Fall 2010/Lecture 32 1

Similar documents
Information Security CS 526

Data Security and Privacy. Topic 14: Authentication and Key Establishment

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

Spring 2010: CS419 Computer Security

Datasäkerhetsmetoder föreläsning 7

Key Management and Distribution

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

Cryptographic Protocols 1

Diffie-Hellman. Part 1 Cryptography 136

Cryptography and Network Security

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Cryptography and Network Security

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

Lecture 15 Public Key Distribution (certification)

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

CS Computer Networks 1: Authentication

Lecture 13. Public Key Distribution (certification) PK-based Needham-Schroeder TTP. 3. [N a, A] PKb 6. [N a, N b ] PKa. 7.

Authentication in Distributed Systems

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

1. Diffie-Hellman Key Exchange

Key distribution and certification

13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.

Authentication and Key Distribution

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

Authentication Handshakes

CSC 474/574 Information Systems Security

Session key establishment protocols

Session key establishment protocols

CPSC 467b: Cryptography and Computer Security

Course Administration

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Module: Cryptographic Protocols. Professor Patrick McDaniel Spring CMPSC443 - Introduction to Computer and Network Security

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Key Management and Distribution

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

Lecture 2 Applied Cryptography (Part 2)

Cryptographic Checksums

T Cryptography and Data Security

CSC/ECE 774 Advanced Network Security

Chapter 9: Key Management

Security Handshake Pitfalls

Security Handshake Pitfalls

User Authentication Principles and Methods

Computer Security 3e. Dieter Gollmann. Chapter 15: 1

Security protocols and their verification. Mark Ryan University of Birmingham

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Key Agreement. Guilin Wang. School of Computer Science, University of Birmingham

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Network Security Essentials

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

Lecture 1: Course Introduction

CS 6324: Information Security More Info on Key Establishment: RSA, DH & QKD

COMPUTER & NETWORK SECURITY

Public-Key Infrastructure NETS E2008

18733: Applied Cryptography Anupam Datta (CMU) Basic key exchange. Dan Boneh

Unit-VI. User Authentication Mechanisms.

Network Security (NetSec)

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

KEY AGREEMENT PROTOCOLS. CIS 400/628 Spring 2005 Introduction to Cryptography. This is based on Chapter 13 of Trappe and Washington

Key Establishment. Chester Rebeiro IIT Madras. Stinson : Chapter 10

Key Establishment and Authentication Protocols EECE 412

Strong Password Protocols

CSCI 667: Concepts of Computer Security. Lecture 9. Prof. Adwait Nadkarni

Network Security. Chapter 7 Cryptographic Protocols

Cryptography and Network Security Chapter 13. Digital Signatures & Authentication Protocols

Cryptography Lecture 9 Key distribution and trust, Elliptic curve cryptography

CS3235 Seventh set of lecture slides

Lecture 19: cryptographic algorithms

Cryptography and Network Security Chapter 14

Lecture Notes 14 : Public-Key Infrastructure

CSC 774 Network Security

L7: Key Distributions. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Chapter 8. Network Security. Cryptography. Need for Security. An Introduction to Cryptography 10/7/2010

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

Crypto meets Web Security: Certificates and SSL/TLS

Lecture 6.2: Protocols - Authentication and Key Exchange II. CS 436/636/736 Spring Nitesh Saxena. Course Admin

INFSCI 2935: Introduction of Computer Security 1. Courtesy of Professors Chris Clifton & Matt Bishop. INFSCI 2935: Introduction to Computer Security 2

Kurose & Ross, Chapters (5 th ed.)

Public Key Infrastructure

Lecture 7 - Applied Cryptography

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Elements of Security

CSC 482/582: Computer Security. Security Protocols

Encryption 2. Tom Chothia Computer Security: Lecture 3

Cryptography and Network Security. Prof. D. Mukhopadhyay. Department of Computer Science and Engineering. Indian Institute of Technology, Kharagpur

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Lecture 6 - Cryptography

Trusted Intermediaries

AIT 682: Network and Systems Security

What did we talk about last time? Public key cryptography A little number theory

Encryption. INST 346, Section 0201 April 3, 2018

KEY DISTRIBUTION AND USER AUTHENTICATION

CT30A8800 Secured communications

Transcription:

CS 426 (Fall 2010) Key Distribution & Agreement Fall 2010/Lecture 32 1

Outline Key agreement without t using public keys Distribution of public keys, with public key certificates Diffie-Hellman Protocol Correction: Also discovered earlier in GCHQ, by Malcolm J. Williamson in 1974. Fall 2010/Lecture 32 2

Key Agreement in Symmetric Crypto For a group of N parties, every pair needs to share a different key Needs to establish N(N-1)/2 keys Solution: Uses a central authority, a.k.a., Trusted Third Party y( (TTP) Every party shares a key with a central server. How to achieve that in an organization with many users? Fall 2010/Lecture 32 3

Needham-Schroeder Shared-Key Protocol: Use Trusted Third Party Parties: A, B, and trusted server T Setup: A and T share K AT, B and T share K BT Goal: Mutual entity authentication between A and B; key establishment Messages: A T: A, B, N A (1) A T: E[K AT ] (N A, B, k, E[K BT ](k,a)) (2) A B: E[K BT ](k (k, A) (3) A B: E[k] (N B ) (4) A B: E[k] (N B -1) (5) What bad things can happen if there is no N A? Another subtle flaw in Step 3. Fall 2010/Lecture 32 4

Kerberos Implement the idea of Needham- Schroeder protocol Kerberos is a network authentication protocol Provides authentication and secure communication Relies entirely on symmetric cryptography Developed at MIT: two versions, Version 4 and dversion 5( (specified as RFC1510) http://web.mit.edu/kerberos/www Used in many systems, e.g., Windows 2000 and later as default authentication protocol Fall 2010/Lecture 32 5

Kerberos Overview One issue of Needham-Schroeder Needs the key each time a client talks with a service Solution: Separates TTP into an AS and a TGT. The client authenticates to AS using a long-term shared secret and receives a TGT. supports single sign-on Later the client can use this TGT to get additional tickets from TGS without t resorting to using the shared secret. These tickets can be used to prove authentication to SS. AS = Authentication Server SS = Service Server TGS = Ticket Granting Server TGT = Ticket Granting Ticket Fall 2010/Lecture 32 6

Overview of Kerberos Fall 2010/Lecture 32 7

Kerberos Drawback Single point of failure: requires online Trusted Third Party: Kerberos server Security partially depends on tight clock synchronization. Convenience requires loose clock synchronization Use timestamp in the protocol The default configuration requires synchronization to with 10 minutes. Useful primarily inside an organization Does it scale to Internet? What is the main difficulty? Fall 2010/Lecture 32 8

Public Keys and Trust Public Key: P A Secret key: S A How are public keys stored? Public Key: P B Secret key: S B How to obtain the public key? How does Bob know or trusts that P A is Alice s public key? Fall 2010/Lecture 32 9

Distribution of Public Keys Public announcement: users distribute public keys to recipients or broadcast to community at large Publicly l available directory: can obtain greater security by registering g keys with a public directory Both approaches have problems, and are vulnerable to forgeries Fall 2010/Lecture 32 10

Public-Key Certificates A certificate binds identity (or other information) to public key Contents digitally signed by a trusted Public-Key or Certificate Authority (CA) Can be verified by anyone who knows the public-key authority s public-key For Alice to send an encrypted message to Bob, obtains a certificate of Bob s public key Fall 2010/Lecture 32 11

Public Key Certificates Fall 2010/Lecture 32 12

X.509 Certificates Part of X.500 directory service standards. Started in 1988 Defines framework for authentication services: Defines that public keys stored as certificates in a public directory. Certificates are issued and signed by an entity called certification authority (CA). Used by numerous applications: SSL, IPSec, SET Example: see certificates t accepted by your browser Fall 2010/Lecture 32 13

How to Obtain a Certificate? Define your own CA (use openssl or Java Keytool) Certificates unlikely to be accepted by others Obtain certificates from one of the vendors: VeriSign, Thawte, and many others Fall 2010/Lecture 32 14

CAs and Trust Certificates are trusted if signature of CA verifies Chain of CA s can be formed, head CA is called root CA In order to verify the signature, the public key of the root CA should be obtain. TRUST is centralized (to root CA s) and hierarchical What bad things can happen if the root CA system is compromised? How does this compare with the TTP in Needham/Schroeder protocol? Fall 2010/Lecture 32 15

Key Agreement: Diffie-Hellman Protocol Key agreement protocol, both A and B contribute to the key Setup: p prime and g generator of Z p *, p and g public. g a mod p g b mod p Pick random, secret a Compute and send g a mod p K=(g b mod p) a =g ab mod p Pick random, secret b Compute and send g b mod p K = (g a mod p) b = g ab mod p Fall 2010/Lecture 32 16

Authenticated Diffie-Hellman g a mod n g c mod n g c mod n g b mod n Alice computes g ac mod n and Bob computes g bc mod n!!! C Alice, g a mod n, Sign Alice (g a mod n) C Bob, g b mod n, Sign Bob (g b mod n) Fall 2010/Lecture 32 17

Readings for This Lecture On Wikipedia Needham-Schroeder protocol (only the symmetric key part) Public Key Certificates Fall 2010/Lecture 32 18

Coming Attractions Network Security Fall 2010/Lecture 32 19

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback