simple authentication protocols
play

Simple Authentication Protocols Prof. Tom Austin San Jos State - PowerPoint PPT Presentation

Dec 02, 2023 •35 likes •795 views

CS 166: Information Security Simple Authentication Protocols Prof. Tom Austin San Jos State University What is a Protocol? Rules for interaction, which can include: Human protocols e.g. raise your hand to ask a question

  1. CS 166: Information Security Simple Authentication Protocols Prof. Tom Austin San José State University

  2. What is a Protocol? Rules for interaction, which can include: • Human protocols – e.g. raise your hand to ask a question • Networking protocols – rules followed in network communication – HTTP, FTP, etc. • Security protocol – communication rules for a security app

  3. How do we tell if a protocol "works"? 1. What guarantees does the protocol provide? – Authentication – mutual authentication – key exchanged – and many more … 2. Assume that everything else works. – No flaws in the crypto – No flaws in the implementation – Secrets (e.g. keys) stay secret 3. Given the above, can you break the protocol

  4. Protocols • Protocol flaws can be very subtle • Several well-known security protocols have significant flaws – Including WEP, GSM, and IPSec • Implementation errors can occur – IE implementation of SSL • Not easy to get protocols right…

  5. Ideal Security Protocol • Must satisfy security requirements – Requirements need to be precise • Efficient – Small computational requirement – Small bandwidth usage, minimal delays… • Robust – Works when attacker tries to break it – Works even if environment changes • Easy to use & implement, flexible… • Difficult to satisfy all of these

  6. Secure Entry to NSA 1. Insert badge into reader 2. Enter PIN 3. Correct PIN? Yes? Enter No? Get shot by security guard

  7. ATM Machine Protocol 1. Insert ATM card 2. Enter PIN 3. Correct PIN? Yes? Conduct your transaction(s) No? Machine (eventually) eats card

  8. Identify Friend or Foe (IFF) Russian MIG Angola 2. E(N,K) SAAF Impala K 1. N Namibia K

  9. MIG in the Middle 3. N SAAF 4. E(N,K) Impala Angola K 2. N 5. E(N,K) 6. E(N,K) Russian MiG 1. N Namibia K

  10. Authentication Protocols

  11. Authentication • Alice must prove her identity to Bob – Alice and Bob can be humans or computers • May also require Bob to prove he’s Bob – mutual authentication • Probably need to establish a session key • May have other requirements, such as – Use public keys – Use symmetric keys – Use hash functions – Anonymity, plausible deniability, etc., etc.

  12. Authentication • Authentication on a stand-alone computer is relatively simple – Hash password with salt – “Secure path,” attacks on authentication software, keystroke logging, etc., can be issues • Authentication over a network is challenging – Attacker can passively observe messages – Attacker can replay messages – Active attacks possible (insert, delete, change)

  13. Simple Authentication “I’m Alice” Prove it My password is “frank” Bob Alice • Simple and may be OK for standalone system • But insecure for networked system – Subject to a replay attack (next 2 slides) – Also, Bob must know Alice’s password

  14. Authentication Attack “I’m Alice” Prove it My password is “frank” Bob Alice Trudy

  15. Authentication Attack “I’m Alice” Prove it My password is “frank” Trudy Bob • This is an example of a replay attack • How can we prevent a replay?

  16. Simple Authentication I’m Alice, my password is “frank” Bob Alice • More efficient, but… • … same problem as previous version

  17. Better Authentication “I’m Alice” Prove it h(Alice’s password) Bob Alice • Better since it hides Alice’s password – From both Bob and Trudy • But still subject to replay

  18. Challenge-Response • To prevent replay, use challenge-response – Goal is to ensure “freshness” • Suppose Bob wants to authenticate Alice – Challenge sent from Bob to Alice • Challenge is chosen so that… – Replay is not possible – Only Alice can provide the correct response – Bob can verify the response

  19. Nonce • To ensure freshness, can employ a nonce – Nonce == n umber used once • What to use for nonces? – That is, what is the challenge? • What should Alice do with the nonce? – That is, how to compute the response? • How can Bob verify the response? • Should we rely on passwords or keys?

  20. Challenge-Response “I’m Alice” Nonce h(Alice’s password, Nonce) Bob Alice q Nonce is the challenge q The hash is the response q Nonce prevents replay, ensures freshness q Password is something Alice knows q Note: Bob must know Alice’s pwd to verify

  21. Generic Challenge-Response “I’m Alice” Nonce Something that could only be Bob from Alice (and Bob can verify) Alice • In practice, how to achieve this? • Hashed password works, but… • Encryption is better here (Why?)

  22. Symmetric Key Notation • Encrypt plaintext P with key K C = E(P,K) • Decrypt ciphertext C with key K P = D(C,K) • Here, we are concerned with attacks on protocols, not attacks on crypto – So, we assume crypto algorithms are secure

  23. Authentication: Symmetric Key • Alice and Bob share symmetric key K • Key K known only to Alice and Bob • Authenticate by proving knowledge of shared symmetric key • How to accomplish this? – Cannot reveal key, must not allow replay (or other) attack, must be verifiable, …

  24. Authentication with Symmetric Key “I’m Alice” R E(R,K) Bob, K Alice, K q Secure method for Bob to authenticate Alice q Alice does not authenticate Bob q So, can we achieve mutual authentication?

  25. Mutual Authentication? “I’m Alice”, R E(R,K) E(R,K) Alice, K Bob, K • What’s wrong with this picture? • “Alice” could be Trudy (or anybody else)!

  26. Mutual Authentication • Since we have a secure one-way authentication protocol… • The obvious thing to do is to use the protocol twice – Once for Bob to authenticate Alice – Once for Alice to authenticate Bob • This has got to work…

  27. Mutual Authentication “I’m Alice”, R A R B , E(R A , K) E(R B , K) Bob, K Alice, K • This provides mutual authentication… • …or does it? See the next slide

  28. Mutual Authentication Attack 1. “I’m Alice”, R A 2. R B , E(R A , K) 5 . E ( R , K ) B Bob, K Trudy 3. “I’m Alice”, R B 4. R C , E(R B , K) Bob, K Trudy

  29. Mutual Authentication • Our one-way authentication protocol is not secure for mutual authentication – Protocols are subtle! – The “obvious” thing may not be secure • Also, if assumptions or environment change, protocol may not be secure – This is a common source of security failure – For example, Internet protocols

  30. Symmetric Key Mutual Authentication “I’m Alice”, R A R B , E(“Bob”,R A ,K) E(“Alice”,R B ,K) Bob, K Alice, K • Do these “insignificant” changes help? • Yes!

  31. Public Key Notation • Encrypt M with Alice’s public key: {M} Alice • Sign M with Alice’s private key: [M] Alice • Then – [{M} Alice ] Alice = M – {[M] Alice } Alice = M • Anybody can use Alice’s public key • Only Alice can use her private key

  32. Public Key Authentication “I’m Alice” {R} Alice R Bob Alice • Is this secure? • Trudy can get Alice to decrypt anything! – So, should have two key pairs

  33. Public Key Authentication “I’m Alice” R [R] Alice Bob Alice • Is this secure? • Trudy can get Alice to sign anything! – Same as previous ¾ should have two key pairs

  34. Public Keys • Generally, a bad idea to use the same key pair for encryption and signing • Instead, should have… – …one key pair for encryption/decryption… – …and a different key pair for signing/verifying signatures

  35. Session Key • Usually, a session key is required – I.e., a symmetric key for a particular session – Used for confidentiality and/or integrity • How to authenticate and establish a session key (i.e., shared symmetric key)? – When authentication completed, want Alice and Bob to share a session key – Trudy cannot break the authentication… – …and Trudy cannot determine the session key

  36. Authentication & Session Key “I’m Alice”, R {R,K} Alice {R+1,K} Bob Bob Alice • Is this secure? – Alice is authenticated and session key is secure – Alice’s “nonce”, R, useless to authenticate Bob – The key K is acting as Bob’s nonce to Alice • No mutual authentication

  37. Public Key Authentication and Session Key “I’m Alice”, R [R,K] Bob [R +1,K] Alice Bob Alice • Is this secure? – Mutual authentication (good), but… – … session key is not secret (very bad)

  38. Public Key Authentication and Session Key “I’m Alice”, R {[R,K] Bob } Alice {[R +1,K] Alice } Bob Bob Alice • Is this secure? • Seems to be OK • Mutual authentication and session key!

  39. Public Key Authentication and Session Key “I’m Alice”, R [{R,K} Alice ] Bob [{R +1,K} Bob ] Alice Bob Alice • Is this secure? • Seems to be OK – Anyone can see {R,K} Alice and {R +1,K} Bob

  40. Protocol Lab

  41. “I’m Alice”, R E(R, K AB ) E(R+1, K AB ) Alice Bob Note that K AB is a shared symmetric key used only for mutual authentication. 1. Find 2 attacks Trudy can use to convince Bob that she is really Alice. 2. Fix this protocol so that it is secure.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Authentication Establish and verify identity allow access to resources Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the

228 views • 10 slides
Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2

Designing Low-Cost Untraceable Authentication Protocols for RFID Dave Singele IFIP WG 11.2 Seminar Istanbul June 07, 2010 Outline of the talk n Introduction n RFID authentication protocols n Security requirements n Privacy requirements n

344 views • 31 slides
Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined

989 views • 73 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation

WPA and RSN Authentication Protocols Sean Kugele CS 6204, Spring 2005 1 Motivation Weaknesses in the WEP protocol 1. No protection against message tampering 2. Incorrect usage of an encryption algorithm 3. Replayable authentication

519 views • 24 slides
Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as

Distributed Systems Authentication Protocols Paul Krzyzanowski pxk@cs.rutgers.edu Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License. Page 1 Page 1 Authentication

799 views • 59 slides
A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with

A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with

A Syntactic Criterion for Injectivity of Authentication Protocols Cas Cremers joint work with Sjouke Mauw and Erik de Vink ccremers@win.tue.nl Cas Cremers, July 15, 2005 A Syntactic Criterion for Injectivity of Authentication Protocols - p.

391 views • 36 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
Authentication made simple Investor Presentation May 14, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation May 14, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation May 14, 2020 (Nasdaq: IDN) Authentication made simple Proprietary and Confidential SAFE HARBOR STATEMENT Certain statements in this presentation constitute forward-looking

278 views • 24 slides
Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

809 views • 49 slides
Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur

Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur

Cryptographic Protocols: Making the Network Secured Debdeep Mukhopadhyay IIT Kharagpur Protocols Key Agreement Authentication: Group Authentication Key Agreement and Authentication Key Agreement and authentication with key

411 views • 9 slides
Authentication made simple Investor Presentation April 3, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation April 3, 2020 (Nasdaq: IDN)

Authentication made simple Investor Presentation April 3, 2020 (Nasdaq: IDN) Authentication made simple Proprietary and Confidential SAFE HARBOR STATEMENT Certain statements in this presentation constitute forward-looking

720 views • 23 slides
Security II: Web authentication Such text-based protocols can be demonstrated via generic TCP

Security II: Web authentication Such text-based protocols can be demonstrated via generic TCP

Hyper Text Transfer Protocol (HTTP) version 0.9 With HTTP, a client (web browser) contacts a server on TCP port 80, sends a request line and receives a response file. Security II: Web authentication Such text-based protocols can be

383 views • 7 slides
Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Two factor authentication Open, trustworthy and enterprise ready Two factor authentication

Version 1.0 Cornelius Klbel (corny@cornelinux.de) May 2014 (CC BY-NC-SA 4.0) Everybody knows that a password - be it simple or even complex - is a potential vulnerability. Two factor authentication is the way to authenticate a user not only

400 views • 5 slides
Motion-based Approach for BBC Rushes Structuring and Characterization Chong-Wah Ngo , Zailiang

Motion-based Approach for BBC Rushes Structuring and Characterization Chong-Wah Ngo , Zailiang

Motion-based Approach for BBC Rushes Structuring and Characterization Chong-Wah Ngo , Zailiang Pan Department of Computer Science City University of Hong Kong BBC Rushes n Rushes Unedited videos Similar to home videos, but with better

731 views • 28 slides
Thermostat? Where do you set your thermostat? Revelation 3: 15-17 I know thy works,

Thermostat? Where do you set your thermostat? Revelation 3: 15-17 I know thy works,

Where Do You Set Your Thermostat? Where do you set your thermostat? Revelation 3: 15-17 I know thy works, that thou art neither cold nor hot: I would thou wert cold or hot. So then because thou art lukewarm, and neither cold nor

564 views • 32 slides
What is the purpose of the TBT Agreement (in a nutshell)? Friday, 10 May 2013 Summary Questions

What is the purpose of the TBT Agreement (in a nutshell)? Friday, 10 May 2013 Summary Questions

What is the purpose of the TBT Agreement (in a nutshell)? Friday, 10 May 2013 Summary Questions 1 What are legitimate objectives under the TBT Agreement and is there a difference with SPS? Friday, 10 May 2013 Summary Questions 2

422 views • 10 slides
Next generation genomic analysis for next generation healthcare GENOMIC SEQUENCING | RAPIDLY

Next generation genomic analysis for next generation healthcare GENOMIC SEQUENCING | RAPIDLY

Next generation genomic analysis for next generation healthcare GENOMIC SEQUENCING | RAPIDLY FALLING PRICES 2003 2018 In 1990, Congress established funding for the Human Genome Project. The project ended up costing about $2.7 billion in FY

389 views • 27 slides
Software Development Processes The Processes Software Development Process: a Waterfall

Software Development Processes The Processes Software Development Process: a Waterfall

Software Development Processes The Processes Software Development Process: a Waterfall defined by Royce (seventies) structured and progressive refinement Introduced to address the software from idea to an actual system

433 views • 32 slides
SWEN 256 Software Process & Project Management Start Project End Planning

SWEN 256 Software Process & Project Management Start Project End Planning

SWEN 256 Software Process & Project Management Start Project End Planning Enter Phase/ Exit Phase/ Initiating Closing Start Project Close Project Executing Monitoring and Controlling

409 views • 20 slides
Lecture 17: Dependency Grammar Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center

Lecture 17: Dependency Grammar Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center

CS447: Natural Language Processing http://courses.engr.illinois.edu/cs447 Lecture 17: Dependency Grammar Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Lecture 17: Dependency Parsing Part 1: Dependency Grammar CS447

1.19k views • 59 slides
Lecture 19: Dependency Grammars and Dependency Parsing Julia Hockenmaier juliahmr@illinois.edu

Lecture 19: Dependency Grammars and Dependency Parsing Julia Hockenmaier juliahmr@illinois.edu

CS447: Natural Language Processing http://courses.engr.illinois.edu/cs447 Lecture 19: Dependency Grammars and Dependency Parsing Julia Hockenmaier juliahmr@illinois.edu 3324 Siebel Center Todays lecture Dependency Grammars Dependency

792 views • 54 slides

More recommend