authentication and secure communication
play

Authentication and Secure Communication Jeff Chase Duke University - PowerPoint PPT Presentation

Nov 09, 2022 •588 likes •1.19k views

Authentication and Secure Communication Jeff Chase Duke University technology people Where are the boundaries of the system that you would like to secure? Where is the weakest link? What happens when the weakest link fails? The First

  1. Authentication and Secure Communication Jeff Chase Duke University

  2. technology people Where are the boundaries of the “system” that you would like to secure? Where is the weakest link? What happens when the weakest link fails?

  3. The First Axiom of Security • “Security is at least as much a social problem as it is a technical problem.” – Translation: humans are the weak link. • We will focus on the technical elements, but do not lose sight of the social dimension. – Keys left in lock – Phishing – Executable attachments – Trojan software – Post-it passwords – Bribes, torture, etc. – Etc.

  4. Exhibit A This is a picture of a $2.5B move in the value of Emulex Corporation, in response to a fraudulent press release by short-sellers through InternetWire in 2000. The release was widely disseminated by news media as a statement from Emulex management, but media failed to authenticate it. EMLX [reproduced from clearstation.com ]

  5. “Humans are incapable of securely storing high-quality cryptographic keys, and they have unacceptable speed and accuracy when performing cryptographic operations. (They are also large, expensive to maintain, difficult to manage, and they pollute the environment.) It is astonishing that these devices continue to be manufactured and deployed. But they are sufficiently pervasive that we must design our protocols around their limitations.” - Kaufman, Perlman, and Speciner As quoted in:

  6. Trusted vs. Trustworthy (NSA) • Trusted – A component that can break the security policy if it fails. (“It has power.”) – Integrity cannot be verified by external observation. (“You can’t tell if it breaks”.) • Trustworthy – A component that is unlikely to fail. • Trusted Computing Base (TCB) – The minimal core of a computer system that is trusted, and so must be trustworthy if the system is to remain safe.

  7. Questions and Answers #1 • Who is the sender? – Authentication • Is the sender allowed to do this? – Authorization • Is this really what the sender said? – Integrity • Could anyone else have intercepted it? – Privacy

  8. Questions and Answers #2 • Authentication? – Challenge/response: passwords, certificates – A subject bound to a strong identity is a principal. • Authorization? – Access control lists or capabilities (ticket/token) • Integrity? – Message digests and digital signatures • Privacy – Encryption (provides integrity too) All of these require some form of a shared secret or shared trust in a third party, or both.

  9. Security Cryptography Security algorithms services Secret Public Message Privacy Authentication Message key key digest integrity (e.g., DES) (e.g., RSA) (e.g., MD5)

  10. Familiar names for the protagonists in security protocols Alice First participant Bob Second participant Carol Participant in three- and four-party protocols Dave Participant in four-party protocols Eve Eavesdropper Mallory Malicious attacker Sara A server

  11. Cryptography for Busy People • Encrypt and Decrypt functions – M = Decrypt(Encrypt(M) – Standard and efficient enough to be practical. • Crypto functions are parameterized by keys. – Fixed-width “random” value. – Everybody has their own key(s) or key pair(s). – “Computationally infeasible” to decrypt without the key. – Key length really matters. • Two fundamental variants: – Public-key or asymmetric crypto (e.g., RSA) – Secret-key, private-key, symmetric crypto (e.g., DES) • Foundation of many/all security mechanisms.

  12. Using Crypto: the Basics • Privacy – Attacker cannot read encrypted data. • Integrity – Encrypt a hash/checksum/digest of the message. • Authentication – Challenge-response with a nonce • “number used once” – Receiver encrypts the nonce and sends it back. • Proves it possesses the matching key. – Nonces can be timestamps, serial numbers, etc. to prevent replay attacks.

  13. Symmetric Crypto • “Secret key” or “private key” cryptography. – DES, 3DES, DESX, IDEA, AES • Sender and receiver must possess a shared secret – Shared key K • Message M, Key K {M} K = Encrypt(M, K) M = Decrypt({M} K , K)

  14. Asymmetric Crypto • Sometimes called “public key” cryptography. • Each subject/principal possesses a keypair: K -1 and K – Decrypt(K, Encrypt(K -1 , M)) = M • Given Encrypt(K -1 , M), cannot compute M without K. • Given M and Encrypt(K -1 , M), cannot compute K or K -1 • Given x, cannot compute y such that Decrypt(K, y) = x, unless you know K -1 . • Each principal keeps one key private. • The inverse key may be public. • Either key can be used to encrypt/decrypt.

  15. Pros and Cons Symmetric crypto (DES, AES, …) – Pro: cheap and easily supported by hardware – Con: need a shared secret. • Shared secrets are harder to keep secret. • key distribution problem Asymmetric crypto (Diffie-Hellman, RSA) – Con: expensive – Pro: no need for a shared secret • The recipient just needs to know sender’s public key. • Multicast or broadcast? Message storage? No problem. • Solves the private-key distribution problem – Con: introduces a new public-key distribution problem

  16. Figure 7.3 Cryptography notations Alice’s secret key K A K B Bob’s secret key Secret key shared between Alice and Bob K AB Alice’s private key (known only to Alice) K Apriv Alice’s public key (published by Alice for all to read) K Apub { M } Message M encrypted with key K K [ M ] K Message M signed with key K

  17. Performance of encryption and secure digest algorithms Key size/hash size Extrapolated PRB optimized (bits) speed (kbytes/s) (kbytes/sec.) TEA 128 700 - DES 56 350 7746 Triple-DES 112 120 2842 IDEA 128 700 4469 RSA 512 7 - RSA 2048 1 - MD5 128 1740 62425 SHA 160 750 25162

  18. Better Together, Part 1 • Use asymmetric crypto just to “handshake” and establish a secret session key. • Converse with the efficiency of symmetric crypto. • Example: Secure Sockets Layer (SSL) or Transport-Layer Security (TLS), used in HTTPS. • End-to-end security above TCP. “SYN, etc.” “My public key is K.” “Let’s establish a session key: {S} K .” Server Client {M} S …

  19. SSL is not so simple… • How do we know who we are talking to? – Do we care? Somebody does… • How do we prevent replays of encrypted content? • SSL/TLS uses this basic handshake protocol, but there are many other aspects: – Nonces, serial numbers, timestamps – Hashes and MACs – Certificates – More on this later…

  20. Secure Hash / Message Digest • Well-known, standard, hash functions digest = h(M). – MD5, SHA1 – Very efficient to compute. – Digest is a small, fixed-width quantity: i.e., it is a hash. • Often called a fingerprint or cryptographic checksum. – Collision-resistant • There exist distinct M 1 and M 2 such that h(M 1 ) == h(M 2 ). • Such collisions are “hard” to find. – One way • Given digest, cannot generate an M with h(M) == digest. – Secure • The digest does not help to discover any part of M.

  21. Messages with both Authenticity and Secrecy • How does A send a message x to B with: – Authenticity (B knows that only A could have sent it) – Secrecy (A knows that only B can read the message) 1. A Transmits the following message x – {{ x }K A -1 }K B 2. What if x is large (performance concerns)? – A transmits K A to B, B transmits K B to A – A picks J A , transmits {J A }K B to B – B picks J B , transmits {J B }K A to A – Each computes secret key, K sk = Hash(J A , J B ) – A transmits {x}K sk to B [Vahdat]

  22. Digital Signatures • How can the sender/writer A of M allow any receiver to verify or prove that A sent/stored M? – authenticity • Digital signature using asymmetric crypto, e.g., RSA. – A computes digest h(M) – A computes signature {h(M)} K and appends to M. • Encrypted with A’s private key K. – Receiver decrypts digest using A’s public key K -1 – Receiver computes h(M) and compares to digest. • Digital signatures are “unforgeable” and “non-repudiable”. – Unlike physical signatures, they are bound to a particular message or document. – Legally binding in the US.

