digest based authentication
play

Digest Based Authentication James Undery - Ubiquity Sanjoy Sen - - PowerPoint PPT Presentation

Nov 02, 2023 •138 likes •224 views

Digest Based Authentication James Undery - Ubiquity Sanjoy Sen - Nortel Networks Vesa Torvinen - Ericsson Digest Authentication SIP & RFC 2617 Its deployed today Its simple UAC to UAS UAC to proxy draft-undery-sip-auth-00 proxy

  1. Digest Based Authentication James Undery - Ubiquity Sanjoy Sen - Nortel Networks Vesa Torvinen - Ericsson

  2. Digest Authentication SIP & RFC 2617 It’s deployed today It’s simple UAC to UAS UAC to proxy draft-undery-sip-auth-00 proxy to UAS Bid-down protection Integrity protection Mutual authentication Suggested replay protection implementation

  3. What’s New proxy to UAS authentication UAS-Authenticate UAS-Authorization UAS-Authentication-Info 492 response Bid-down protection Prefixes added to nonces Protects scheme and quality of protection Doesn’t protect algorithms (See open issues)

  4. What’s New Mutual Authentication *-Authentication-Info non digest specific Integrity Complete one hop message integrity Negotiated header integrity With bid down protection

  5. Open issues (1/4) No algorithm protection If a hashing algorithm is broken (i.e. one of the following hold,) we need algorithm revocation given H(m) you can extract m given m and H(s+m) you can find n, st H(s+m) = H(s+n) Proposal - make limitation explicit, algorithm revocation is out of scope No negotiation of body integrity protection Proxies can’t alter message bodies Proposal - leave unchanged

  6. Open issues (2/4) No protection against weak passwords If a scheme uses a weak password / session key protection can be compromised Care should always be taken to match the strength of protection against the time you wish a secret to remain secret Proposal - make limitation explicit, the solution is out of scope 492 Mechanism requires UAC support UAS has already applied policy that could result in failure of this dialog Proposal - leave unchanged, explicitly note deficiency

  7. Open issues (3/4) Client side can’t initiate authentication Could include *-Authorization header or new header / Require option Require option only applies to target of challenge and generally a bad idea Can’t respond to responses in general Can immediately respond to tear-down dialog created by requests Only one server responding in a non 4xx/5xx/6xx manner will cause problems Proposal - make limitation explicit

  8. Open issues (4/4) Forking and response collation issues Can’t guarantee upstream entities see challenges Response collation oriented towards success Proposal - make limitation explicit

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
IT350 Web and Internet Programming SlideSet #18: HTTP Authentication

IT350 Web and Internet Programming SlideSet #18: HTTP Authentication

IT350 Web and Internet Programming SlideSet #18: HTTP Authentication http://www.httpwatch.com/httpgallery/authentication/ http://httpd.apache.org/docs/2.2/howto/auth.html Outline HTTP Basic Authentication HTTP Digest Authentication 1

349 views • 8 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
A Little Confusing Without [a block digest], one must query the offset digest with all

A Little Confusing Without [a block digest], one must query the offset digest with all

A Little Confusing Without [a block digest], one must query the offset digest with all possible offsets: although the extra space afforded by not having a block digest increases the accuracy of the offset digest, the testing of every offset

125 views • 9 slides
SY306 Web and Databases for Cyber Operations SlideSet #21: HTTP Authentication

SY306 Web and Databases for Cyber Operations SlideSet #21: HTTP Authentication

SY306 Web and Databases for Cyber Operations SlideSet #21: HTTP Authentication http://www.httpwatch.com/httpgallery/authentication/ http://httpd.apache.org/docs/2.2/howto/auth.html Outline HTTP Basic Authentication HTTP Digest

226 views • 8 slides
Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services

Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services

Overview Cryptography functions Secret key (e.g., DES) Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy: preventing unauthorized release of information Outline Authentication:

883 views • 5 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in

A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in

A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in Authentication Workshop (WAY) 2019 Nikita Samarin, Donald Sannella Traditional Passwords Most common mechanism of authenticating users online

