HOST Authentication Overview ECE 525

Similar documents
CSE 565 Computer Security Fall 2018

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

User Authentication Protocols

ECEN 5022 Cryptography

Identification Schemes

User Authentication Protocols Week 7

Security Handshake Pitfalls

Authentication. Chapter 2

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Password. authentication through passwords

Security Handshake Pitfalls

User Authentication. Modified By: Dr. Ramzi Saifan

Security Handshake Pitfalls

ECE596C: Handout #9. Authentication Using Shared Secrets. Electrical and Computer Engineering, University of Arizona, Loukas Lazos

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Lecture 9. Authentication & Key Distribution

Cryptography: Entity Authentication. Entity Identification (Authentication) Remarks. Objectives

Security Handshake Pitfalls

HY-457 Information Systems Security

Security in ECE Systems

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

User Authentication. Modified By: Dr. Ramzi Saifan

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

Cryptographic protocols

CSC 774 Network Security

CSC/ECE 774 Advanced Network Security

Public-key Cryptography: Theory and Practice

Computer Security: Principles and Practice

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

CS530 Authentication

Network Security CHAPTER 31. Solutions to Review Questions and Exercises. Review Questions

Session key establishment protocols

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

UNIT - IV Cryptographic Hash Function 31.1

Session key establishment protocols

Cryptography and Network Security

Authentication Part IV NOTE: Part IV includes all of Part III!

Security. Communication security. System Security

Authentication Handshakes

Trust-Propagation Based Authentication Protocol in Multihop Wireless Home Networks

CSC 474/574 Information Systems Security

A SECURE PASSWORD-BASED REMOTE USER AUTHENTICATION SCHEME WITHOUT SMART CARDS

CSC 474/574 Information Systems Security

CSC 474 Network Security. Authentication. Identification

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

A robust smart card-based anonymous user authentication protocol for wireless communications

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

6. Security Handshake Pitfalls Contents

Lecture 1: Course Introduction

CS November 2018

CSCI 667: Concepts of Computer Security

Information Security CS 526

CIS 4360 Introduction to Computer Security Fall WITH ANSWERS in bold. First Midterm

Cryptography V: Digital Signatures

Cryptography V: Digital Signatures

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Lecture 7 - Applied Cryptography

Lecture 14 Passwords and Authentication

T Cryptography and Data Security

CNT4406/5412 Network Security

2.1 Basic Cryptography Concepts

Efficient RFID authentication scheme for supply chain applications

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

CS System Security Mid-Semester Review

Cryptographic Checksums

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi

CSE Computer Security

Message authentication. Why message authentication. Authentication primitives. and secure hashing. To prevent against:

Lecture 3 - Passwords and Authentication

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Verteilte Systeme (Distributed Systems)

Biometrics. Overview of Authentication

Security of Biometric Passports ECE 646 Fall Team Members : Aniruddha Harish Divya Chinthalapuri Premdeep Varada

5. Authentication Contents

CSE543 - Introduction to Computer and Network Security. Module: Authentication

CS 161 Computer Security

Overview of Cryptography

Information Security CS 526

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

CompTIA Security+ (Exam SY0-401) Course 01 Security Fundamentals

Lecture 3 - Passwords and Authentication

CSCE 715: Network Systems Security

CS 425 / ECE 428 Distributed Systems Fall 2017

Authentication. Murat Kantarcioglu

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

CIS 4360 Secure Computer Systems Applied Cryptography

===============================================================================

CS Protocol Design. Prof. Clarkson Spring 2017

(2½ hours) Total Marks: 75

TPM v.s. Embedded Board. James Y

1 Identification protocols

Transcription:

Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication in real-time between two parties about ready to engage in communication Message (or data origin) authentication Relates to data such as email that may later need to be authenticated by the receiver as to the origin and time sent Note that authentication of the origin of data also addresses data integrity, i.e., whether the message has been tampered with by unauthorized parties This is true b/c unauthorized changes imply the data has a new source Authentication is typically carried out between A prover A, e.g., a hardware token such as a smart card, and A verifier B, e.g., a secure server operated by your bank ECE UNM 1 (2/7/18)

Authentication Overview The verifier B either Confirms or accepts the prover s identity as authentic or Terminates without acceptance, i.e., rejects Note that the information exchanged with verifier B must be designed to prevent reuse by B, otherwise it could impersonate A to a third party C Authentication can be used for security objectives including: Access control Entity and message authentication Data integrity Non-repudiation Key authentication Authentication can be carried out using Symmetric encryption techniques, e.g., via message authentication codes or MACs Public/private encryption schemes via digital signatures Through authenticated key establishment methods ECE UNM 2 (2/7/18)

Authentication Overview The most common usage models include access control to a resource, e.g., to computer accounts, ATMs, to software, to a building, etc. The capabilities provided in the authentication protocol depend on the security requirements An authentication protocol may be unilateral, i.e., from prover to verifier, or it may be mutual Some protocols may preserve privacy, to prevent malicious adversaries from tracking instances of authentications between the prover and verifier over time Others may be symmetric in nature, requiring the use of a shared secret between the prover and verifier (a trusted third party (TTP) may be used as a liaison here) Or may be asymmetric with the prover and verifier maintaining their own private secrets The computational and communication overheads of the protocols will depend on: The type of protocol Its security requirements The security properties that must be guaranteed ECE UNM 3 (2/7/18)

