Overview of Authentication Systems

Similar documents
Key Management and Distribution

Kerberos V5. Raj Jain. Washington University in St. Louis

Authentication. Overview of Authentication systems. IT352 Network Security Najwa AlGhamdi

ECE 646 Lecture 3. Key management

5. Authentication Contents

Authentication. password-based authentication. address-based authentication. cryptographic protocols. passwords as keys.

Key management. Required Reading. Stallings, Cryptography and Network Security: Principles and Practice, 5/E or 6/E

Key management. Pretty Good Privacy

ECE 646 Lecture 3. Key management. Required Reading. Using the same key for multiple messages

Key Management and Distribution

Cristina Nita-Rotaru. CS355: Cryptography. Lecture 17: X509. PGP. Authentication protocols. Key establishment.

Cryptography and Network Security Chapter 14

10/1/2015. Authentication. Outline. Authentication. Authentication Mechanisms. Authentication Mechanisms. Authentication Mechanisms

Cryptography and Network Security

Modes of Operation. Raj Jain. Washington University in St. Louis

Kerberos and Public-Key Infrastructure. Key Points. Trust model. Goal of Kerberos

Issues. Separation of. Distributed system security. Security services. Security policies. Security mechanism

Background. Network Security - Certificates, Keys and Signatures - Digital Signatures. Digital Signatures. Dr. John Keeney 3BA33

1.264 Lecture 27. Security protocols Symmetric cryptography. Next class: Anderson chapter 10. Exercise due after class

Lecture 15 PKI & Authenticated Key Exchange. COSC-260 Codes and Ciphers Adam O Neill Adapted from

CSC 5930/9010 Modern Cryptography: Public-Key Infrastructure

Ten Risks of PKI : What You re not Being Told about Public Key Infrastructure By Carl Ellison and Bruce Schneier

Digital Signature. Raj Jain

Certificateless Public Key Cryptography

Acknowledgments. CSE565: Computer Security Lectures 16 & 17 Authentication & Applications

Public-Key Infrastructure NETS E2008

Lecture Notes 14 : Public-Key Infrastructure

SSL/TLS & 3D Secure. CS 470 Introduction to Applied Cryptography. Ali Aydın Selçuk. CS470, A.A.Selçuk SSL/TLS & 3DSec 1

Part II. Raj Jain. Washington University in St. Louis

CS Computer Networks 1: Authentication

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Lecture 9a: Secure Sockets Layer (SSL) March, 2004

Crypto meets Web Security: Certificates and SSL/TLS

ECE 646 Lecture 3. Key management. Required Reading. Using Session Keys & Key Encryption Keys. Using the same key for multiple messages

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Cryptographic Protocols 1

CNT4406/5412 Network Security

KEY DISTRIBUTION AND USER AUTHENTICATION

1. Digital Signatures 2. ElGamal Digital Signature Scheme 3. Schnorr Digital Signature Scheme 4. Digital Signature Standard (DSS)

Course Administration

Protocols II. Computer Security Lecture 12. David Aspinall. 17th February School of Informatics University of Edinburgh

Security Handshake Pitfalls

Key Agreement Schemes

Cryptography and Network Security

Cryptography SSL/TLS. Network Security Workshop. 3-5 October 2017 Port Moresby, Papua New Guinea

Introduction to Network Security Missouri S&T University CPE 5420 Key Management and Distribution

Elements of Cryptography and Computer and Network Security Computer Science 134 (COMPSCI 134) Fall 2016 Instructor: Karim ElDefrawy

Lecture Note 6 KEY MANAGEMENT. Sourav Mukhopadhyay

Key distribution and certification

13/10/2013. Kerberos. Key distribution and certification. The Kerberos protocol was developed at MIT in the 1980.

Internet 3.0: Ten Problems with Current Internet Architecture and a Proposal for the Next Generation

UNIT - IV Cryptographic Hash Function 31.1

Verteilte Systeme (Distributed Systems)

Overview. SSL Cryptography Overview CHAPTER 1

Encryption and Forensics/Data Hiding

CT30A8800 Secured communications

User Authentication. Modified By: Dr. Ramzi Saifan

Password. authentication through passwords

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to share so many secrets?!?

CS 392/6813: Computer Security Fall Nitesh Saxena. *Adopted from Previous Lectures by Nasir Memon

CIS 6930/4930 Computer and Network Security. Topic 6.2 Authentication Protocols

1.264 Lecture 28. Cryptography: Asymmetric keys

CS 470 Spring Security. Mike Lam, Professor. a.k.a. Why on earth do Alice and Bob need to talk so much?!? Content taken from the following:

Authentication and Key Distribution

Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2010

CIS 6930/4930 Computer and Network Security. Topic 7. Trusted Intermediaries

Classical Encryption Techniques

Public-key Cryptography: Theory and Practice

T Cryptography and Data Security

ICS 180 May 4th, Guest Lecturer: Einar Mykletun

0/41. Alice Who? Authentication Protocols. Andreas Zeller/Stephan Neuhaus. Lehrstuhl Softwaretechnik Universität des Saarlandes, Saarbrücken

Security and Privacy in Computer Systems. Lecture 7 The Kerberos authentication system. Security policy, security models, trust Access control models

Proving who you are. Passwords and TLS

Authentication in real world: Kerberos, SSH and SSL. Zheng Ma Apr 19, 2005

Introduction to Cryptography. Ramki Thurimella

CSE 565 Computer Security Fall 2018

Security. Alessandro Margara Slides based on previous work by Matteo Migliavacca and Alessandro Sivieri

Information Security. message M. fingerprint f = H(M) one-way hash. 4/19/2006 Information Security 1

Outline Key Management CS 239 Computer Security February 9, 2004

CPSC 467b: Cryptography and Computer Security

Security Handshake Pitfalls

Digital Certificates Demystified

X.509. CPSC 457/557 10/17/13 Jeffrey Zhu

6 Public Key Infrastructure 6.1 Certificates Structure of an X.509 certificate X.500 Distinguished Name and X.509v3 subjectalternativename

Kerberos. Pehr Söderman Natsak08/DD2495 CSC KTH 2008

Trusted Intermediaries

AIT 682: Network and Systems Security

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

SEEM4540 Open Systems for E-Commerce Lecture 03 Internet Security

Understanding HTTPS CRL and OCSP

Module: Authentication. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Network Security Essentials

Cryptography CS 555. Topic 16: Key Management and The Need for Public Key Cryptography. CS555 Spring 2012/Topic 16 1

PKI Services. Text PKI Definition. PKI Definition #1. Public Key Infrastructure. What Does A PKI Do? Public Key Infrastructures

6.033 Computer System Engineering

CSC/ECE 774 Advanced Network Security

Cryptography (Overview)

Lecture 4: Cryptography III; Security. Course Administration

Chapter 9: Key Management

CIS 6930/4930 Computer and Network Security. Final exam review

Transcription:

Overview of Authentication Systems Raj Jain Washington University in Saint Louis Saint Louis, MO 63130 Jain@cse.wustl.edu Audio/Video recordings of this lecture are available at: http://www.cse.wustl.edu/~jain/cse571-07/ 9-1

Overview! Passwords! Address based authentication! Key Distribution Center (KDC)! Certification Authorities (CAs)! Multiple Trust Domains! Session Keys! Delegation 9-2

Passwords! Do not store passwords in clear. Store hashes. Subject to offline attack! Encrypt the hash storage. Where do you keep the master key?! Do not transmit passwords in clear.! Use password as a key to encrypt a challenge. Cryptographic Authentication 9-3

Address based authentication! /etc/hosts.equiv file in UNIX.! John Smith can do on B whatever he is allowed to do on A. Users need to have the same name on all machines.! Per user.rhosts files. Lists <address, remote account name> that can access this account.! Issue: Attacker can gain access to all machines! Attacker can change IP addresses of machines and can access remote resources of all users on that machine.! Attacker can use source route <A, X, D> to send messages to D (from A). 9-4

Machine vs. Person Authentication! Machines can store long secret keys.! Person's password can be used to decrypt a long secret key or private key. 9-5

Secret Keys for an N-System N Network A B F C E D! n system need n(n-1)/2 pairs of secret keys! Each system remembers n-1 keys.! If a new system comes in n new key are generated.! If a system leaves, n-1 keys are removed. 9-6

Key Distribution Center (KDC) A B F KDC C E D! Each node is configured with KDC's key! KDC has all the keys.! KDC sends a key encrypted with A's key and B's key to A.! Issues: " If KDC is compromised, all systems are compromised. " KDC is single point of failure or performance bottleneck. " KDC has to be on-line all the time. 9-7

Certification Authorities (CAs)! Unsigned public keys can be tampered.! Public Keys are signed by CAs Certificates.! Each system is configured with CA's public key.! CA's don't have to be on-line.! A compromised CA cannot decrypt conversations. 9-8

Certificate Revocations Lists (CRL)! The lists are published regularly.! Certificates are checked in a recent CRL.! Certificate contains user's name, public key, expiration time, a serial number, and CA's signature on the content. 9-9

KDCs in Multiple Trust Domains 9-10

KDCs in Multiple Trust Domains (Cont)! Some pairs of KDCs have a secret key! Issue: Every pair of KDC needs a shared key KDC hierarchy! Issue: Every pair of KDC needs a shared key KDC hierarchy 9-11

CA's in Multiple Domains! Each CA has a certificate from the other.! Alice with Boris's certificate and Boris's CA's certificate issued by Alice's CA can authenticate Boris CA Alice CA Borish Alice Boris 9-12

Session Keys! Public key is used to exchange a secret key.! Each session should start with a new secret key. 9-13

Delegation! Authentication forwarding! A signed message with time limit and details of privileges 9-14

Summary! Passwords should not be stored or transmitted in clear Use to generate keys! Address based authentication is not safe.! Key Distribution Center (KDC): Single point of failure! Certification Authorities (CAs) sign public keys.! Multiple Trust Domains: Hierarchy of KDCs or CAs 9-15

Homework 9! Read Chapter 9 of the textbook! Submit answers to Exercise 9.3! Extend the scenario in Section 9.7.4.1 Multiple KDC Domains to a chain of three KDCs. In other words assume that Alice wants to talk to Boris through a chain of three KDCs (Alice s KDC, A KDC that has shared keys with both Alice s KDC and Boris s KDC and finally, Boris s KDC). Give the sequence of events necessary to establish communication. 9-16

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback