CS November 2018

Similar documents
Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Computer Security 3/20/18

Computer Security 4/12/19

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Distributed Systems. Fall 2017 Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2017

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

CS /29/17. Paul Krzyzanowski 1. Fall 2016: Question 2. Distributed Systems. Fall 2016: Question 2 (cont.) Fall 2016: Question 3

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Authentication CHAPTER 17

Pre-exam 3 Review. Fall Paul Krzyzanowski Distributed Systems

Data Security and Privacy. Topic 14: Authentication and Key Establishment

CPSC 467b: Cryptography and Computer Security

Operating Systems Design Exam 3 Review: Spring 2011

Information Security CS 526

Security: Focus of Control

UNIT - IV Cryptographic Hash Function 31.1

Security: Focus of Control. Authentication

Cryptography (Overview)

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

CS 416: Operating Systems Design April 22, 2015

Operating Systems. Week 13 Recitation: Exam 3 Preview Review of Exam 3, Spring Paul Krzyzanowski. Rutgers University.

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

1 Identification protocols

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

CS Computer Networks 1: Authentication

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Transport Level Security

Chapter 4: Securing TCP connections

Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Secure Sockets Layer (SSL) / Transport Layer Security (TLS)

CPSC 467: Cryptography and Computer Security

Digital Certificates Demystified

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Radius, LDAP, Radius, Kerberos used in Authenticating Users

CS 161 Computer Security

Security Handshake Pitfalls

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Password. authentication through passwords

Cryptographic Protocols 1

CSE 565 Computer Security Fall 2018

Computer Security. 10. Exam 2 Review. Paul Krzyzanowski. Rutgers University. Spring 2017

Security Handshake Pitfalls

WHITE PAPER. Authentication and Encryption Design

Diffie-Hellman. Part 1 Cryptography 136

Displaying SSL Configuration Information and Statistics

Chapter 9: Key Management

5. Authentication Contents

Securing Internet Communication: TLS

Security Handshake Pitfalls

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

Authentication Handshakes

David Wetherall, with some slides from Radia Perlman s security lectures.

WAP Security. Helsinki University of Technology S Security of Communication Protocols

CSC 474/574 Information Systems Security

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

Distributed Systems Exam 3 Review. Paul Krzyzanowski. Rutgers University. Fall 2016

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Crypto meets Web Security: Certificates and SSL/TLS

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

User Authentication. Modified By: Dr. Ramzi Saifan

Encryption. INST 346, Section 0201 April 3, 2018

PROVING WHO YOU ARE TLS & THE PKI

14. Internet Security (J. Kurose)

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

key distribution requirements for public key algorithms asymmetric (or public) key algorithms

Computer Networking. What is network security? Chapter 7: Network security. Symmetric key cryptography. The language of cryptography

E-commerce security: SSL/TLS, SET and others. 4.1


Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

PROTECTING CONVERSATIONS

CS 356 Internet Security Protocols. Fall 2013

Outline Key Management CS 239 Computer Security February 9, 2004

CS Certificates, part 2. Prof. Clarkson Spring 2017

But where'd that extra "s" come from, and what does it mean?

Enhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation

Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Chapter 6: Security of higher layers. (network security)

CSC/ECE 774 Advanced Network Security

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

User Authentication. Modified By: Dr. Ramzi Saifan

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

CSC 482/582: Computer Security. Security Protocols

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

Overview. SSL Cryptography Overview CHAPTER 1

(2½ hours) Total Marks: 75

IBM i Version 7.2. Security Digital Certificate Manager IBM

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

Protecting Information Assets - Week 11 - Cryptography, Public Key Encryption and Digital Signatures. MIS 5206 Protecting Information Assets

Configuring SSL. SSL Overview CHAPTER

Configuring SSL CHAPTER

Introduction to Cryptography. Ramki Thurimella

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Transcription:

