User Authentication Protocols
|
|
- Cynthia Norton
- 6 years ago
- Views:
Transcription
1 User Authentication Protocols Class 5 Stallings: Ch 15 CIS-5370: 26.September
2 Announcement Homework 1 is due today by end of class CIS-5370: 26.September
3 User Authentication The process of verifying an identity claimed by or for a system entity Fundamental system security building block Basis of access control & user accountability Has two steps: Identification provide claimed identity Authentication verify validity of claim User authentication message authentication CIS-5370: 26.September
4 User Authentication: How? Based on something the individual Knows - e.g. password, PIN Possesses - e.g. key, token, smartcard Is (static biometrics): fingerprint, retina Does (dynamic biometrics): voice, handwriting Can use alone or combined All can provide user authentication All have issues CIS-5370: 26.September
5 Authentication Protocols Convince parties of each others identity Also exchange session keys May be one-way or two-way (mutual) Key issues: 1. Confidentiality Protect session keys Prior keys or secrets need to exist 2. Timeliness Prevent replay attacks CIS-5370: 26.September
6 Replay Attacks Valid signed message is copied and later re-sent Simple replay Copy message; replay later Repetition that can be logged Replay timestamped message within validity interval Repetition that cannot be detected Suppress original message Backward replay without modification Send the replay message back to its sender CIS-5370: 26.September
7 Replay Attacks: Countermeasures Sequence numbers Attach sequence number seqno to message Accept message if seqno follows previous value Not always practical Timestamps Message needs to contain timestamp Accept message if timestamp is within validity window Need synchronized clocks CIS-5370: 26.September
8 Countermeasures (cont d) Challenge/response Ensures message freshness Challenger sends random nonce R Responder s message needs contain a function of R 1 Challenge: R Alice 2 Response: contains F(R) Trent T (Host) CIS-5370: 26.September
9 Authentication One-way authentication Mutual: two-way authentication Using symmetric key crypto Using public-key crypto CIS-5370: 26.September
10 One-Way Authentication 1 Login A Alice 1 Login A Trent T (Host) How can T know it s Alice and not Mallory impersonating Alice? Mallory CIS-5370: 26.September
11 Authentication Approaches Password Host stores Alice s password Alice sends password Host verifies password Problem: Guess? Trent stores all passwords in clear Whoever breaks into Trent can steal passwords Solutions One-Way Functions Dictionary Attacks and Salts CIS-5370: 26.September
12 Authentication Using Hashes Roger Needham and Mike Guy T does not need to know password Only differentiate between valid and invalid ones 1 Login A, pwd User ID H(pwd) Alice Alice H A Trent T (Host) Problem? Password file T: Compare H(pwd) to H A CIS-5370: 26.September
13 Example: Linux Set up the password file,.htpasswd htpasswd -c.htpasswd user-name Prompted for password Username:E(passwd) are stored in.htpasswd Example: cis5370:6f2/1hsvagfrg CIS-5370: 26.September
14 Password Vulnerabilities One-way hashes are vulnerable Which password is better? Barney 9(hH/A. Which one is easier to remember? Dictionary attack Compile list of most probable passwords Apply hash function to each Compare against the password file If match, password has been found! CIS-5370: 26.September
15 Defending with Salts! Salt: per user random value 1 Login A, pwd Alice User ID salt H(salt, pwd) Trent T (Host) Alice s H A Password file H(s, pwd) == H A CIS-5370: 26.September
16 The Goal of Salts Ensure that attacker cannot use the same dictionary to break all passwords Instead, attacker has to do a per-user dictionary + computation CIS-5370: 26.September
17 Improved Dictionary Attack [D. Klein] 1. Copy the password file 2. For each user A with salt s and hash H A 1. Collect dictionary D A of tentative passwords 2. Hash all items in D A using salt s 3. Compare result against H A 3. If match exists, found password 40% of passwords were guessed on average system! CIS-5370: 26.September
18 Building the Dictionary 1. Name, initials, account name Example: Daniel V. Klein, account klone klone0, klone1,, dvk, dklein, DKlein, dvklein, etc 2. Words from databases Men and women names, nicknames (also famous) Places Variations of the above (capitalizations, plurals, etc) 3. Foreign language words 4. Word pairs CIS-5370: 26.September
19 Conclusions Never use your personal information Do not use words (dictionary) Use combination of words and characters Do not use same passwords for all systems Change your password frequently Use passphrases Example: My Password is not easy to crack mpine2c. CIS-5370: 26.September
20 Announcement Homework 1 due by end of class today CIS-5370: 26.September
21 Alternative: SKEY Use hash-chains 1 Init, A, x 100 Alice 2 Login, A, x 99 Trent T (Host) Generate R 3 Compute x 1 = H(R) x 2 = H 2 (R)=H(H(R)) x 3 = H 3 (R)=H(H(H(R))) x 100 = H 100 (R) Login, A, x 98 Store x 100 Compare H(x 99 ) to x 100 Discard x 100 Store x 99 CIS-5370: 26.September
22 Authentication One-way authentication Mutual: two-way authentication Using symmetric key crypto Using public-key crypto CIS-5370: 26.September
23 What is Mutual Authentication? 1 1 Exchange keys Authenticate Alice Bob B Mallory Make sure they don t talk to Mallory! CIS-5370: 26.September
24 Authentication One-way authentication Mutual: two-way authentication Using symmetric key crypto Using public-key crypto CIS-5370: 26.September
25 Using Symmetric Keys 1 1 Exchange keys Authenticate Alice Bob B Assume T shares a key with A (K A ) and B (K B ) Trent T (Host) E A (M) :encryption with key shared by A and T CIS-5370: 26.September
26 Wide-Mouth Frog Simplest Authentication/Key Exchange 5 E K (M) 1 Alice Generate random K 2 A, E A (T A,B,K) 4 E B (T T,A,K) Bob B Trent T (Host) 3 Decrypt message using K A CIS-5370: 26.September
27 Wide-Mouth Frog Observations Alice and Bob trust each other because of Trent Timestamps prevent replay attacks (Why?) Trent is single point of failure/bottleneck Assumption: Alice is able to generate good random numbers CIS-5370: 26.September
28 Yahalom Equal? 1 A, R A Alice 4 E A (B, K, R A, R B ) 5 E B (A,K), E K (R B ) Bob B 4 E B (A,K) 2 B, E B (A, R A, R B ) Equal? Assume T shares a key with A (K A ) and B (K B ) Trent T (Host) 3 Generate random K CIS-5370: 26.September
29 Yahalom Observations T chooses the key K to be shared by A and B A and B trust each other Because of R A and R B Only T and B have access to R B Problem in step 1 -- R A is sent in clear Can Mallory impersonate B? No! In step 4, T includes the identity of B - A will know who it is talking to CIS-5370: 26.September
30 Needham-Schroeder 4 Extract key K 5 E B (K,A) 6 Extract key K 8 E K (R B ) Alice 1 A, B, R A 9 E K (R B -1) 7 Bob B Generate random R B 3 E A (R A, B, K, E B (K,A)) Match? Equal? Trent T (Host) 2 Generate random K CIS-5370: 26.September
31 Needham-Schroeder Observations What is the purpose of R A? For A to prevent replay attacks Ensure it is talking to T What is the purpose of R B? For B to prevent replay attacks And ensure that it is talking to A Major weakness If Mallory gets hold of an old key K, it can impersonate A Solution: use timestamps CIS-5370: 26.September
32 Kerberos - Simplified Kerberos 5: Variant of Needham-Schroeder 6 E K (A,T), E B (T,L,K,A) Alice 7 E K (T+1) Bob B 1 A, B 5 E A (T,L,K,B), E B (T,L,K,A) 2 Generate timestamp T 4 Generate random K Trent T (Host) 3 Generate lifetime L CIS-5370: 26.September
33 Kerberos Observations What is the purpose of the timestamp and lifetime? To prevent replay attacks The messages are valid only in [T,T+L] Major assumption: The clocks are synchronized! Not trivial (see Lamport s clocks) In practice Use time servers Sync within a few minutes CIS-5370: 26.September
34 Authentication One-way authentication Mutual: two-way authentication Using symmetric key crypto Using public-key crypto CIS-5370: 26.September
35 Authentication with Public Keys Alice Bob B pk A : A s public key Assume T has a database of public keys for each participant E(pk A, M): encryption with A s public key Trent T (Host) S A (M): signature with A s private key CIS-5370: 26.September
36 Denning-Sacco 3 Generate timestamp T A 4 Generate random K 5 E(pk B, S A (K,T A )), S T (B, pk B ), S T (A, pk A ) Alice 2 1 A, B S T (B, pk B ), S T (A, pk A ) 6 7 Bob B Decrypt with its private key Verify A s signature Recover key K Trent T (Host) CIS-5370: 26.September
37 Attacking Denning-Sacco! 3 Reuse elements from session with A From the previous session Bob B 4 E(pk C,S A (K,T A )), S T (C, pk C ), S T (A, pk A ) Carol C 2 1 B, C S T (B, pk B ), S T (C, pk C ) 5 6 Decrypt with its private key Verify A s signature Recover key K Bob can impersonate Alice with Carol! Trent T (Host) CIS-5370: 26.September
38 Denning-Sacco Fix 3 4 Generate timestamp T A Generate random K Add the names of the parties 5 E(pk B,S A (A, B, K,T A )), S T (B, pk B ), S T (A, pk A ) Alice 2 1 A, B S T (B, pk B ), S T (A, pk A ) 6 7 Bob B Decrypt with its private key Verify A s signature Verify names A and B are in message Cannot be reused with Carol! Trent T (Host) 7 Recover key K CIS-5370: 26.September
39 Denning-Sacco Lessons Better be prudent than efficient Include more rather than less information Timestamps, random nonces, names of participants CIS-5370: 26.September
40 Summary One-way authentication E.g., passwords Mutual: two-way authentication Using symmetric key crypto Wide-Mouth Frog, Yahalom Needham-Schroeder, Kerberos (v5) Using public-key crypto Denning Sacco CIS-5370: 26.September
User Authentication Protocols Week 7
User Authentication Protocols Week 7 CEN-5079: 2.October.2017 1 Announcement Homework 1 is posted on the class webpage Due in 2 weeks 10 points (out of 100) subtracted each late day CEN-5079: 2.October.2017
More informationProtocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake: Authenticate each other Establish sessions keys This process may
More informationSummary. Final Week. CNT-4403: 21.April
Summary Final Week CNT-4403: 21.April.2015 1 List of Final Topics User Authentication Protocols Key Distribution and Public Key Certificates Symmetric Key Crypto Access Control Public Key Crypto Cryptographic
More informationAuthentication Handshakes
AIT 682: Network and Systems Security Topic 6.2 Authentication Protocols Instructor: Dr. Kun Sun Authentication Handshakes Secure communication almost always includes an initial authentication handshake.
More informationCSC 474/574 Information Systems Security
CSC 474/574 Information Systems Security Topic 3.3: Security Handshake Pitfalls CSC 474/574 Dr. Peng Ning 1 Authentication Handshakes Secure communication almost always includes an initial authentication
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationHOST Authentication Overview ECE 525
Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time
More informationCIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols
CIS 6930/4930 Computer and Network Security Topic 6.2 Authentication Protocols 1 Authentication Handshakes Secure communication almost always includes an initial authentication handshake. Authenticate
More informationSession key establishment protocols
our task is to program a computer which gives answers which are subtly and maliciously wrong at the most inconvenient possible moment. -- Ross Anderson and Roger Needham, Programming Satan s computer Session
More informationApplied Cryptography Basic Protocols
Applied Cryptography Basic Protocols Sape J. Mullender Huygens Systems Research Laboratory Universiteit Twente Enschede 1 Session keys It is prudent practice to use a different key for each session. This
More information0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken
0/41 Alice Who? Authentication Protocols Andreas Zeller/Stephan Neuhaus Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken The Menu 1/41 Simple Authentication Protocols The Menu 1/41 Simple
More informationCristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.
CS355: Cryptography Lecture 17: X509. PGP. Authentication protocols. Key establishment. Public Keys and Trust Public Key:P A Secret key: S A Public Key:P B Secret key: S B How are public keys stored How
More informationCS530 Authentication
CS530 Authentication Bill Cheng http://merlot.usc.edu/cs530-s10 1 Identification vs. Authentication Identification associating an identity (or a claimed identity) with an individual, process, or request
More informationPassword. authentication through passwords
Password authentication through passwords Human beings Short keys; possibly used to generate longer keys Dictionary attack: adversary tries more common keys (easy with a large set of users) Trojan horse
More informationAcknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications
CSE565: Computer Security Lectures 16 & 17 Authentication & Applications Shambhu Upadhyaya Computer Science & Eng. University at Buffalo Buffalo, New York 14260 Lec 16.1 Acknowledgments Material for some
More informationOutline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication
Outline Security Handshake Pitfalls (Chapter 11 & 12.2) Login Only Authentication (One Way) Login i w/ Shared Secret One-way Public Key Lamport s Hash Mutual Authentication Shared Secret Public Keys Timestamps
More informationCryptographic Checksums
Cryptographic Checksums Mathematical function to generate a set of k bits from a set of n bits (where k n). k is smaller then n except in unusual circumstances Example: ASCII parity bit ASCII has 7 bits;
More informationCSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni
CSCI 667: Concepts of Computer Security Lecture 9 Prof. Adwait Nadkarni 1 Derived from slides by William Enck, Micah Sherr, Patrick McDaniel, Peng Ning, and Vitaly Shmatikov Authentication Alice? Bob?