  23. Digital signatures with public keys M signed doc {h} Kpri H(M) h E(K pri , h) Signing M 128 bits {h} Kpri h' D(K pub ,{h}) Verifying M h = h'? h H(doc)

  24. Low-cost signatures with a shared secret key M signed doc H(M+K) h Signing Message authentication M K code (MAC) • Pro: fast • Con: repudiable • Con: shared secret M h Verifying h = h'? h' H(M+K) K

  25. Public Key Distribution • The “key” challenge today is public key distribution (and revocation). • Approach #1: trust e-mail/web (i.e., assume DNS and IP really go where you want, and authenticate the source.) – Example: PGP, GPG, “pretty good”…or do it in person. • Approach #2 : use a Public Key Infrastructure (PKI) – Requires everyone to agree on a central point of trust (Certifying Authority or CA). – Difficult to understand and deploy. – Hierarchy helps. • Approach #3: “web of trust” in which parties establish pairwise trust and endorse public keys of third parties. – Local example: SHARP. Involves transitive trust.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Authentication and technology Secure Communication people Jeff Chase Duke University Where

Authentication and technology Secure Communication people Jeff Chase Duke University Where

Authentication and technology Secure Communication people Jeff Chase Duke University Where are the boundaries of the system that you would like to secure? Where is the weakest link? What happens when the weakest link fails? The First

574 views • 10 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
Formal security analysis of authentication in an asynchronous communication model Bsc thesis

Formal security analysis of authentication in an asynchronous communication model Bsc thesis

Formal security analysis of authentication in an asynchronous communication model Bsc thesis presentation Jacob Wahlgren & Sam Hedin June 18 KTH 1 Outline Introduction Background Secure Data Sharing Methods Results Owner event

1.71k views • 124 slides
Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author:

Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author:

IETF94 2 Nov. 2015 Yokohama SDNRG WG Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author: www.huawei.com Hosnieh Rafiee Ietf{at}rozanak.com Motivation Problem: secure SDN authentication,

546 views • 10 slides
Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key

Secure Communication Secure Communication Lecture 14 Wrap-Up We saw... Symmetric-Key Components SKE, MAC Public-Key Components PKE, Digital Signatures Building blocks: Block-ciphers (AES), Hash-functions (SHA-3), Trapdoor PRG/OWP for PKE

1.07k views • 72 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with

Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with

Quantum secure message authentication via blind-unforgeability Christian Majenz Joint work with Gorjan Alagic, Alexander Russell and Fang Song QCrypt 2018, Shanghai, China Message authentication Alice Bob m Message authentication Alice Bob

1.3k views • 68 slides
Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser

Requirements for Secure Device Authentication Iden&ty in the browser workshop, 24-25 May 2011, Mountain View Mark Watson, Mitch Zollinger, Wesley Miaw 1

327 views • 9 slides
1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

1 Symmetric algorithm Public key algorithm Secret key public key and private key C 1 = E

Cryptography security Cryptography may be a component of a secure system Cryptographic Systems Adding cryptography may not make a Authentication & Communication system secure Protocols Paul Krzyzanowski Distributed Systems

753 views • 23 slides
Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message Transmission Schemes Yvo Desmedt 1 , 2 Stelios Erotokritou 1 Reihaneh Safavi-Naini 3 1 Department of Computer Science University College London, UK 2

459 views • 33 slides
Scaling Pseudonymous Authentication for Large Mobile Systems ACM WiSec19, May 17, 2019

Scaling Pseudonymous Authentication for Large Mobile Systems ACM WiSec19, May 17, 2019

Scaling Pseudonymous Authentication for Large Mobile Systems ACM WiSec19, May 17, 2019 Mohammad Khodaei, Hamid Noroozi, and Panos Papadimitratos Networked Systems Security Group www.eecs.kth.se/nss 1 / 29 Secure Vehicular Communication

597 views • 32 slides
Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand

Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand

Migration towards a more secure authentication in the Session Initiation Protocol Lars Strand Wolfgang Leister Alan Duric The Fifth International Conference on Emerging Security Information, Systems and Technologies (SECURWARE 2011) 21-27

805 views • 21 slides
Secure SDN Authentication (DNS based PKI model) Author: www.huawei.com Hosnieh Rafiee

Secure SDN Authentication (DNS based PKI model) Author: www.huawei.com Hosnieh Rafiee

IETF93 22 July 2015 Prague SDNRG WG Secure SDN Authentication (DNS based PKI model) Author: www.huawei.com Hosnieh Rafiee Ietf{at}rozanak.com Summary Problem: No flexibly for PKI model Solution: Combination of DANE, DNSSEC and

341 views • 13 slides
1 2 Security Authentication Principles 3 4 Hypertext Transfer Cryptography Protocol Secure

1 2 Security Authentication Principles 3 4 Hypertext Transfer Cryptography Protocol Secure

Chapter 18 1 2 Security Authentication Principles 3 4 Hypertext Transfer Cryptography Protocol Secure (HTTPS) 5 6 Security Best Common Practices Threat Vectors 7 Summary Fundamentals of Web Development - 2 nd Ed. Randy Connolly

603 views • 14 slides
Quantum-Secure Message Authentication Codes Dan Boneh and Mark

Quantum-Secure Message Authentication Codes Dan Boneh and Mark

Quantum-Secure Message Authentication Codes Dan Boneh and Mark Zhandry Stanford University 1/19 Classical Chosen Message Attack (CMA) m i i = S ( k, m i )

658 views • 19 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists

Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists

Gursharan Singh Tatla 27-Mar-2011 Data Link Layer in Internet We know that Internet consists of individual systems that are connected to each other. SLIP and PPP Basically, it is wide are network that is built up from point-to-point

412 views • 4 slides
Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da

Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da

WNP-MPR-Sec 1 Wireless Networks and Protocols MAP-TELE Jaime Dias, Manuel Ricardo Faculdade de Engenharia da Universidade do Porto WNP-MPR-Sec 2 Topics Scheduled for Today Authentication and access control Security basic

775 views • 49 slides
the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26,

the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26,

AAA Support by the RADIUS and the Diameter Protocol Ahana Mallik Department of Informatics University of Zurich May 26, 2016 Overview 1. Authentication, Authorization and Accounting (AAA). 2. AAA Services, Protocols and Architecture. 3.

1.7k views • 40 slides
VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private

VPN Virtual Private Network Computer Center, CS, NCTU What is VPN Extension of a private network that encompasses links across shared or public networks like the Internet. Enable to send data between two computers across a shared or

942 views • 19 slides
SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and

SSH, SSL, and IPsec: wtf? Eric Rescorla RTFM, Inc. ekr@rtfm.com Eric Rescorla SSH, SSL, and IPsec 1 What are we trying to accomplish? Alice, Bob want to talk to each other But theyre worried about attack How do you know

1k views • 56 slides
Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs

Overview Basic Principles Access Control Methodologies Controls Access Control Designs Access Control Administration Accountability Chapter 2 Access Control Models Identification and Authentication Methods Lecturer:

708 views • 9 slides
Messaging Layer Security The Beginning Richard Barnes , Benjamin Beurdouche, Karthik Bhargavan,

Messaging Layer Security The Beginning Richard Barnes , Benjamin Beurdouche, Karthik Bhargavan,

Messaging Layer Security The Beginning Richard Barnes , Benjamin Beurdouche, Karthik Bhargavan, Katriel Cohn-Gordon, Cas Cremers, Jon Millican, Emad Omara, Eric Rescorla, Raphael Robert RWC 2019, San Jose, CA YOUR NAME / LOGO HERE Objectives

673 views • 33 slides
Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g ,

handshake 1 Security Handshake Pitfalls Slide 1 Login with Shared Secret: Variant 1 B: R , A: K f R g , where K fg can be hash AB authentication not mutual connection hijacking off-line password attack compromise of database

424 views • 16 slides

More recommend