C 4 C 5 1 Using Session Keys & Key Encryption Keys K 1 K 2
More informationNetwork Security Chapter 8
Network Security Chapter 8 Cryptography Symmetric-Key Algorithms Public-Key Algorithms Digital Signatures Management of Public Keys Communication Security Authentication Protocols Email Security Web Security
More informationCertificates, Certification Authorities and Public-Key Infrastructures
(Digital) Certificates Certificates, Certification Authorities and Public-Key Infrastructures We need to be sure that the public key used to encrypt a message indeed belongs to the destination of the message
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationIntroduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution
Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution Egemen K. Çetinkaya Egemen K. Çetinkaya Department of Electrical & Computer Engineering Missouri University
More information1. Diffie-Hellman Key Exchange
e-pgpathshala Subject : Computer Science Paper: Cryptography and Network Security Module: Diffie-Hellman Key Exchange Module No: CS/CNS/26 Quadrant 1 e-text Cryptography and Network Security Objectives
More informationLecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from
Lecture 15 PKI & Authenticated Key Exchange COSC-260 Codes and Ciphers Adam O Neill Adapted from http://cseweb.ucsd.edu/~mihir/cse107/ Today We will see how signatures are used to create public-key infrastructures
More informationDiffie-Hellman. Part 1 Cryptography 136
Diffie-Hellman Part 1 Cryptography 136 Diffie-Hellman Invented by Williamson (GCHQ) and, independently, by D and H (Stanford) A key exchange algorithm o Used to establish a shared symmetric key Not for
More informationReal-time protocol. Chapter 16: Real-Time Communication Security
Chapter 16: Real-Time Communication Security Mohammad Almalag Dept. of Computer Science Old Dominion University Spring 2013 1 Real-time protocol Parties negotiate interactively (Mutual) Authentication
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationCrypto meets Web Security: Certificates and SSL/TLS
CSE 484 / CSE M 584: Computer Security and Privacy Crypto meets Web Security: Certificates and SSL/TLS Spring 2016 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationNetwork Security - ISA 656 IPsec IPsec Key Management (IKE)
Network Security - ISA 656 IPsec IPsec (IKE) Angelos Stavrou September 28, 2008 What is IPsec, and Why? What is IPsec, and Why? History IPsec Structure Packet Layout Header (AH) AH Layout Encapsulating
More informationOutline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication
Outline Security Handshake Pitfalls (Chapter 11 & 12.2) Login Only Authentication (One Way) Login i w/ Shared Secret One-way Public Key Lamport s Hash Mutual Authentication Shared Secret Public Keys Timestamps
More informationCSE 127: Computer Security Cryptography. Kirill Levchenko
CSE 127: Computer Security Cryptography Kirill Levchenko October 24, 2017 Motivation Two parties want to communicate securely Secrecy: No one else can read messages Integrity: messages cannot be modified
More informationUNIT - IV Cryptographic Hash Function 31.1
UNIT - IV Cryptographic Hash Function 31.1 31-11 SECURITY SERVICES Network security can provide five services. Four of these services are related to the message exchanged using the network. The fifth service
More informationSecure Sockets Layer (SSL) / Transport Layer Security (TLS)
Secure Sockets Layer (SSL) / Transport Layer Security (TLS) Brad Karp UCL Computer Science CS GZ03 / M030 20 th November 2017 What Problems Do SSL/TLS Solve? Two parties, client and server, not previously
More informationT Cryptography and Data Security
T-79.159 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Kaufman et al: Ch 11.6; 9.7-9; Stallings:
More informationSecuring Connections with Digital Certificates in Router OS. By Ezugu Magnus PDS Nigeria
Securing Connections with Digital Certificates in Router OS By Ezugu Magnus PDS Nigeria About the Presenter MikroTik Certifications My Contact details: Mikrotik Certified Engineer (MTCNA,MTCRE,MTCWE,MTCTCE,MTCUME,MTCINE)
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationComputer Networks. Wenzhong Li. Nanjing University
Computer Networks Wenzhong Li Nanjing University 1 Chapter 7. Network Security Network Attacks Cryptographic Technologies Message Integrity and Authentication Key Distribution Firewalls Transport Layer
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationProofs for Key Establishment Protocols
Information Security Institute Queensland University of Technology December 2007 Outline Key Establishment 1 Key Establishment 2 3 4 Purpose of key establishment Two or more networked parties wish to establish
More informationInstructions 1 Elevation of Privilege Instructions
Instructions 1 Elevation of Privilege Instructions Draw a diagram of the system you want to threat model before you deal the cards. Deal the deck to 3-6 players. Play starts with the 3 of Tampering. Play
More informationECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationCS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD
ERIK JONSSON SCHOOL OF ENGINEERING & COMPUTER SCIENCE Cyber Security Research and Education Institute CS 6324: Information Security Dr. Junia Valente Department of Computer Science The University of Texas
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Security Handshake Pitfalls Login only Mutual
More informationThe Cryptographic Sensor
The Cryptographic Sensor Libor Dostálek and Václav Novák {libor.dostalek, vaclav.novak}@prf.jcu.cz Faculty of Science University of South Bohemia České Budějovice Abstract The aim is to find an effective
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationTopics. Dramatis Personae Cathy, the Computer, trusted 3 rd party. Cryptographic Protocols
Cryptographic Protocols Topics 1. Dramatis Personae and Notation 2. Session and Interchange Keys 3. Key Exchange 4. Key Generation 5. Cryptographic Key Infrastructure 6. Storing and Revoking Keys 7. Digital
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationThe Kerberos Authentication Service
The Kerberos Authentication Service By: Cule Stevan ID#: 0047307 SFWR 4C03 April 4, 2005 Last Revision: April 5, 2005 Stevan Cule 0047307 SOFTWARE ENGINEERING 4C03 WINTER 2005 The Kerberos Authentication
More informationIdeal Security Protocol. Identify Friend or Foe (IFF) MIG in the Middle 4/2/2012
Ideal Security Protocol Satisfies security requirements Requirements must be precise Efficient Small computational requirement Small bandwidth usage, network delays Not fragile Works when attacker tries
More informationAuthentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005
Authentication in real world: Kerberos, SSH and SSL Zheng Ma Apr 19, 2005 Where are we? After learning all the foundation of modern cryptography, we are ready to see some real world applications based
More informationKey management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution 1 Using the same key for multiple
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More informationHomework 3: Solution
Homework 3: Solution March 28, 2013 Thanks to Sachin Vasant and Xianrui Meng for contributing their solutions. Exercise 1 We construct an adversary A + that does the following to win the CPA game: 1. Select
More informationCSC 774 Network Security
CSC 774 Network Security Topic 2. Review of Cryptographic Techniques CSC 774 Dr. Peng Ning 1 Outline Encryption/Decryption Digital signatures Hash functions Pseudo random functions Key exchange/agreement/distribution
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Public Key Cryptography Modular Arithmetic RSA
More informationPublic-Key Infrastructure NETS E2008
Public-Key Infrastructure NETS E2008 Many slides from Vitaly Shmatikov, UT Austin slide 1 Authenticity of Public Keys? private key Alice Bob public key Problem: How does Alice know that the public key
More informationECE 646 Lecture 3. Key management
ECE 646 Lecture 3 Key management Required Reading Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E Chapter 14 Key Management and Distribution Using the same key for multiple
More informationA Critical Analysis and Improvement of AACS Drive-Host Authentication
A Critical Analysis and Improvement of AACS Drive-Host Authentication Jiayuan Sui and Douglas R. Stinson David R. Cheriton School of Computer Science University of Waterloo Waterloo, ON, N2L 3G1, Canada
More informationSecurity: Focus of Control
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Cryptographic Authentication Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response
More informationAoT: Authentication and Access Control for the Entire IoT Device Life-Cycle
AoT: Authentication and Access Control for the Entire IoT Device Life-Cycle Noura Alomar November 7th, 2018 1 AoT The AoT paper is one of the earliest and most cited papers on IoT defense and it considers
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationCSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography Outline 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationModern cryptography 2. CSCI 470: Web Science Keith Vertanen
Modern cryptography 2 CSCI 470: Web Science Keith Vertanen Modern cryptography Overview Asymmetric cryptography Diffie-Hellman key exchange (last time) Pubic key: RSA Pretty Good Privacy (PGP) Digital
More information0x1A Great Papers in Computer Security
CS 380S 0x1A Great Papers in Computer Security Vitaly Shmatikov http://www.cs.utexas.edu/~shmat/courses/cs380s/ Privacy on Public Networks Internet is designed as a public network Wi-Fi access points,
More informationModule: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security
CMPSC443 - Introduction to Computer and Network Security Module: Cryptographic Protocols Professor Patrick McDaniel Spring 2009 1 Key Distribution/Agreement Key Distribution is the process where we assign
More informationElements of Security
Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 8, 2015 at 12:47 Slideset 7: 1 Car Talk Puzzler You have a friend in a police state
More informationENEE 459-C Computer Security. Security protocols
ENEE 459-C Computer Security Security protocols Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public.
More informationOutline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA
CSCI 454/554 Computer and Network Security Topic 5.2 Public Key Cryptography 1. Introduction 2. RSA Outline 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard 2 Introduction Public Key Cryptography
More informationLecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay
Lecture Note 6 KEY MANAGEMENT Sourav Mukhopadhyay Cryptography and Network Security - MA61027 Key Management There are actually two distinct aspects to the use of public-key encryption in this regard:
More informationSecurity: Focus of Control. Authentication
Security: Focus of Control Three approaches for protection against security threats a) Protection against invalid operations b) Protection against unauthorized invocations c) Protection against unauthorized
More informationOutline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)
Outline AIT 682: Network and Systems Security 1. Introduction 2. RSA 3. Diffie-Hellman Key Exchange 4. Digital Signature Standard Topic 5.2 Public Key Cryptography Instructor: Dr. Kun Sun 2 Public Key
More information6.033 Computer System Engineering
MIT OpenCourseWare http://ocw.mit.edu 6.033 Computer System Engineering Spring 2009 For information about citing these materials or our Terms of Use, visit: http://ocw.mit.edu/terms. Nickolai Zeldovich
More informationKey Management and Distribution
2 and Distribution : Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven Gordon on 20 December 2015 css441y15s2l10, Steve/Courses/2015/s2/css441/lectures/key-management-and-distribution.tex,
More informationEncryption. INST 346, Section 0201 April 3, 2018
Encryption INST 346, Section 0201 April 3, 2018 Goals for Today Symmetric Key Encryption Public Key Encryption Certificate Authorities Secure Sockets Layer Simple encryption scheme substitution cipher:
More informationUser Authentication Protocols
User Authentication Protocols Class 5 Stallings: Ch 15 CIS-5370: 26.September.2016 1 Announcement Homework 1 is due today by end of class CIS-5370: 26.September.2016 2 User Authentication The process of
More informationKerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos
Kerberos and Public-Key Infrastructure Key Points Kerberos is an authentication service designed for use in a distributed environment. Kerberos makes use of a thrusted third-part authentication service
More informationOther Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?
ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should
More informationStrong Password Protocols
Strong Password Protocols Strong Password Protocols Password authentication over a network Transmit password in the clear. Open to password sniffing. Open to impersonation of server. Do Diffie-Hellman
More informationSecurity Handshake Pitfalls
Hello Challenge R f(k, R f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone
More informationPublic Key Algorithms
CSE597B: Special Topics in Network and Systems Security Public Key Cryptography Instructor: Sencun Zhu The Pennsylvania State University Public Key Algorithms Public key algorithms RSA: encryption and
More informationOutline. More Security Protocols CS 239 Security for System Software April 22, Needham-Schroeder Key Exchange
Outline More Security Protocols CS 239 Security for System Software April 22, 2002 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and
More informationThe Match On Card Technology
Precise Biometrics White Paper The Match On Card Technology Magnus Pettersson Precise Biometrics AB, Dag Hammarskjölds väg 2, SE 224 67 Lund, Sweden 22nd August 2001 Abstract To make biometric verification
More informationSSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1
SSL/TLS & 3D Secure CS 470 Introduction to Applied Cryptography Ali Aydın Selçuk CS470, A.A.Selçuk SSL/TLS & 3DSec 1 SSLv2 Brief History of SSL/TLS Released in 1995 with Netscape 1.1 Key generation algorithm
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More information