CMSC 414 Computer (and Network) Security Lecture 22 - PowerPoint PPT Presentation

1 / 11
About This Presentation
Title:

CMSC 414 Computer (and Network) Security Lecture 22

Description:

Generally, want to provide both secrecy and integrity for subsequent conversation ... KAB and sends it to Alice and Bob, encrypted with their respective keys ... – PowerPoint PPT presentation

Number of Views:17
Avg rating:3.0/5.0
Slides: 12
Provided by: jka9
Learn more at: http://www.cs.umd.edu
Category:

less

Transcript and Presenter's Notes

Title: CMSC 414 Computer (and Network) Security Lecture 22


1
CMSC 414Computer (and Network) SecurityLecture
22
  • Jonathan Katz

2
Administrative stuff
  • HW4 is out

3
One-way authentication
  • If only the server has a known public key (e.g.,
    SSL)
  • Server sends R
  • Client sends Epk(R, password, session-key)
  • Insecure in general!!!
  • But secure if encryption scheme is chosen
    appropriately

4
Using session keys
  • Generally, want to provide both secrecy and
    integrity for subsequent conversation
  • Use encrypt-then-MAC
  • Use sequence numbers to prevent replay attacks
  • Use a directionality bit
  • Periodically refresh the session key

5
Mediated authentication
  • E.g., using KDC
  • Simple protocol
  • Alice requests to talk to Bob
  • KDC generates KAB and sends it to Alice and Bob,
    encrypted with their respective keys
  • Note no authentication here, but impostor cant
    determine KAB

6
Improvement
  • Have KDC send to Alice the encryption of KAB
    under Bobs key
  • Reduces communication load on KDC
  • Resilient to message delays in network

7
Needham-Schroeder
  • A?KDC N1, Alice, Bob
  • KDC?A KA(N1, Bob, KAB, ticket), where ticket
    KB(KAB, Alice)
  • A?B ticket, KAB(N2)
  • B?A KAB(N21, N3)
  • A?B KAB(N31)

8
Analysis?
  • N1 assures Alice that she is talking to KDC
  • Prevents key-replay, in case Bob changes KB
  • Important authenticate Bob in message 2, and
    Alice in ticket
  • Uses encryption to authenticate ?
  • Leads to actual flaw if, e.g., ECB mode is used!
  • Vulnerable if Alices key is compromised
  • Bobs ticket is always valid
  • Use timestamps, or request (encrypted) nonce from
    Bob at the very beginning of the protocol

9
Otway-Rees
  • A?B NC, KA(NA, NC, Alice, Bob)
  • B?KDC KA(), KB(NB, NC, Alice, Bob)
  • KDC checks that NC is the same
  • KDC?B NC, KA(NA, KAB), KB(NB, KAB)
  • B?A KA()
  • A?B KAB(timestamp)
  • Note KDC already authenticated Bob

10
Analysis?
  • NC should be unpredictable, not just a nonce
  • Otherwise, can impersonate B to KDC
  • Send first message (next NC), garbage
  • B forwards to KDC along with encryption of the
    next NC
  • Next time A initiates a conversation, replay
    previous message from B
  • Still uses encryption for authentication ?
  • Serious attack if ECB is used
  • Replace KAB with NC

11
Kerberos
  • (Will possibly discuss in more detail later)
  • A?KDC N1, Alice, Bob
  • KDC?A KA(N1, Bob, KAB, ticket), where ticket
    KB(KAB, Alice, expiration time)
  • A?B ticket, KAB(time)
  • B?A KAB(time1)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CMSC 414 Computer (and Network) Security Lecture 22" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!