More informationSecurity Handshake Pitfalls
Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr 1 Cryptographic Authentication Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response
More informationICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification
ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification Hossen Asiful Mustafa Introduction Entity Authentication is a technique designed to let one party prove the identity of another
More information1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class
1.264 Lecture 27 Security protocols Symmetric cryptography Next class: Anderson chapter 10. Exercise due after class 1 Exercise: hotel keys What is the protocol? What attacks are possible? Copy Cut and
More informationSecurity Handshake Pitfalls
Cryptographic Authentication Security Handshake Pitfalls Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Password authentication is subject to eavesdropping Alternative: Cryptographic challenge-response
More informationElements of Security
Elements of Security Dr. Bill Young Department of Computer Sciences University of Texas at Austin Last updated: April 8, 2015 at 12:47 Slideset 7: 1 Car Talk Puzzler You have a friend in a police state
More informationUnit-VI. User Authentication Mechanisms.
Unit-VI User Authentication Mechanisms Authentication is the first step in any cryptographic solution Authentication can be defined as determining an identity to the required level of assurance Passwords
More informationSpring 2010: CS419 Computer Security
Spring 2010: CS419 Computer Security Vinod Ganapathy Lecture 7 Topic: Key exchange protocols Material: Class handout (lecture7_handout.pdf) Chapter 2 in Anderson's book. Today s agenda Key exchange basics
More informationChapter 9: Key Management
Chapter 9: Key Management Session and Interchange Keys Key Exchange Cryptographic Key Infrastructure Storing and Revoking Keys Digital Signatures Slide #9-1 Overview Key exchange Session vs. interchange
More informationCIS 6930/4930 Computer and Network Security. Topic 6. Authentication
CIS 6930/4930 Computer and Network Security Topic 6. Authentication 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication Allow a user to
More informationCryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols
Cryptography and Network Security Chapter 13 Digital Signatures & Authentication Protocols Digital Signatures have looked at message authentication but does not address issues of lack of trust digital
More informationSecurity Handshake Pitfalls
Hello Challenge R f(k, R f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone can send the challenge R. f(k, R Problems: 1. Authentication is not mutual only authenticates Anyone
More informationOutline More Security Protocols CS 239 Computer Security February 6, 2006
Outline More Security Protocols CS 239 Computer Security February 6, 2006 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationDigital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)
Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value
More informationLecture 1: Course Introduction
Lecture 1: Course Introduction Thomas Johansson T. Johansson (Lund University) 1 / 37 Chapter 9: Symmetric Key Distribution To understand the problems associated with managing and distributing secret keys.
More informationCryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1
Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography CS555 Spring 2012/Topic 16 1 Outline and Readings Outline Private key management between two parties Key management
More information10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms
Authentication IT443 Network Security Administration Instructor: Bo Sheng Authentication Mechanisms Key Distribution Center and Certificate Authorities Session Key 1 2 Authentication Authentication is
More informationSecurity protocols and their verification. Mark Ryan University of Birmingham
Security protocols and their verification Mark Ryan University of Birmingham Contents 1. Authentication protocols (this lecture) 2. Electronic voting protocols 3. Fair exchange protocols 4. Digital cash
More informationOutline More Security Protocols CS 239 Computer Security February 4, 2004
Outline More Security Protocols CS 239 Computer Security February 4, 2004 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and Authentication
More informationTest 2 Review. (b) Give one significant advantage of a nonce over a timestamp.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More informationECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos
ECE596C: Handout #9 Authentication Using Shared Secrets Electrical and Computer Engineering, University of Arizona, Loukas Lazos Abstract. In this lecture we introduce the concept of authentication and
More informationSecurity and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models
CS 645 Security and Privacy in Computer Systems Lecture 7 The Kerberos authentication system Last Week Security policy, security models, trust Access control models The Bell-La Padula (BLP) model The Biba
More informationContents Digital Signatures Digital Signature Properties Direct Digital Signatures
Contents Digital Signatures... 197 Digital Signature Properties... 198 Direct Digital Signatures... 198 199...قابلداوری Arbitrated Digital Signatures Arbitrated Digital Signature Technaiques... 200 Authentication
More informationTest 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.
Test 2 Review Name Student ID number Notation: {X} Bob Apply Bob s public key to X [Y ] Bob Apply Bob s private key to Y E(P, K) Encrypt P with symmetric key K D(C, K) Decrypt C with symmetric key K h(x)
More informationComputer Security 4/12/19
Authentication Computer Security 09. Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Paul Krzyzanowski Protocols such as Kerberos combine all three Rutgers
More informationCIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries
CIS 6930/4930 Computer and Network Security Topic 7. Trusted Intermediaries 1 Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC) Representative
More informationL7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806
L7: Key Distributions Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806 9/16/2015 CSCI 451 - Fall 2015 1 Acknowledgement Many slides are from or are
More informationWhat did we talk about last time? Public key cryptography A little number theory
Week 4 - Friday What did we talk about last time? Public key cryptography A little number theory If p is prime and a is a positive integer not divisible by p, then: a p 1 1 (mod p) Assume a is positive
More informationApplied Cryptography and Computer Security CSE 664 Spring 2017
Applied Cryptography and Computer Security Lecture 18: Key Distribution and Agreement Department of Computer Science and Engineering University at Buffalo 1 Key Distribution Mechanisms Secret-key encryption
More informationIdentification Schemes
Identification Schemes Lecture Outline Identification schemes passwords one-time passwords challenge-response zero knowledge proof protocols Authentication Data source authentication (message authentication):
More informationLecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena
Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall 2009 Nitesh Saxena *Adopted from a previous lecture by Gene Tsudik Course Admin HW3 Problem 3 due Friday midnight
More informationComputer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08r. Pre-exam 2 Last-minute Review Cryptography Paul Krzyzanowski Rutgers University Spring 2018 March 26, 2018 CS 419 2018 Paul Krzyzanowski 1 Cryptographic Systems March 26, 2018 CS
More informationOutline. More Security Protocols CS 239 Security for System Software April 22, Needham-Schroeder Key Exchange
Outline More Security Protocols CS 239 Security for System Software April 22, 2002 Combining key distribution and authentication Verifying security protocols Page 1 Page 2 Combined Key Distribution and
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 9 March 30, 2011 Question 1 Another Use for Hash Functions (8 min) The traditional Unix system for password authentication works more or less like
More informationNetwork Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions
CHAPTER 3 Network Security Solutions to Review Questions and Exercises Review Questions. A nonce is a large random number that is used only once to help distinguish a fresh authentication request from
More informationCSE543 - Introduction to Computer and Network Security. Module: Authentication
CSE543 - Introduction to Computer and Network Security Module: Authentication Professor Trent Jaeger 1 What is Authentication? Short answer: establishes identity Answers the question: To whom am I speaking?
More informationStrong Password Protocols
Strong Password Protocols Strong Password Protocols Password authentication over a network Transmit password in the clear. Open to password sniffing. Open to impersonation of server. Do Diffie-Hellman
More informationThis chapter examines some of the authentication functions that have been developed to support network-based use authentication.