Entity Authentication Entity authentication techniques can be divided into 3 categories: Something you know: Passwords, PINs and secret or private keys whose knowledge is demonstrated in challenge-response protocols Something you possess: Physical accessory, resembling a passport in function Magnetic-striped cards, smart-cards and hand-held customized calculators (password generators) which provide time-variant passwords Something inherent: Biometrics, e.g., human physical characteristics such as fingerprints, voice, retinal patterns and signatures Passwords represent the most widely used form of authentication, but are considered weak authentication protocols Passwords provide unilateral and time-invariant authentication Here, the userid serves as the claim of identity and the password serves as evidence supporting the claim Attacks include Eavesdropping to enable replay Password guessing such as dictionary attacks ECE UNM 4 (2/7/18)

Entity Authentication On most systems, the passwords are encrypted using a one-way function (OWF) before being stored on disk A technique called salting is also commonly used to make dictionary attacks more difficult by expanding the search space for the adversary Two-stage authentication and password-derived keys address the insufficient entropy issue associated with human chosen passwords An n-digit PIN verifies the user to the token, e.g., smart card, in the first stage The token typically embeds additional secrets for use in stage two between the token and the system A variant uses passkeys to map a user password to a cryptographic key using a OWF The most secure of the weak authentication schemes uses one-time passwords, which addresses eavesdropping and replay attacks on password schemes ECE UNM 5 (2/7/18)

Entity Authentication Challenge-Response protocols fall in the class of strong authentication protocols Here, authentication requires the prover to demonstrate knowledge of a secret without revealing the secret itself to the verifier The prover provides a response to a time-variant challenge, with the response inseparably bound to both the secret and the challenge The challenge can be a random number, called a nonce (for used only once ), a sequence number or a timestamp Time-variant parameters are countermeasures to replay attacks and certain types of chosen-text attacks This is true b/c the uniqueness and timeliness guarantees allow one protocol instance to be distinguished from another Note that challenge-response protocols requires some type of computing device and secure storage for long-term keying material ECE UNM 6 (2/7/18)

Entity Authentication: Challenge-Response by Symmetric-key Each pair of communicating parties share a secret key In large communities, a TTP can provide session keys in real time to circumvent the need to distribute n 2 key pairs A common form of unilateral authentication uses random number(s) (RN). A B:r (B generates random nonce r B ) B A B:E K ( r B, B* ) B generates random nonce r B and transmits it to A (over an unsecured channel) A encrypts the nonce and the identifier B using a shared secret key K and transmits the encrypted message back to B B then decrypts and 1) checks that the r B received matches the r B sent and 2) verifies B* is equal to his own B A. J. Menezes, et al. text The shared secret K must be securely transmitted to A and B beforehand, typically using a mechanism involving a TTP, in order for this scheme to work ECE UNM 7 (2/7/18)

Entity Authentication: Challenge-Response by Symmetric-key Mutual authentication requires a second nonce r A and a third message: A B:r B A B:E K ( r A, r B, B* ) A Encryption ensures the nonces and identifiers are inseparably bound as discussed above Challenge-Response using Keyed One-Way Functions Encryption is considered a heavy weight cryptographic primitive, and may be replaced in resource-constrained devices by: A one-way function (OWF) or a non-reversible function with shared key, and A challenge The encryption algorithm E K is replaced by a MAC algorithm h K, i.e., a keyed hash function B:E K ( r B, r A ) (B generates nonce r B ) (A generates nonce r A ) A. J. Menezes, et al. text The receiver also computes the MAC and compares it with the received MAC ECE UNM 8 (2/7/18)

Entity Authentication: Challenge-Response using Keyed One-Way Functions These protocols require an additional cleartext field r A to be transmitted A B:r B A B:r A, h K ( r A, r B, B) A B:h K ( r B, r A, A) (B generates nonce r B ) (A generates nonce r A ) A. J. Menezes, et al. text B confirms that the hash value received, designated as h k (r A, r B, B), is equal to the value he/she computes locally using the same hash function and shared secret K A performs a similar validation using the transmitted hash h K (r B, r A, A) from B The computational infeasibility of finding a second input to h K that produces the same hash provides the security guarantee in this mutual authentication protocol Challenge-Response by Public-Key In this case, the prover decrypts a challenge using its secret key component of the public-private pair, which is encrypted by the verifier under its public key P A Alternatively, the prover can digitally sign a challenge ECE UNM 9 (2/7/18)

Entity Authentication: Challenge-Response by Public-Key B chooses nonce r, computes the witness x = h(r) (h is a OWF) A B:h( r), B, P A ( r, B) A B:r Here, x demonstrates knowledge of r without disclosing it A. J. Menezes, et al. text B computes challenge e = P A (r, B) A decrypts e to recover r and B, computes x = h(r ) and rejects if x does not equal x or if B does not equal B Otherwise A sends r = r to B B succeeds with unilateral entity authentication of A upon verifying the received r agrees with his r The witness prevents chosen-text attacks ECE UNM 10 (2/7/18)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback