Digital Signatures. Public-Key Signatures. Arbitrated Signatures. Digital Signatures With Encryption. Terminology. Message Authentication Code (MAC)

Similar documents
Other Uses of Cryptography. Cryptography Goals. Basic Problem and Terminology. Other Uses of Cryptography. What Can Go Wrong? Why Do We Need a Key?

Secure Remote Access: SSH & HTTPS

OpenSSH. 24th February ASBL CSRRT-LU (Computer Security Research and Response Team Luxembourg) 1 / 12

Password. authentication through passwords

L13. Reviews. Rocky K. C. Chang, April 10, 2015

Key Exchange. References: Applied Cryptography, Bruce Schneier Cryptography and Network Securiy, Willian Stallings

UNIT - IV Cryptographic Hash Function 31.1

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Security: Focus of Control. Authentication

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

KEY AGREEMENT PROTOCOLS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 13 of Trappe and Washington

Data Security and Privacy. Topic 14: Authentication and Key Establishment

CPSC 467b: Cryptography and Computer Security

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Security: Focus of Control

Strong Password Protocols

User Authentication Protocols Week 7

Information Security CS 526

Network Security Chapter 8

CS Computer Networks 1: Authentication

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

(2½ hours) Total Marks: 75

Network Security. Chapter 8. MYcsvtu Notes.

Public Key Algorithms

Session key establishment protocols

Security Handshake Pitfalls

Session key establishment protocols

Cryptography and Network Security

Datasäkerhetsmetoder föreläsning 7

CSC/ECE 774 Advanced Network Security

CIS 6930/4930 Computer and Network Security. Final exam review

Security Handshake Pitfalls

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Cryptographic Protocols 1

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

Course Administration

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

Applied Cryptography Basic Protocols

User Authentication Protocols

Authentication. Strong Password Protocol. IT352 Network Security Najwa AlGhamdi

Chapter 9: Key Management

David Wetherall, with some slides from Radia Perlman s security lectures.

Computer Networks. Wenzhong Li. Nanjing University

Unit-VI. User Authentication Mechanisms.

Diffie-Hellman. Part 1 Cryptography 136

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

Transport Layer Security

Encryption. INST 346, Section 0201 April 3, 2018

CSC 774 Network Security

6. Security Handshake Pitfalls Contents

EEC-682/782 Computer Networks I

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Cryptography (Overview)

ECE 646 Lecture 3. Key management

The question paper contains 40 multiple choice questions with four choices and students will have to pick the correct one (each carrying ½ marks.).

Real-time protocol. Chapter 16: Real-Time Communication Security

Basics of Cryptography

The Secure Shell (SSH) Protocol

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Trusted Intermediaries

AIT 682: Network and Systems Security

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Modern cryptography 2. CSCI 470: Web Science Keith Vertanen

BCA III Network security and Cryptography Examination-2016 Model Paper 1

What did we talk about last time? Public key cryptography A little number theory

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Lecture 6 - Cryptography

Securing Internet Communication: TLS

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CSCI 454/554 Computer and Network Security. Topic 5.2 Public Key Cryptography

CONTENTS. vii. Chapter 1 TCP/IP Overview 1. Chapter 2 Symmetric-Key Cryptography 33. Acknowledgements

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

CS November 2018

Kurose & Ross, Chapters (5 th ed.)

Outline. CSCI 454/554 Computer and Network Security. Introduction. Topic 5.2 Public Key Cryptography. 1. Introduction 2. RSA

Computer Networks 1 (Mạng Máy Tính 1) Lectured by: Dr. Phạm Trần Vũ

Data Communication Prof.A.Pal Dept of Computer Science & Engineering Indian Institute of Technology, Kharagpur Lecture - 40 Secured Communication - II

Message authentication

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

Cryptographic Checksums

Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography

Outline. Public Key Cryptography. Applications of Public Key Crypto. Applications (Cont d)

WAP Security. Helsinki University of Technology S Security of Communication Protocols

CS3235 Seventh set of lecture slides

Computer Security. 10r. Recitation assignment & concept review. Paul Krzyzanowski. Rutgers University. Spring 2018

Chapter 8. Network Security. Need for Security. An Introduction to Cryptography. Transposition Ciphers One-Time Pads

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

14. Internet Security (J. Kurose)

From Coulouris, Dollimore and Kindberg Distributed Systems: Concepts and Design. Edition 4 Pearson Education 2005

The World Wide Web is widely used by businesses, government agencies, and many individuals. But the Internet and the Web are extremely vulnerable to

The OpenSSH Protocol under the Hood

Cryptography and Network Security

Digital Signatures. Secure Digest Functions

CIS 551 / TCOM 401 Computer and Network Security. Spring 2006 Lecture 13

Authentication Handshakes

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

CS 161 Computer Security

Junos Security. Chapter 8: IPsec VPNs Juniper Networks, Inc. All rights reserved. Worldwide Education Services

Transcription:

Message Authentication Code (MAC) Key-dependent one-way hash function Only someone with a correct key can verify the hash value Easy way to turn one-way hash function into MAC is to encrypt hash value with symmetric algorithm Digital Signatures Proof of authorship or agreement with contents of a document Signature is authentic (no one but could have signed a document with her signature) Signature is unforgeable Signature is not reusable Signed document in unalterable Signature cannot be repudiated 1 2 Arbitrated Signatures wants to sign a message and send it to Bob and Trent share K A, Bob and Trent share K B encrypts the message with K A and sends it to Trent He decrypts it, adds a statement that he has received this from, encrypts it with K B and sends it to Bob Bob can also prove to Carol that he received the message from but he needs to involve Trent again 3 Public-Key Signatures encrypts the document with her private key Sends the signed document to Bob who decrypts it with her public key This signature is reusable, Bob can take the same message and claim he received it multiple times add timestamps Signing the whole document with public key is slow sign a hash of the document produced by one-way hash function 4 M S A (M) K1 Terminology 5 M,S M message K1 s private key S A (M) message M is signed by V A (C) K2 M Bob K2 s public key V A (M) signature of the message M (generated by ) is verified Digital Signatures With Encryption Combining digital signatures with public-key cryptography we gain security and authenticity first signs the message (or message digest) with her private key: S A(M) encrypts the signed message with Bob s public key: E B(S A(M)) Bob decrypts the message with his private key: D B(E B(S A(M))) = S A(M) Bob verifies s signature V A (S A(M)) = M 6 1

Digital Signatures With Encryption Only Bob can decrypt the message (security) and he knows that has sent the message (authenticity) If encrypted message digest he can also verify that the message has not been changed If added timestamps he can also verify that the message has not been replayed Man-in-the-Middle Attack On Key Exchange sends to Bob her public key Pub(A) Mallory captures this and sends to Bob Pub(M) Bob sends to his public key Pub(B) Mallory captures this and sends to Pub(M) Now and Bob correspond through Mallory who can read all their messages 7 8 Key Exchange With Interlock Protocol First four steps are the same to Bob her public key Pub(A) Mallory captures this and sends to Bob Pub(M) Bob sends to his public key Pub(B) Mallory captures this and sends to Pub(M) encrypts a message in Pub(M) but sends half to Bob Mallory cannot recover this message and duplicate it This works if Mallory cannot mimic s and Bob s messages 9 Delayed Key Exchange and Bob need not exchange keys directly to communicate generates a random session key K She obtains Bob s public key from a database and encrypts K with that E B(K) She sends both the message encrypted with K, E K(M) and a key E B(K) to Bob This is how most real-world protocols work 10 Authentication How does prove her identity? When she logs on When she sends messages to Bob Authentication On Log-on inputs her password, computer verifies this against list of passwords If computer is broken into, hackers can learn everybody s passwords Use one-way functions, store the result for every valid password Perform one-way function on input, compare result against the list 11 12 2

Authentication On Log-on Hackers can compile a list of frequently used passwords, apply one-way function to each and store them in a table dictionary attack Host adds random salt to password, applies one-way function to that and stores result and salt value Authentication On Log-on Someone sniffing on the network can learn the password Host keeps a file of every user s public key Users keep their private keys When attempts to log on, host sends her a random number R encrypts R with her private key and sends to host Host can now verify her identity by decrypting the message and retrieving R 13 14 Authentication On Log-on Lamport hash will have different password each time she logs on To set-up the system, enters random number R Host calculates x 0=h(R), x 1=h(h(R)), x 2=h(h(h(R))),..., x 100 keeps this list, host sets her password to x 101 logs on with x 100, host verifies h(x 100)=x 101, resets password to x 100 Next time logs on with x 99 15 Authentication And Key Exchange wants to exchange keys with Bob How can she be sure that she is really talking to Bob? How is this solved in the real world? Bob gets his ID from a trusted authority government, DMV Bob shows his ID to 16 Arbitrated Key Exchange Trent will play the role of trusted authority He will arbitrate key exchange and guarantee for s and Bob s identity 17 Needham-Schroeder Key Exchange sends message to Trent with her name, Bob s name and a random number A, B, R A Trent generates session key K, encrypts K, A with key he shares with Bob E TB(K, A), he then encrypts this message, K, B and R A with key he shares with E TA(K, B, R A, E TB(K, A)) decrypts the message, verifies R A and sends E TB(K, A) to Bob Bob decrypts the message, generates a random number R B and sends to E K(R B) decrypts the message, sends to Bob E K(R B-1) 18 3

Key Exchange With Digital Signatures Everyone has Trent s public key Trent signs both s and Bob s public keys he generates public-key certificate When they receive keys they verify the signature Mallory cannot impersonate or Bob because her key is signed as Mallory s Certificate usually contains more than the public key Name, network address, organization Trent is known as Certificate Authority (CA) 19 Authentication Service is trusted authority with whom everyone shares keys When a client on a network wants to talk to a server, he issues a request for a ticket to Ticket Granting () uses this ticket always when he talks to the server, sometimes he also sends authenticators s and servers do not trust each other 20 Authentication Service A ticket is used to pass securely to the server the identity of the client Good for a single client and single server for some period of time Contains client s name and network address, server s name, timestamp and a session key, all encrypted with a key server shares with Authentication Service An authenticator is generated whenever a client requests some service from the server Good only for one request Contains client s name, a timestamp and an optional additional key, all encrypted with session key 21 22 Getting Initial Ticket sends a message with her name and a name of a Ticket Granting () to generates a session key K A- to be used between her and and also generates Ticket Granting Ticket (TGT) encrypts K A- with s secret key and sends that and TGT to retrieves K A- and saves it and TGT EA-Kerb(A, ) Getting Initial Ticket Generate KA- TGT=E(A, Anetaddr,, timestamp, KA-) 23 24 4

E A-Kerb(K A-), TGT Save KA-, TGT Getting Initial Ticket 25 Getting Ticket for S sends a request with her name and server s name to, encrypted with K A-, accompanied with TGT and authenticator decrypts TGT with his secret key, retrieves K A- uses K A- to decrypt authenticator and compare s information in authenticator with information in TGT, and compare timestamps If everything matches he generates a session key K A-S and a valid ticket T A-S encrypts K A-S with K A- and sends this and T A-S to 26 Getting Ticket for S Getting Ticket for S Generate KA-S T A-S=ES(A, Anetaddr,S, timestamp, KA-S) E A-(A, S),TGT, auth=e A-(A, timestamp) E A-(K A-S), T A-S Save KA-S, T A-S S S 27 28 Requesting Service sends a valid ticket T A-S and authenticator decrypts T A-S with his secret key and retrieves K A-S uses K A-S to decrypt authenticator and compare s information in authenticator with information in T A-S, and compare timestamps If everything matches he grants the request For applications that require mutual authentication server will send to a timestamp encrypted with K A-S 29 Requesting Service Request, TA-S, auth=ea-s(a, timestamp) S 30 5