251 views • 14 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
FAYETTE COUNTY, GEORGIA 2019 Property Tax Digest / Millage Rates PUBLIC HEARINGS AUGUST 15,

FAYETTE COUNTY, GEORGIA 2019 Property Tax Digest / Millage Rates PUBLIC HEARINGS AUGUST 15,

FAYETTE COUNTY, GEORGIA 2019 Property Tax Digest / Millage Rates PUBLIC HEARINGS AUGUST 15, 2019 2019 Tax Digest Changes 2018 Diges Digest $5,90 ,901,66 ,669,19 ,198 Growth th (D (Decr ecrease) ease) in in Diges Digest Re Real

420 views • 16 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Source: [5] Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter Pilgerstorfer 03.03.2015 1 Motivation Pairing without user interaction Traditional authentication E.g. enter/confirm shared PIN

270 views • 26 slides
Cyber Readiness Program Presented by: Henry Vido, Program Director, CRI Mohamed Mahdy,

Cyber Readiness Program Presented by: Henry Vido, Program Director, CRI Mohamed Mahdy,

Cyber Readiness Program Presented by: Henry Vido, Program Director, CRI Mohamed Mahdy, Information Technology & Administration Director, IBAG The Cyber Readiness Institute empowers small and medium- sized organizations with practical

262 views • 15 slides
Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb

Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb

Hash-Based Passwords Steve Bellovin h4ps://www.cs.columbia.edu/~smb smb 1 Problem Area Clients and servers frequently store plaintext passwords Used for

289 views • 9 slides
Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too

Defining Encryption (ctd.) Lecture 3 CPA/CCA security Computational Indistinguishability Pseudo-randomness, One-Way Functions Security of Encryption Security of Encryption Perfect secrecy (IND-Onetime security) is too strong (though too

1.36k views • 113 slides
Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Sardinia

Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Sardinia

Motivation Industry Academia Lightweight: 2nd Generation NIST Initiative Lightweight Block Cipher Design Gregor Leander HGI, Ruhr University Bochum, Germany Sardinia 2015 Motivation Industry Academia Lightweight: 2nd Generation NIST

1.4k views • 95 slides
Thermanator: Thermanator: Ercan Ozturk Gene Tsudik Thermal Residue Attacks Thermal Residue

Thermanator: Thermanator: Ercan Ozturk Gene Tsudik Thermal Residue Attacks Thermal Residue

5/25/2019 Tyler Kaczmarek Thermanator: Thermanator: Ercan Ozturk Gene Tsudik Thermal Residue Attacks Thermal Residue Attacks University of California, Irvine A Common Scenario: 1. You arrive at work (shared workspace) 2. Go to your desk

431 views • 15 slides
Wearable Computing Gabriel Reyes CS-HCI PhD Student School of Interactive Computing CS 4470 /

Wearable Computing Gabriel Reyes CS-HCI PhD Student School of Interactive Computing CS 4470 /

Wearable Computing Gabriel Reyes CS-HCI PhD Student School of Interactive Computing CS 4470 / CS 6456 W. Keith Edwards Quick Experiment How many forms of computing are you wearing today? (Dont count whats in your purse or

819 views • 60 slides
Ubiquitous computing CS 347 Michael Bernstein Announcements Abstract drafts due next Friday

Ubiquitous computing CS 347 Michael Bernstein Announcements Abstract drafts due next Friday

Ubiquitous computing CS 347 Michael Bernstein Announcements Abstract drafts due next Friday Project Ideas feedback to come You can iterate, pivot and ideate based on our feedback Dont feel compelled to go exactly with the ones we liked 2

721 views • 36 slides
Technology Shawn Hardin Co-founder & CEO, Mind Pirate Unni Narayanan

Technology Shawn Hardin Co-founder & CEO, Mind Pirate Unni Narayanan

Building Games for the Next Consumer Mega Trend: Wearable Technology Shawn Hardin Co-founder & CEO, Mind Pirate Unni Narayanan Co-founder & VP, Game Prod/Ops, Mind Pirate This Story We Know Well Computers Continue To

840 views • 29 slides

More recommend