Computer and Network Security

1
Computer and Network Security

• Security Handshake Pitfalls
• (Chapter 11)

2
Security Protocol

• An agreement between communication parties about
  the process and the format of security bootstrap,
  authentication, key establishment,
  encryption/hashing algorithm and parameter
  negotiation, etc.
• Typically include
• Authentication handshake
• Session key negotiation, algorithm/parameter
  negotiation
• Data encryption and/or integrity protection

3
Security Bootstrap

• Shared secret
• Password (for human users)
• Preshared key (between firewalls)
• Ticket by KDC (among a large number of
  participates)
• Public key
• Manually configured
• Certificate by CA

4
One-way Authentication by Shared Secret (Protocol
1)

• Let K be the shared secret.
• Alice ? Bob Im Alice
• Bob ? Alice a challenge R
• Alice ? Bob a response KR or hash(R, K)
• One-way authentication
• Session hijack
• Off-line password-guessing attack
• If servers password file is hacked,

5
Protocol 2

• Let K be the shared secret.
• Alice ? Bob Im Alice
• Bob ? Alice KR
• Alice ? Bob R
• Issues same as Protocol 1
• If R is a recognizable number (e.g., with a fixed
  number of tailing zero), then it does mutual
  authentication, but also makes the off-line
  password-guessing attack easier.
• Make R recognizable but with limited lifetime.
  For instance, timestamp. It however requires
  clock synchronization.
• Question Alice -gt KR00. Can Bob authenticate
  Alice?

6
Protocol 3

• Let K be the shared secret.
• Alice ? Bob Im Alice, Ktimestamp
• Advantage a) It can be easily added into an
  existing protocol. b) Bob is stateless.
• Issues
• replay attack
• some secret for multiple servers
• reset-clock attack

7
Protocol 4

• Let K be the shared secret
• Alice ? Bob Im Alice, timestamp, hash(K,
  timestamp)
• What if timestamp is not sent?

8
One-Way Authentication by Public Key

• Alice has her private key. Bob has Alices public
  key.
• Protocol 5
• Alice ? Bob Im Alice
• Bob ? Alice R
• Alice ? Bob RAlice
• Protocol 6
• Alice ? Bob Im Alice
• Bob ? Alice RAlice
• Alice ? Bob R
• Attacks exploiting same-key different-uses

9
Mutual Authentication by Secret Key (protocol 7)

• Alice ? Bob Im Alice
• Bob ? Alice R1
• Alice ? Bob KR1 or hash(R1, K)
• Alice ? Bob R2
• Bob ? Alice KR2 or hash(R2, K)

10
Protocol 8

• Alice ? Bob Im Alice, R2
• Bob ? Alice R1, KR2 or hash(R2, K)
• Alice ? Bob KR1 or hash(R1, K)
• Problem reflection attack
• Solution Alice and Bob should not do the same
  thing --- different keys or different challenges

11
Protocol 11

• Alice ? Bob Im Alice
• Bob ? Alice R1
• Alice ? Bob KR1, R2
• Bob ? Alice KR2
• Less vulnerable to password guessing. The attack
  has to eavesdrop.

12
Mutual Authentication by Public Key (Protocol 12)

• Alice (Bob) know her (his) own private key and
  the other partys public key.
• Protocol 12
• Alice ? Bob Im Alice, R2Bob
• Bob ? Alice R2, R1Alice
• Alice ? Bob R1
• Variant
• Alice ? Bob Im Alice, R2
• Bob ? Alice R2Bob, R1
• Alice ? Bob R1Alice

13
Mutual Authentication by Timestamps (Protocol 13)

• Alice ? Bob Im Alice, Ktimestamp
• Bob ? Alice Ktimestamp 1
• Issue reflection attack, clock synchronization