Michigan State University - PowerPoint PPT Presentation

1 / 15
About This Presentation
Title:

Michigan State University

Description:

(We'll see that later with wireless security.) Michigan State University ... bootstrap their own application security off yours can be downright foolish. ... – PowerPoint PPT presentation

Number of Views:50
Avg rating:3.0/5.0
Slides: 16
Provided by: richard139
Category:

less

Transcript and Presenter's Notes

Title: Michigan State University


1
AndersonChapter 2
  • CSE 825

2
  • Theme protocols are hard
  • and are too often incorrect.
  • (Well see that later with wireless security.)

3
Replay Attack
  • U ? C P
  • U ? G P (Grabber)
  • G ? C P

4
Password GeneratorChallenge Response(used for
MSU student data)
  • S ? U N
  • U ? P N, PIN
  • P ? U N, PINK
  • U ? S N, PINK
  • S Server U User P Password Generator
  • What is a nonce ?
  • What is K?

5
MIG-in-the-Middle
Order?
6
Mafia-in-the-Middleassumes credit card digital
signature
  • Order?
  • using crypto keys (or other authentication
    mechanisms) in more than one application can be
    dangerous and letting other people bootstrap
    their own application security off yours can be
    downright foolish.

7
Basic Key ManagementAlice wants to talk to Bob
with help from Sam
  • A ? S A, B
  • S ? A A, B, KAB, T K_AS, A, B, KAB, T K_BS
  • A ? B A, B, KAB, T K_BS, M K_AB
  • Whats happening?
  • Why dont A B simply exchange a key?
  • What does this have to do with replay?

8
Needham-Schroeder Protocol (78)
  • A ? S A, B, NA
  • S ? A NA, B, KAB, KAB, A K_BS K_AS
  • A ? B KAB, A K_BS
  • B ? A NB K_AB
  • A ? B NB - 1K_AB
  • Whats a nonce? What is it for?
  • Bob assumes that KAB is fresh how do you exploit
    this vulnerability?
  • revocation is a problem Whats that?

9
  • Kerberos is a modification of Needham-Schroeder.

10
Kerberos
  • The Kerberos protocol uses strong cryptography so
    that a client can prove its identity to a server
    (and vice versa) across an insecure network
    connection. After a client and server has used
    Kerberos to prove their identity, they can also
    encrypt all of their communications to assure
    privacy and data integrity as they go about their
    business.

11
  • The name "Kerberos" comes from a mythological
    three-headed dog that guarded the entrance to
    Hades.

12
  • Many assume that a firewall makes them safe from
    attacks, however, statistics show that a large
    number of attacks happen from within a firewall.
  • Kerberos security also addresses this issue in
    the same way that it prevents outside attacks.
  • The way that this is accomplished is that
    passwords are not sent over the network in clear
    text making them unavailable to most sniffers and
    hacker tools.

13
  • First Alice logs on to authentication server
    using a password.
  • Kerberos server (S) provides KAS to Alice
  • Alice wants to talk to Bob.
  • A ? S A, B
  • S ? A TS, L, KAB, B, TS, L, KAB, A K_BS K_AS
  • A ? B TS, L, KAB, A K_BS , A, TA K_AB
  • B ? A TA 1 K_AB
  • Why (TA 1) ?
  • Why timestamps?
  • What vulnerability remains?
  • What about First Alice logs on ?

14
  • Check out Win2K Kerberos tutorial

15
Formal Verification
  • BAN logic is small,
  • the example proof is brief and elegant.
  • Limitations are
  • assumptions and
  • idealization.
  • Examples of how to crack tamper-resistant smart
    cards come later
Write a Comment
User Comments (0)
About PowerShow.com