Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi

Similar documents
Overview of Authentication Systems

5. Authentication Contents

CNT4406/5412 Network Security

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

UNIT - IV Cryptographic Hash Function 31.1

Password. authentication through passwords

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

CS November 2018

Authentication. password-based authentication. address-based authentication. cryptographic protocols. passwords as keys.

Test 2 Review. 1. (10 points) Timestamps and nonces are both used in security protocols to prevent replay attacks.

Security Handshake Pitfalls

1 Identification protocols

CPSC 467b: Cryptography and Computer Security

User Authentication. Modified By: Dr. Ramzi Saifan

Chapter 9: Key Management

Security Handshake Pitfalls

6. Security Handshake Pitfalls Contents

User Authentication. Modified By: Dr. Ramzi Saifan

CS Computer Networks 1: Authentication

Test 2 Review. (b) Give one significant advantage of a nonce over a timestamp.

Encryption and Forensics/Data Hiding

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

Authentication. Strong Password Protocol. IT352 Network Security Najwa AlGhamdi

CSC 482/582: Computer Security. Security Protocols

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

Kurose & Ross, Chapters (5 th ed.)

Digital Signatures. Secure Digest Functions

CSC 474 Network Security. Authentication. Identification

Cryptographic Checksums

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

CRYPTOLOGY KEY MANAGEMENT CRYPTOGRAPHY CRYPTANALYSIS. Cryptanalytic. Brute-Force. Ciphertext-only Known-plaintext Chosen-plaintext Chosen-ciphertext

Public-key Cryptography: Theory and Practice

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

Security Handshake Pitfalls

AIT 682: Network and Systems Security

Authentication. Identification. AIT 682: Network and Systems Security

HY-457 Information Systems Security

Spring 2010: CS419 Computer Security

HOST Authentication Overview ECE 525

Cryptography & Key Exchange Protocols. Faculty of Computer Science & Engineering HCMC University of Technology

Trusted Intermediaries

AIT 682: Network and Systems Security

Outline. Login w/ Shared Secret: Variant 1. Login With Shared Secret: Variant 2. Login Only Authentication (One Way) Mutual Authentication

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

Strong Password Protocols

Lecture 7 - Applied Cryptography

Full file at

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Key distribution and certification

13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.

ICT 6541 Applied Cryptography Lecture 8 Entity Authentication/Identification

CIS 6930/4930 Computer and Network Security. Topic 6. Authentication

Overview. Cryptographic key infrastructure Certificates. May 13, 2004 ECS 235 Slide #1. Notation

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

Computer Security 3/20/18

L8: Public Key Infrastructure. Hui Chen, Ph.D. Dept. of Engineering & Computer Science Virginia State University Petersburg, VA 23806

Computer Networks. Network Security and Ethics. Week 14. College of Information Science and Engineering Ritsumeikan University

Computer Security. 08. Authentication. Paul Krzyzanowski. Rutgers University. Spring 2018

Authentication and Key Distribution

Computer Networks. Wenzhong Li. Nanjing University

CMSC 414 S09 Exam 2 Page 1 of 6 Name:

Authentication CHAPTER 17

ח'/סיון/תשע "א. RSA: getting ready. Public Key Cryptography. Public key cryptography. Public key encryption algorithms

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Public Key Algorithms

CSC 774 Network Security

CS 161 Computer Security

ECE 646 Lecture 3. Key management

Cryptography Functions

Computer Security. 08r. Pre-exam 2 Last-minute Review Cryptography. Paul Krzyzanowski. Rutgers University. Spring 2018

Security issues: Encryption algorithms. Threats Methods of attack. Secret-key Public-key Hybrid protocols. CS550: Distributed OS.

Introduction. Trusted Intermediaries. CSC/ECE 574 Computer and Network Security. Outline. CSC/ECE 574 Computer and Network Security.

Encryption. INST 346, Section 0201 April 3, 2018

ECEN 5022 Cryptography

CSC/ECE 774 Advanced Network Security

Key Management and Distribution

Cryptography and Network Security Chapter 14

David Wetherall, with some slides from Radia Perlman s security lectures.

Chapter 8 Security. Computer Networking: A Top Down Approach. 6 th edition Jim Kurose, Keith Ross Addison-Wesley March 2012

Security Handshake Pitfalls

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

Outline Key Management CS 239 Computer Security February 9, 2004

14. Internet Security (J. Kurose)

Introduction to Cryptography in Blockchain Technology. December 23, 2018

Worksheet - Reading Guide for Keys and Passwords

Distributed Systems. 26. Cryptographic Systems: An Introduction. Paul Krzyzanowski. Rutgers University. Fall 2015

Chapter 6: Digital Certificates Introduction Authentication Methods PKI Digital Certificate Passing

CS530 Authentication

Ref:

Kerberos V5. Raj Jain. Washington University in St. Louis

Diffie-Hellman. Part 1 Cryptography 136

Security and Anonymity

Network Security. Computer Networking: A Top Down Approach Featuring the Internet, 2 nd edition. Jim Kurose, Keith Ross Addison-Wesley, July 2002.

Security. Communication security. System Security

Lecture 5: Protocols - Authentication and Key Exchange* CS 392/6813: Computer Security Fall Nitesh Saxena

What did we talk about last time? Public key cryptography A little number theory

Transcription:

Authentication Overview of Authentication systems 1

Approaches for Message Authentication Authentication is process of reliably verifying the identity of someone. Authentication Schemes 1. Password-based authentication. 2. Address-based authentication. 3. Cryptographic authentication. 2

Password-Based Authentication It s a secret quantity (password) that you state to prove you know it. Alice I m Alice, the password is abc Bob The big problem with this authentication scheme is Eavesdropping. An example Some older cell phones transmit the (telephone number +password ) when making a call. If the password corresponds to the telephone number, the phone company lets the call go and bills the caller. The problem anyone can eavesdrop on cell phone and clone such a phone. 3

Password-Based Authentication Offvs. On-line password guessing 1. On-Line attack One way of guessing the passwords is simply to type passwords at the system that is going to verify the password. To prevent : system can make it impossible to guess too many pwd. Example : the ATM eat your card after 3 incorrect pwd. 2. Off-line attack (Dictionary Attack) An intruder can capture a quantity X that is derived from a pwd in a known way, then a brute force is applied to guess the pwd. 4

Password-Based Authentication Storing user pwd. Pwd is stored in one of the following forms 1. User s authentication information is individually configured into every server that user will use. 2. in authentication storage node: which will store user information and servers retrieve tat information when they want to authenticate that user. 3. Authentication facilitator node : store user s information. a server that wants to authenticate that user sends information received from that user to the Authentication facilitator node. this node does the authentication and tell the server yes or no. 5

Password-Based Authentication Storing user pwd. In (2) and (3) its important that the server to authenticate storage and facilitator. Its undesirable to have database of unencrypted passwords. Someone could capture the database by breaking into the database node. Alternatives : 1. To store hashes of passwords. UNIX & VMS do that. 2. To encrypt stored password so that the server decrypt a given password when needed). Encryption done with node s key. 3. Hybrid : its possible to combine both techniques by encrypting a database of hashed passwords. 6

Address-Based Authentication The identity of the source can be inferred based on the network address from which the packet arrive. Each computer will store the information which specifies accounts on other computers that should have access to its resources. Example : Account name : Smith, in machine that has network address N is allowed to access computer C. If request arrive from address N on behalf of Smith, then C will honor the request. 7

Address-Based Authentication Account mapping scheme 1. Machine B might have a list of network address of equivalent machines. If machine A is listed, then any account name on A is equivalent to same account name on B. Machines A B Accounts John_ Smith Equivalent John_ Smith Problem is that users has to have identical account name in all systems. 8

Address-Based Authentication Account mapping scheme Unix implements two account mapping scheme hosts.equiv and.rhosts files list hosts and users that are trusted by the local host when a connection is made 1. First Scheme: A global file /etc/hosts.equiv contains trusted remote hosts. 2. 2 nd Scheme: In each user s home directory, a per-user.rhosts file contains host-user <computer,account>pairs. 9

3.Cryptogrpahic -Based Authentication Much more secure than previous methods. Authentication done using 1. Secret key encryption Alice and Bob both know secret key K AB. Alice picks a random number (challenge) r A. Bob picks a random number (challenge) r B. r A 10 Alice E( r A, K AB) r B E(r B, K AB) Bob

3.Cryptogrpahic -Based Authentication 2. Public key encryption Alice will pick r Alice encrypt r using Bob s public key. Bob ) decrypt it using his private key and sends r back to alice. Alice E( r, e B ) r=d(e( r, e B ) d B ) Bob 11

3.Cryptogrpahic -Based 3. Hash Authentication Alice and Bob both know secret key K AB. Alice picks a random number (challenge) r A Bob picks a random number (challenge) r B. r A Alice H( r A K AB) r B H(r B, K AB) Bob 12 12

Trusted Intermediaries If network is fairly large (n nodes) then each computer needs to know (n-1) keys. Help is needed 1. Key Distribution Center (KDC) A trusted node that knows keys of all nodes. If a new node is added, then KDC need to be configured with a key for that node. 2. Certification Authorities (CAs). Trusted node that generate certificates which signed a message specifying a sender and their public key. 13

Trusted Intermediaries If network is fairly large (n nodes) then each computer needs to know (n-1) keys. Help is needed 1. Key Distribution Center (KDC) A trusted node that knows keys of all nodes. If a new node is added, then KDC need to be configured with a key for that node. 2. Certification Authorities (CAs). Trusted node that generate certificates which signed a message specifying a sender and their public key. 14

Trusted Intermediaries Certification Authorities (CAs). Create token (message) containing Identity of principal (here, Alice) Corresponding public key Timestamp (when issued) Other information (perhaps identity of signer) signed by trusted authority (here, Cathy) C A = { e A Alice T } d C 15

X.509 Certificates digitally singed Version Serial number Signature algorithm ID Issuer Validity period Subject Subject public key Issuer unique ID (op) Subject unique ID (op) Extensions (optional) CA digital signature 16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback