protocols ii
play

Protocols II Computer Security Lecture 12 David Aspinall School of - PowerPoint PPT Presentation

Mar 13, 2024 •251 likes •989 views

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined

  1. Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011

  2. Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined key exchange and authentication Summary

  3. Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined key exchange and authentication Summary

  4. Introduction ◮ Previous lecture examined some simple protocols:

  5. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys

  6. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys

  7. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces

  8. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts:

  9. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication

  10. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication ◮ Challenge response with public keys

  11. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication ◮ Challenge response with public keys ◮ Authentication and key establishment

  12. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication ◮ Challenge response with public keys ◮ Authentication and key establishment ◮ Digital certificates

  13. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication ◮ Challenge response with public keys ◮ Authentication and key establishment ◮ Digital certificates ◮ More fun with nonces

  14. Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined key exchange and authentication Summary

  15. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as

  16. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as ◮ Minimal protocol using timestamps ; the “challenge” is implicit: Message 1. A → S : { T a , S } K as

  17. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as ◮ Minimal protocol using timestamps ; the “challenge” is implicit: Message 1. A → S : { T a , S } K as ◮ Nonces prevent replay of old messages

  18. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as ◮ Minimal protocol using timestamps ; the “challenge” is implicit: Message 1. A → S : { T a , S } K as ◮ Nonces prevent replay of old messages ◮ S is included inside the encrypted package to foil a reflection attack (impersonation of S to A).

  19. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as ◮ Minimal protocol using timestamps ; the “challenge” is implicit: Message 1. A → S : { T a , S } K as ◮ Nonces prevent replay of old messages ◮ S is included inside the encrypted package to foil a reflection attack (impersonation of S to A). ◮ Also, encrypting random strings can be risky: to prevent a chosen-text attack on the encryption scheme in the first case, A may include another random number in the encrypted package.

  20. Shared-key mutual authentication ◮ This protocol achieves mutual authentication using shared keys and nonces: Message 1. S → A : N s Message 2. A → S : { N s , N a , S } K as Message 3. S → A : { N a , N s } K as

  21. Shared-key mutual authentication ◮ This protocol achieves mutual authentication using shared keys and nonces: Message 1. S → A : N s Message 2. A → S : { N s , N a , S } K as Message 3. S → A : { N a , N s } K as ◮ The second nonce N a in message 2 serves both as a challenge for message 3 and to prevent chosen-text attacks. On receiving message 2, S checks N s was the nonce he issued in message 1, and that his name S is included in the encrypted package. He also recovers N a to send in message 3.

  22. Shared-key mutual authentication ◮ This protocol achieves mutual authentication using shared keys and nonces: Message 1. S → A : N s Message 2. A → S : { N s , N a , S } K as Message 3. S → A : { N a , N s } K as ◮ The second nonce N a in message 2 serves both as a challenge for message 3 and to prevent chosen-text attacks. On receiving message 2, S checks N s was the nonce he issued in message 1, and that his name S is included in the encrypted package. He also recovers N a to send in message 3. ◮ Mutual authentication may be obtained by running unilateral authentication twice, but that achieves something slightly weaker: the two authentications are not logically linked by the protocol (TOCTOU).

  23. Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined key exchange and authentication Summary

  24. Challenge-response with PK decryption ◮ Designing public-key based protocols is also subtle. For example, it’s important not to use a key-pair used for authentication for other purposes, since combining usages can compromise security. ◮ First PK approach: Alice demonstrates knowledge of a private key by decrypting a challenge . Message 1. S → A : h ( N s ) , S, { N s , S } K a Message 2. A → S : N s

  25. Challenge-response with PK decryption ◮ Designing public-key based protocols is also subtle. For example, it’s important not to use a key-pair used for authentication for other purposes, since combining usages can compromise security. ◮ First PK approach: Alice demonstrates knowledge of a private key by decrypting a challenge . Message 1. S → A : h ( N s ) , S, { N s , S } K a Message 2. A → S : N s ◮ Server Sam invents a nonce N s , and challenges Alice to discover it.

  26. Challenge-response with PK decryption ◮ Designing public-key based protocols is also subtle. For example, it’s important not to use a key-pair used for authentication for other purposes, since combining usages can compromise security. ◮ First PK approach: Alice demonstrates knowledge of a private key by decrypting a challenge . Message 1. S → A : h ( N s ) , S, { N s , S } K a Message 2. A → S : N s ◮ Server Sam invents a nonce N s , and challenges Alice to discover it. ◮ He sends a packet containing the nonce encrypted with her public key K a and a witness h ( N s ) , where h is a one-way hash function, which prevents chosen-text attacks.

  27. Challenge-response with PK decryption ◮ Designing public-key based protocols is also subtle. For example, it’s important not to use a key-pair used for authentication for other purposes, since combining usages can compromise security. ◮ First PK approach: Alice demonstrates knowledge of a private key by decrypting a challenge . Message 1. S → A : h ( N s ) , S, { N s , S } K a Message 2. A → S : N s ◮ Server Sam invents a nonce N s , and challenges Alice to discover it. ◮ He sends a packet containing the nonce encrypted with her public key K a and a witness h ( N s ) , where h is a one-way hash function, which prevents chosen-text attacks. ◮ Alice decrypts, and responds with N s only if the hash and name both match. When Sam sees his nonce N s returned, Alice is authenticated.

  28. Challenge-response with digital signatures ◮ Alice demonstrates knowledge of her signature private key by signing a challenge . Message 1. S → A : N s Message 2. A → S : N a , S, S A ( N a , N s , S ) ◮ Server Sam sends a nonce N s . Alice replies with a message containing her own nonce N a , the name S , and the signature for a message with both nonces and the name. She constructs the signature using her private signing function S A .

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport network Example client/server systems and link their application-level protocols: physical Application-Layer Protocols:

432 views • 10 slides
Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport Example client/server systems and network their application-level protocols: link physical Application-Layer Protocols

281 views • 13 slides
Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI model. 1 Layered Protocols (2) 2-2 A typical message as it appears on the network. Data Link Layer 2-3 Discussion between a receiver and a

577 views • 23 slides
4 Application Layer Protocols Device Management Protocols Application layer protocols offering

4 Application Layer Protocols Device Management Protocols Application layer protocols offering

EPFL, Spring 2017 4 Application Layer Protocols Device Management Protocols Application layer protocols offering remote services for large networks of devices: - Monitoring (health of devices and network, get current state) - Management

1.31k views • 93 slides
Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

The 1 st World Congress on Controversies in Hematology (COHEM) Rome, September, 2-5, 2010 Session 4. Acute Lymphoblastic Leukemia Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL? No No JM

990 views • 44 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
1 Pitfalls of Lock-Based Protocols (Cont.) The Two-Phase Locking Protocol The potential for

1 Pitfalls of Lock-Based Protocols (Cont.) The Two-Phase Locking Protocol The potential for

Concurrency Control Lock-Based Protocols Timestamp-Based Protocols Lecture 9 Concurrency Control Validation-Based Protocols Multiple Granularity Multiversion Schemes Deadlock Handling Chapter 16 Insert and Delete

780 views • 8 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
AW Central Lab - UCMR 3 Sampling Protocols Sampling Protocols Presenter: Cody Cruse Rev

AW Central Lab - UCMR 3 Sampling Protocols Sampling Protocols Presenter: Cody Cruse Rev

AW Central Lab - UCMR 3 Sampling Protocols Sampling Protocols Presenter: Cody Cruse Rev 01-22-13 Rpt Ver: andy 1/22/2013 2:23:35 PM 1 of 17 Agenda Review UCMR 3 Test Groups Sampling Protocols Storage and Transportation 2 Rpt

712 views • 17 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Consistency Protocols Description describe an implementation of a specific

Consistency Protocols Description describe an implementation of a specific

Consistency Protocols Description describe an implementation of a specific consistency model Classification Distributed Systems (ICE 601) primary-based protocols remote-write protocols Replication & Consistency

425 views • 4 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
Developing - Implementing - Enforcing New Protocols in a Health Club Environment DEVELOPING

Developing - Implementing - Enforcing New Protocols in a Health Club Environment DEVELOPING

Developing - Implementing - Enforcing New Protocols in a Health Club Environment DEVELOPING COVID-19 PROTOCOLS & GUIDELINES PROTOCOL RESEARCH + CREATION Wellness Partners + Hospital Network Patient room protocols for cleaning

751 views • 37 slides
Applications Lecture goal: Overview: conceptual + implementation specific protocols:

Applications Lecture goal: Overview: conceptual + implementation specific protocols:

Applications Lecture goal: Overview: conceptual + implementation specific protocols: aspects of network o http --- Web application protocols o ftp --- File transfer learn about protocols by examining popular o smtp --- Mail

419 views • 17 slides
Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where it s needed But they are

941 views • 67 slides
Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Find out More; Our people & our projects The Strategy The Fund The Omnibus Property Fund

Find out More; Our people & our projects The Strategy The Fund The Omnibus Property Fund

Find out More; Our people & our projects The Strategy The Fund The Omnibus Property Fund invests primarily in four types of real estate sectors; Residential, Commercial, Special Projects and Rentals. The primary investment focus is on

450 views • 17 slides
Issues in Assessment CA. Ashok Mehta D.R.Mehta & Associates. Ashok Mehta 1 ISSUES IN

Issues in Assessment CA. Ashok Mehta D.R.Mehta & Associates. Ashok Mehta 1 ISSUES IN

Issues in Assessment CA. Ashok Mehta D.R.Mehta & Associates. Ashok Mehta 1 ISSUES IN ASSESSMENT 1. Penny Stock 2. Cash Credit ( Loans & Share Premium)-Section 68 3. S 14A Disallowances 4. Cash Deposit during demonetisation 5.

1.05k views • 73 slides
Rule of Evidence under Income-tax Act, 1961 Assessment, Penalty and Prosecution proceedings

Rule of Evidence under Income-tax Act, 1961 Assessment, Penalty and Prosecution proceedings

Rule of Evidence under Income-tax Act, 1961 Assessment, Penalty and Prosecution proceedings (with special reference to alleged suspicious transactions in shares Penny Stocks) - Dr. K. Shivaram (Senior Advocate) (Part - I) - 1. Assessment

1.36k views • 107 slides
Fund Raising via Private I nstruments Private Placement A Genre for raising funds Ambit of

Fund Raising via Private I nstruments Private Placement A Genre for raising funds Ambit of

Fund Raising via Private I nstruments Private Placement A Genre for raising funds Ambit of Private Placement Section 42 read with Private Placement Rule 14 of the Companies (Prospectus and Allotment of Securities) Rules, 2014 Section 55

891 views • 57 slides
Cybersecurity PPP & ECSO Strategic Research Innovation Agenda Roberto G. Cascella Senior

Cybersecurity PPP & ECSO Strategic Research Innovation Agenda Roberto G. Cascella Senior

Cybersecurity PPP & ECSO Strategic Research Innovation Agenda Roberto G. Cascella Senior Policy Manager (ECSO Secretariat) European Industry Partnerships Collaborative Event 17 April 2019 Amsterdam (The Netherlands) Evolution of

369 views • 12 slides
Manufacturing Innovation Program COVID-19 CHALLENGE Spring 2020 Engaging PA Manufacturers PA

Manufacturing Innovation Program COVID-19 CHALLENGE Spring 2020 Engaging PA Manufacturers PA

Manufacturing Innovation Program COVID-19 CHALLENGE Spring 2020 Engaging PA Manufacturers PA Manufacturing Call to Action Portal Match manufacturers and distributors to fill specific supply chain needs to meet increasing demands for

145 views • 11 slides
Developing Mental Toughness Taught by the Harris Health Employee Wellness Team Healthy@Harris

Developing Mental Toughness Taught by the Harris Health Employee Wellness Team Healthy@Harris

Developing Mental Toughness Taught by the Harris Health Employee Wellness Team Healthy@Harris EmployeeWellness@harrishealth.org 713 -566-6686 1 Learning Objectives Define mental toughness Identify our emotional responses

338 views • 18 slides
Drought Response Plan Blackfoot Watershed Blackfoot Watershed ~ 1.5 million acres North Fork

Drought Response Plan Blackfoot Watershed Blackfoot Watershed ~ 1.5 million acres North Fork

Drought Response Plan Blackfoot Watershed Blackfoot Watershed ~ 1.5 million acres North Fork Continental Divide Clearwater River Rogers Pass Missoula Powell Lewis & Clark Bonner Forested Grasslands Nevada Creek Crop Alpine

617 views • 27 slides

More recommend