1 This chapter examines some of the authentication functions that have been developed to support network-based use authentication. In most computer security contexts, user authentication is the fundamental
More informationData Security and Privacy. Topic 14: Authentication and Key Establishment
Data Security and Privacy Topic 14: Authentication and Key Establishment 1 Announcements Mid-term Exam Tuesday March 6, during class 2 Need for Key Establishment Encrypt K (M) C = Encrypt K (M) M = Decrypt
More informationDr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Security Handshake Pitfalls Login only Mutual
More informationComputer Security: Principles and Practice
Computer Security: Principles and Practice Chapter 3 User Authentication First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown User Authentication fundamental security building
More informationComputer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 08. Authentication Paul Krzyzanowski Rutgers University Spring 2018 1 Authentication Identification: who are you? Authentication: prove it Authorization: you can do it Protocols such
More informationSession Key Distribution
Session Key Distribution The TA shares secret keys with network users. The TA chooses session keys and distributes them in encrypted form upon request of network users. We will need to define appropriate
More informationOverview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation
Overview Key exchange Session vs. interchange keys Classical, public key methods Key generation Cryptographic key infrastructure Certificates Key storage Key escrow Key revocation Digital signatures May
More informationCryptography and Network Security Chapter 13. Fourth Edition by William Stallings. Lecture slides by Lawrie Brown
Cryptography and Network Security Chapter 13 Fourth Edition by William Stallings Lecture slides by Lawrie Brown Chapter 13 Digital Signatures & Authentication Protocols To guard against the baneful influence
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 9: Authentication Department of Computer Science and Engineering University at Buffalo 1 Lecture Outline Definition of entity authentication Solutions password-based
More information6. Security Handshake Pitfalls Contents
Contents 1 / 45 6.1 Introduction 6.2 Log-in Only 6.3 Mutual Authentication 6.4 Integrity/Encryption of Data 6.5 Mediated Authentication (with KDC) 6.6 Bellovin-Merrit 6.7 Network Log-in and Password Guessing
More informationCT30A8800 Secured communications
CT30A8800 Secured communications Pekka Jäppinen October 31, 2007 Pekka Jäppinen, Lappeenranta University of Technology: October 31, 2007 Authentication Three basic models 1. Something you know Password,
More informationProving who you are. Passwords and TLS
Proving who you are Passwords and TLS Basic, fundamental problem Client ( user ) How do you prove to someone that you are who you claim to be? Any system with access control must solve this Users and servers
More informationCS System Security Mid-Semester Review
CS 356 - System Security Mid-Semester Review Fall 2013 Mid-Term Exam Thursday, 9:30-10:45 you may bring one 8-1/2 x 11 sheet of paper with any notes you would like no cellphones, calculators This is to
More informationLecture 9. Authentication & Key Distribution
Lecture 9 Authentication & Key Distribution 1 Where are we now? We know a bit of the following: Conventional (symmetric) cryptography Hash functions and MACs Public key (asymmetric) cryptography Encryption
More informationComputer Networks & Security 2016/2017
Computer Networks & Security 2016/2017 Network Security Protocols (10) Dr. Tanir Ozcelebi Courtesy: Jerry den Hartog Courtesy: Kurose and Ross TU/e Computer Science Security and Embedded Networked Systems
More informationKey Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature
Key Management Digital signatures: classical and public key Classic and Public Key exchange 1 Handwritten Signature Used everyday in a letter, on a check, sign a contract A signature on a signed paper
More informationIntroduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.
Trusted Intermediaries CSC/ECE 574 Computer and Network Security Topic 7. Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center () Representative solution:
More informationT Cryptography and Data Security
T-79.4501 Cryptography and Data Security Lecture 10: 10.1 Random number generation 10.2 Key management - Distribution of symmetric keys - Management of public keys Stallings: Ch 7.4; 7.3; 10.1 1 The Use
More informationCryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology
Cryptography & Key Exchange Protocols Faculty of Computer Science & Engineering HCMC University of Technology Outline 1 Cryptography-related concepts 2 3 4 5 6 7 Key channel for symmetric cryptosystems
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationCS Protocol Design. Prof. Clarkson Spring 2017
CS 5430 Protocol Design Prof. Clarkson Spring 2017 Review Cryptography: Encryption, block ciphers, block cipher modes, MACs, cryptographic hash functions, digital signatures, authenticated encryption,
More informationCS Protocols. Prof. Clarkson Spring 2016
CS 5430 Protocols Prof. Clarkson Spring 2016 Review: Secure channel When we last left off, we were building a secure channel The channel does not reveal anything about messages except for their timing
More informationThe Kerberos Authentication System Course Outline
The Kerberos Authentication System Course Outline Technical Underpinnings - authentication based on key sharing - Needham-Schroeder protocol - Denning and Sacco protocol Kerbeors V - Login and client-server
More informationCS 494/594 Computer and Network Security
CS 494/594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010 1 Real-Time Communication Security Network layers
More informationDigital Signatures. Secure Digest Functions
Digital Signatures Secure Digest Functions 8 requirements for one-way hash functions given M, H(M) is easy to compute given H(M), M is difficult to compute given M, it is difficult to find M such that
More informationOutline Key Management CS 239 Computer Security February 9, 2004
Outline Key Management CS 239 Computer Security February 9, 2004 Properties of keys Key management Key servers Certificates Page 1 Page 2 Introduction Properties of Keys It doesn t matter how strong your
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationAuthentication. Identification. AIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 6. Authentication Instructor: Dr. Kun Sun Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationCS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:
50fb6be35f4c3105 9d4ed08fb86d8887 b746c452a9c9443b 15b22f450c76218e CS 470 Spring 2017 9df7031cdbff9d10 b700a92855f16328 5b757e66d2131841 62fedd7d9131e42e Mike Lam, Professor Security a.k.a. Why on earth
More informationCSC 474 Network Security. Authentication. Identification
Computer Science CSC 474 Network Security Topic 6. Authentication CSC 474 Dr. Peng Ning 1 Authentication Authentication is the process of reliably verifying certain information. Examples User authentication
More informationOther Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?
ryptography Goals Protect private communication in the public world and are shouting messages over a crowded room no one can understand what they are saying 1 Other Uses of ryptography Authentication should
More information5. Authentication Contents
Contents 1 / 47 Introduction Password-based Authentication Address-based Authentication Cryptographic Authentication Protocols Eavesdropping and Server Database Reading Trusted Intermediaries Session Key
More informationCIS 4360 Secure Computer Systems Applied Cryptography
CIS 4360 Secure Computer Systems Applied Cryptography Professor Qiang Zeng Spring 2017 Symmetric vs. Asymmetric Cryptography Symmetric cipher is much faster With asymmetric ciphers, you can post your Public
More informationTrusted Intermediaries
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationAIT 682: Network and Systems Security
AIT 682: Network and Systems Security Topic 7. Trusted Intermediaries Instructor: Dr. Kun Sun Trusted Intermediaries Problem: authentication for large networks Solution #1 Key Distribution Center (KDC)
More informationIssues. Separation of. Distributed system security. Security services. Security policies. Security mechanism
Module 9 - Security Issues Separation of Security policies Precise definition of which entities in the system can take what actions Security mechanism Means of enforcing that policy Distributed system
More informationHY-457 Information Systems Security
HY-457 Information Systems Security Recitation 1 Panagiotis Papadopoulos(panpap@csd.uoc.gr) Kostas Solomos (solomos@csd.uoc.gr) 1 Question 1 List and briefly define categories of passive and active network
More informationUser Authentication. Modified By: Dr. Ramzi Saifan
User Authentication Modified By: Dr. Ramzi Saifan Authentication Verifying the identity of another entity Computer authenticating to another computer Person authenticating to a local/remote computer Important
More informationComputer Security 3/20/18
Authentication Identification: who are you? Authentication: prove it Computer Security 08. Authentication Authorization: you can do it Protocols such as Kerberos combine all three Paul Krzyzanowski Rutgers
More informationCSE Computer Security
CSE 543 - Computer Security Lecture 6 - Authentication September 21, 2006 URL: http://www.cse.psu.edu/~tjaeger/cse543-f06/ Project Background and Related Work Due 10/10 Questions to Answer: What is the
More informationElements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy
Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy Homework 3 Due: Monday, 11/28/2016 at 11:55pm PT Solution: Will be posted
More informationINFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2
Digital Signature Introduction to Computer Security Lecture 7 Digital Signature October 9, 2003 Construct that authenticates origin, contents of message in a manner provable to a disinterested third party
More informationCNT4406/5412 Network Security
CNT4406/5412 Network Security Authentication Zhi Wang Florida State University Fall 2014 Zhi Wang (FSU) CNT4406/5412 Network Security Fall 2014 1 / 43 Introduction Introduction Authentication is the process
More informationModelling and Analysing of Security Protocol: Lecture 1. Introductions to Modelling Protocols. Tom Chothia CWI
Modelling and Analysing of Security Protocol: Lecture 1 Introductions to Modelling Protocols Tom Chothia CWI This Course This course will primarily teaching you: How to design your own secure communication
More informationT H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A. Authentication EECE 412. Copyright Konstantin Beznosov
T H E U N I V E R S I T Y O F B R I T I S H C O L U M B I A Authentication EECE 412 Copyright 2004-2007 Konstantin Beznosov What is Authentication? Real-world and computer world examples? What is a result
More information