CMSC 414 Computer and Network Security Lecture 17 - PowerPoint PPT Presentation

About This Presentation
Title:

CMSC 414 Computer and Network Security Lecture 17

Description:

... and have user decrypt it. Mutual authentication (if decrypts 'validly' ... And how to fix it... Public-key based... Include Epk(session-key) in protocol? ... – PowerPoint PPT presentation

Number of Views:28
Avg rating:3.0/5.0
Slides: 12
Provided by: jka9
Learn more at: https://www.cs.umd.edu
Category:

less

Transcript and Presenter's Notes

Title: CMSC 414 Computer and Network Security Lecture 17


1
CMSC 414Computer and Network SecurityLecture 17
  • Jonathan Katz

2
Diffie-Hellman key exchange
  • Secure against passive eavesdropping
  • but insecure against a man-in-the-middle attack

3
Adding key exchange
  • Not sufficient to simply add on key
    establishment before/after authentication
  • Splicing attack
  • Need authenticated key exchange

4
Authentication Protocols (Chapter 11, KPS)
5
Overview
  • Protocol design is subtle
  • Small changes can make a protocol insecure!
  • Historically, designed in an ad-hoc way, by
    checking protocol for known weaknesses
  • Great example of where provable security helps!

6
Example
  • Reverse challenge-response
  • I.e., send a ciphertext and have user decrypt it
  • Mutual authentication (if decrypts validly)??
  • Weaknesses?
  • Uses encryption for authentication
  • (Note that a MAC cannot, in general, be used)
  • Vulnerable to dictionary attack just by false
    attempted login (not eavesdropping)
  • Authentication of server assumes no replay

7
Example
  • User sends time, MACK(time)
  • What if she had used encryption, or a hash?
  • What about just sending MACK(time)?
  • Considerations?
  • Requires (loosely) synchronized clocks
  • Must guard against replay
  • What if user has same key on multiple servers?
  • Clock reset attacks clock DoS attacks!
  • No mutual authentication

8
Adding mutual authentication
  • Double challenge-response (symmetric key) in 4
    rounds
  • Variant in which user sends nonce first?
  • Insecure (reflection attack)
  • Also vulnerable to off-line password guessing
    without eavesdropping
  • To improve security, make protocol asymmetric
  • No such attack on original protocol
  • Security principle let initiator prove its
    identity first

9
Using timestamps?
  • User sends time, MACK(time), server responds with
    MACK(time1)
  • What if they used encryption?
  • Vulnerabilities?
  • Symmetric protocol

10
Establishing a session key
  • Double challenge-response compute session key as
    FK(R2)
  • Secure against passive attacks if F is a
    pseudorandom permutation
  • Active attacks? And how to fix it

11
Public-key based
  • Include Epk(session-key) in protocol?
  • Encrypt session-key and sign the result?
  • No forward secrecy
  • Potentially vulnerable to replay attacks
  • User sends E(R1) server sends E(R2) session key
    is R1R2
  • Reasonable
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "CMSC 414 Computer and Network Security Lecture 17" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!