Authentication Distributed Systems 25. Authentication For a user (or process): Establish & verify identity Then decide whether to allow access to resources (= authorization) Paul Krzyzanowski Rutgers University Fall 2018 2018 Paul Krzyzanowski 1 2 Authentication Three factors: something you have key, card Can be stolen something you know passwords Can be guessed, shared, stolen something you are biometrics Usually needs hardware, can be copied (sometimes) Once copied, you re stuck Multi-Factor Authentication Factors may be combined ATM machine: 2-factor authentication ATM card something you have PIN something you know Password + code delivered via SMS: 2-factor authentication Password something you know Code validates that you possess your phone Two passwords Two-factor authentication 3 4 Authentication: PAP Password Authentication Protocol client login, password OK Unencrypted, reusable passwords Insecure on an open network Also, password file must be protected from open access But administrators can still see everyone s passwords name:password database PAP: Reusable passwords PROBLEM: Open access to the password file What if the password file isn t sufficiently protected and an intruder gets hold of it? All passwords are now compromised! Even if a trusted admin sees your password, this might also be your password on other systems. Solution: Store a hash of the password in a file Given a file, you don t get the passwords Have to resort to a dictionary or brute-force attack Example, passwords hashed with SHA-512 hashes (SHA-2) 5 6 Paul Krzyzanowski 1

What is salt? How to speed up a dictionary attack Create a table of precomputed hashes Search(hashed_password) original_password How to stop dictionary attacks Salt = random string (typically up to 16 characters) Concatenated with the password Stored with the password file (it s not secret) Even if you know the salt, you cannot use precomputed hashes to search for a password (because the salt is prefixed) Makes a table of precomputed hashes prohibitively huge Authentication: CHAP Challenge-Handshake Authentication Protocol = nonce client challenge hash(challenge, secret) OK Has shared secret Has shared secret The challenge is a nonce (random bits). We create a hash of the nonce and the secret. An intruder does not have the secret and cannot do this! 7 8 CHAP authentication Alice network host Time-Based Authentication Time-based One-time Password (TOTP) algorithm alice R = f(k,c) alice C look up alice s key, K generate random challenge number C Both sides share a secret key User runs TOTP function to generate a one-time password one_time_password = hash(secret_key, time) User logs in with: R welcome R = f(k, C) R = R? Name, password, and one_time_password generates the same password one_time_password = hash(secret_key, time) an eavesdropper does not see K 9 CS 419 2018 Paul Krzyzanowski 10 Public key authentication Demonstrate we can encrypt or decrypt a nonce This shows we know the key Public Key Authentication Alice wants to authenticate herself to Bob: Bob: generates nonce, S Sends it to Alice Alice: encrypts S with her private key (signs it) Sends result to Bob A random bunch of bits 11 12 Paul Krzyzanowski 2

Public key authentication Bob: 1. Look up alice in a database of public keys 2. Decrypt the message from Alice using Alice s public key 3. If the result is S, then Bob is convinced he s talking with Alice For mutual authentication, Alice has to present Bob with a nonce that Bob will encrypt with his private key and return Public key authentication Public key authentication relies on binding identity to a public key How do you know it really is Alice s public key? One option: get keys from a trusted source Problem: requires always going to the source cannot pass keys around Another option: sign the public key Contents cannot be modified digital certificate 13 14 X.509 Certificates ISO introduced a set of authentication protocols X.509: Structure for public key certificates: Certificate data version serial # algorithm Issuer Distinguished Name Issuer = Certification Authority (CA) Validity (from-to) Signature Signature Algorithm Reminder: What s a digital signature? Hash of a message encrypted with the signer s private key Alice Bob H(P) H(P) S=Ea(H(P)) DA(S) =? Distinguished name Subject Public key (algorithm & key) Signature (signed by CA) X.509 v3 Digital Certificate Name, organization, locality, state, country, etc. 15 16 X.509 certificates When you get a certificate Verify its signature: hash contents of certificate data Decrypt CA s signature with CA s public key Obtain CA s public key (certificate) from trusted source SSL/TLS Certificates prevent someone from using a phony public key to masquerade as another person if you trust the CA 17 18 Paul Krzyzanowski 3

Transport Layer Security Provide a transport layer security protocol After setup, applications feel like they are using TCP sockets SSL: Secure Socket Layer Created with HTTP in mind Web sessions should be secure Mutual authentication is usually not needed Client needs to identify the but the won t know all clients Rely on passwords after the secure channel is set up SSL evolved to TLS (Transport Layer Security) SSL 3.0 was the last version of SSL and is considered insecure We use TLS now but often still call it SSL Transport Layer Security (TLS) aka Secure Socket Layer (SSL), which is an older protocol Sits on top of TCP/IP Goal: provide an encrypted and possibly authenticated communication channel Provides authentication via RSA and X.509 certificates Encryption of communication session via a symmetric cipher Hybrid cryptosystem: (usually, but also supports Diffie-Hellman) Public key for authentication Symmetric for data communication Enables TCP services to engage in secure, authenticated transfers http, telnet, ntp, ftp, smtp, 19 20 TLS Protocol (1) Client hello Version & crypto information (3) Verify certificate (2) Server hello Server certificate [client certificate request] (4) Client key exchange Send encrypted session key OAuth 2.0 [ (5) Send client certificate ] (7) Client done [ (6) Verify certificate ] (8) Server done (9) Communicate Symmetric encryption + HMAC 21 22 want an app to access your data at some service E.g., access your Google calendar data But you want to: Not reveal your password to the app Restrict the data and operations available to the app Be able to revoke the app s access to the data OAuth 2.0: Open OAuth: framework for service authorization Allows you to authorize one website (consumer) to access data from another website () in a restricted manner Designed initially for web services Examples: Allow the Moo photo printing service to get photos from your Flickr account Allow the NY Times to tweet a message from your Twitter account OpenID Connect Remote identification: use one login for multiple sites Encapsulated within OAuth 2.0 protocol 23 24 Paul Krzyzanowski 4

OAuth setup OAuth is based on Getting a token from the service & presenting it each time an application accesses an API at the service URL redirection JSON data encapsulation Register a service (e.g., Flickr): Gets data about your application (name, creator, URL) Assigns the application (consumer) an ID & a secret Presents list of authorization URLs and scopes (access types) Provider want moo.com to access your photos on flickr 25 26 How does authorization take place? needs an Access Token from the (e.g., moo.com needs an access token from flickr.com) redirects user to Provider Request contains: client ID, client secret, scope (list of requested APIs) User may need to authenticate at that User authorizes the requested access Provider redirects back to consumer with a one-time-use authorization code now has the Code The previous redirect passed the Code as part of the HTTP request therefore not encrypted exchanges Code for Access Token The legitimate app uses HTTPS (encrypted channel) & sends its secret The application now talks securely & directly to the Provider Provider returns Access Token makes API requests to Provider using the Access Token Provider want moo.com to access your photos on flickr 27 28 REDIRECT: client ID, client secret, scope (list of requested APIs) Authenticate Provider Provider Moo.com app redirects you to the service authenticate (optional) & authorize the request at flickr 29 30 Paul Krzyzanowski 5

Provider Provider Establish TLS session Request Access Token REDIRECT: authorization code Flicker sends a redirect back with an authorization code Moo requests an access token (securely) 31 32 Provider Provider Access Token API requests: f(access_token) User interaction Moo requests an access token (securely) Moo requests an access token (securely) 33 34 Key Points may still need to log into the Provider s OAuth service when redirected approve the specific access that you are granting Identity Federation: OpenID Connect The Provider validates the requested access when it gets a token from the Consumer Play with it at the OAuth 2.0 Playground: https://developers.google.com/oauthplayground/ 35 36 Paul Krzyzanowski 6

Single Sign-On: OpenID Connect Designed to solve the problem of Having to get an ID per service (website) Managing passwords per site Layer on top of OAuth 2.0 Decentralized mechanism for single sign-on Access different services (sites) using the same identity Simplify account creation at new sites User chooses which OpenID to use OpenID does not specify authentication protocol up to Website never sees your password OpenID Connect is a standard but not the only solution Used by Google, Microsoft, Amazon Web s, PayPal, Salesforce, Facebook Connect popular alternative solution (similar in operation but websites can share info with Facebook, offer friend access, or make suggestions to users based on Facebook data) OpenID Connect Authentication OAuth requests that you specify a scope List of access methods that the app needs permission to use To enable user identification Specify openid as a requested scope Send request to (identity ) Server requests user ID and handles authentication Get back an access token If authentication is successful, the token contains: user ID approved scopes expiration etc. same as with OAuth requests for authorization 37 38 Cryptographic toolbox Symmetric encryption Public key encryption One-way hash functions Random number generators Used for nonces and session keys Examples Key exchange Public key cryptography Key exchange + secure communication Random # + Public key + symmetric cryptography Authentication Nonce (random #) + encryption Message authentication codes Hashes Digital signature Hash + encryption with private key 39 40 The End 2018 Paul Krzyzanowski 41 Paul Krzyzanowski 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback