CMSC 414 Computer and Network Security Lecture 21

1
CMSC 414Computer (and Network) SecurityLecture
21

• Jonathan Katz

2
Administrative stuff

• HW4 on the way

3
Adding mutual authentication

• Double challenge-response in 3 rounds (4 if
  include initial hello message)
• Variant in which user sends nonce first?
• Insecure
• To improve security, make protocol asymmetric
• No such attack on previous protocol
• Security principle let initiator prove its
  identity first
• Also vulnerable to off-line password guessing
  without eavesdropping

4
Public-key based

• Ex 6 Double challenge-response
• Issues
• How does each party learn the other partys
  public key?
• How does a party obtain its own secret key (i.e.,
  if logging-in remotely)
• Can download information, protected by a password

5
Using timestamps?

• Ex 7 User sends MAC(time), server responds with
  MAC(time1)
• Vulnerabilities?
• Symmetric protocol

6
Establishing a session key

• One-way Challenge-response compute session key
  as FK(R1)
• Secure if F is a pseudorandom permutation?
• (Potential attack)

7
Public-key based

• Include Epk(session-key) in protocol?
• Encrypt session-key and sign the result?
• No forward secrecy
• Potentially vulnerable to replay attacks
• User sends E(R1) server sends E(R2) session key
  is R1R2
• Reasonable

8
Authenticated Diffie-Hellman

• Add signatures/MACs and nonces to Diffie-Hellman
  protocol
• Note achieves forward secrecy
• What if we had used encryption instead?