Computer security: authentication of principals and cryptographic protocols

1
Computer security authentication of
principalsand cryptographic protocols

• 6.033 Spring 2007

2
HKN Underground Guide

• https//sixweb.mit.edu/student/evaluate/6.033-s200
  7
• Link posted on 6.033 home page
• Deadline May 20

3
key distribution
Charles
3. M As Kapub , sign(M, KCpriv)
2. Alice?
Bob
Alice
1. M, Sign(M, KApriv)

• 3 is a certificate for Alices public key
• Charles is called a certificate authority
• The interaction is an example of a cryptographic
  protocol

4
Shorter notation
Charles
3. As Kapub KCpriv
2. Alice?
Bob
Alice
1. MKBpubKApriv

• Subscript for signing
• Superscript for encrypting

5
Denning-Sacco
CA
A, B
A, KApub, TKCApriv A, KBpub, TKCApriv
A, KApub, TKCAprivKAB, TKAprivKBpub
Bob
Alice
data, TKAB

• Authenticate Alice to Bob and Bob to Alice
• Set up a shared-secret key

6
Impersonation Attack
Thinks Bob is Alice
Charles
A, KApub, TKCApriv KAB, TKaprivKCpub
A, KApub, TKCAprivKAB, TKAprivKBpub
A, KApub, TKCAprivKAB, TKAprivKBpub
Alice
Bob
7
Denning-Sacco (fixed)
CA
A, B
A, KApub, TKCApriv A, KBpub, TKCApriv
A, KApub, TKCAprivA, B, KAB, TKAprivKBpub
Bob
Alice
A, B, data, TKAB
Be explicit!
8
Example Web (SSL simplified)

• U https//www.amazon.com
• B ?W randomc, session-id, ciphersuites
• B ? W randoms, session-id, amazon.com,
  Kpub-amazonKversign
• B verify(amazon.com, Kpub-amazonKversign,
  Kpub-verisign)?
• B ?W pre-master-secretKpub-amazon
• ......

9
X509 certificate

• struct X509_certificate
• unsigned version
• unsigned serial
• signature_cipher_identifier
• issuer_signature
• issuer_name
• subject_name
• subject_public_key_cipher_identifier
• subject_public_key
• validity_period

10
(No Transcript)
11
(No Transcript)