Michigan State University

1
AndersonChapter 2

• CSE 825

2

• Theme protocols are hard
• and are too often incorrect.
• (Well see that later with wireless security.)

3
Replay Attack

• U ? C P
• U ? G P (Grabber)
• G ? C P

4
Password GeneratorChallenge Response(used for
MSU student data)

• S ? U N
• U ? P N, PIN
• P ? U N, PINK
• U ? S N, PINK
• S Server U User P Password Generator
• What is a nonce ?
• What is K?

5
MIG-in-the-Middle
Order?
6
Mafia-in-the-Middleassumes credit card digital
signature

• Order?
• using crypto keys (or other authentication
  mechanisms) in more than one application can be
  dangerous and letting other people bootstrap
  their own application security off yours can be
  downright foolish.

7
Basic Key ManagementAlice wants to talk to Bob
with help from Sam

• A ? S A, B
• S ? A A, B, KAB, T K_AS, A, B, KAB, T K_BS
• A ? B A, B, KAB, T K_BS, M K_AB
• Whats happening?
• Why dont A B simply exchange a key?
• What does this have to do with replay?

8
Needham-Schroeder Protocol (78)

• A ? S A, B, NA
• S ? A NA, B, KAB, KAB, A K_BS K_AS
• A ? B KAB, A K_BS
• B ? A NB K_AB
• A ? B NB - 1K_AB
• Whats a nonce? What is it for?
• Bob assumes that KAB is fresh how do you exploit
  this vulnerability?
• revocation is a problem Whats that?

9

• Kerberos is a modification of Needham-Schroeder.

10
Kerberos

• The Kerberos protocol uses strong cryptography so
  that a client can prove its identity to a server
  (and vice versa) across an insecure network
  connection. After a client and server has used
  Kerberos to prove their identity, they can also
  encrypt all of their communications to assure
  privacy and data integrity as they go about their
  business.

11

• The name "Kerberos" comes from a mythological
  three-headed dog that guarded the entrance to
  Hades.

12

• Many assume that a firewall makes them safe from
  attacks, however, statistics show that a large
  number of attacks happen from within a firewall.
• Kerberos security also addresses this issue in
  the same way that it prevents outside attacks.
• The way that this is accomplished is that
  passwords are not sent over the network in clear
  text making them unavailable to most sniffers and
  hacker tools.

13

• First Alice logs on to authentication server
  using a password.
• Kerberos server (S) provides KAS to Alice
• Alice wants to talk to Bob.
• A ? S A, B
• S ? A TS, L, KAB, B, TS, L, KAB, A K_BS K_AS
• A ? B TS, L, KAB, A K_BS , A, TA K_AB
• B ? A TA 1 K_AB
• Why (TA 1) ?
• Why timestamps?
• What vulnerability remains?
• What about First Alice logs on ?

14

• Check out Win2K Kerberos tutorial

15
Formal Verification

• BAN logic is small,
• the example proof is brief and elegant.
• Limitations are
• assumptions and
• idealization.
• Examples of how to crack tamper-resistant smart
  cards come later