SSH Protocol for secure remote login Protocol architecture: Transport layer protocol provides server authentication, confidentiality, integrity, compression (optional) User authentication protocol authenticates the client to the server Connection protocol Multiplexes the encrypted tunnel into several logical channels SSH Transport Protocol 1. contacts the server, performs TCP 3-way handshake 2. Both sides send the protocol and software version numbers to negotiate which protocols to use 3. They negotiate key exchange 4. They perform key exchange 31 32 3-Way Handshake Negotiate Protocol 1. TCP SYN SSH protocol and sw version 2. TCP SYNACK SSH protocol and sw version 3. TCP ACK 33 34 host key algorithm 35 36 diffie-hellman-group1-sha1 host key algorithm 6

host key algorithm 37 ssh-dss, ssh-rsa, x509v3-sign-rsa, x509v3-sign-dss, spki-sign-rsa, spki-sign-dss, pgp-sign-rsa, pgp-sign-dss host key algorithm 38 3des-cbc, blowfish-cbc, twofish256-cbc, twofish192-cbc, twofish128-cbc, aes256-cbc, aes192-cbc, aes128-cbc, serpent256-cbc, serpent192-cbc, serpent128-cbc, arcfour, idea-cbc, cast128-cbc host key algorithm 39 hmac-sha1, hmac-sha1-96, hmac-md5 hmac-md5-96, none host key algorithm 40 zlib, none Key Exchange (Diffie-Hellman) e=g x mod p 41 Compute f=g y mod p K=e y mod p=g xy mod p H = hash(vc VS IC IS KS e f K) Sig signature on H with private key VC,V S version string for client and server IC, I S random numbers sent in KEXINIT message KS server s public (host) key Host Keys Each host has a host key private/public key pair used for authentication Two different trust models exist: First time client contacts a new host he stores the public key and associates it with the server name. Next time client checks if public key matches the stored value. If you have specified strict checking mismatches will be rejected, otherwise not. Host s name-to-key mapping is certified by a certification authority, client only knows CA s public key 42 7

Key Exchange (Diffie-Hellman) KS f Sig Verify KS using certificates or local database Compute K = f x mod p=g xy mod p H = hash(vc VS IC IS KS e f K) Verify signature Sig on H 43 Example ssh v copland debug1: Connecting to copland [128.175.13.92] port 22. debug1: Connection established. debug1: identity file /usa/sunshine/.ssh/identity type -1 debug1: Remote protocol version 1.99, remote software version OpenSSH_3.7.1p2 debug1: match: OpenSSH_3.7.1p2 pat OpenSSH* debug1: Enabling compatibility mode for protocol 2.0 debug1: Local version string SSH-2.0-OpenSSH_3.7.1p1 debug1: SSH2_MSG_KEXINIT sent debug1: SSH2_MSG_KEXINIT received debug1: kex: server->client blowfish-cbc hmac-md5 none debug1: kex: client->server blowfish-cbc hmac-md5 none debug1: SSH2_MSG_KEX_DH_GEX_REQUEST sent debug1: expecting SSH2_MSG_KEX_DH_GEX_GROUP debug1: SSH2_MSG_KEX_DH_GEX_INIT sent debug1: expecting SSH2_MSG_KEX_DH_GEX_REPLY Warning: Permanently added 'copland,128.175.13.92'(rsa) to the list of known hosts. debug1: ssh_rsa_verify: signature correct 44 User Authentication Protocol Runs on top of transport layer Authenticates the client s user to the server User Authentication List of authentications that can continue chooses one of the offered methods publickey, password, hostbased 45 46 User Authentication Authentication request: Username: alice Service name Authentication method name Authentication data User Authentication Authentication success or verifies that the username exists authentication data is correct Authentication failure List of authentications that can continue 47 48 8

Public Key Authentication Password Authentication X Authentication request: Username: alice Service name Authentication method name: publickey Public key algorithm name s public key Signature on session identifier and X with s private key Authentication request: Username: alice Service name Authentication method name: password Password in plaintext 49 50 Host-Based Authentication strauss X Authentication request: Username: alice Service name Authentication method name: hostbased Public key algorithm for host key Public host key and certificates host name: strauss User name on server: alicebrown Signature on session identifier and X with strauss private key sometimes does DNS lookup to verify that source address in packets and client host name match 51 Connection Protocol A channel can be open for terminal sessions, forwarded connections, etc. All channels are multiplexed onto a single connection Channels can be open from either side Send channel request describing the type of channel Request is granted if such channel is available 52 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback