CryptographySecurity - PowerPoint PPT Presentation

1 / 49

About This Presentation

Title:

CryptographySecurity

Description:

will consider ... will consider Kerberos a private-key authentication (Password ... Used in S/MIME (Chap 15), IP security (Chap 16), SSL/TLS (Chap ... – PowerPoint PPT presentation

Number of Views:48

Avg rating:3.0/5.0

Slides: 50

Provided by: DrLawri1

Category:

more less

Transcript and Presenter's Notes

Title: CryptographySecurity

1
Chapter 14 Authentication APP.

14.1 Kerberos (Distributed authentication)
14.2 X.509 Authentication Service (CA) for
public keys

2
Authentication Applications

will consider authentication functions
developed to support application-level
authentication digital signatures
will consider Kerberos a private-key
authentication (Password-based) service
X.509 directory authentication service (CA) for
Public keys

3
14.1 Kerberos environment

Open distributed environment
Users at workstation wish to access services on
servers
Servers are distributed through the network
Servers restrict access to authorized users
Server authenticates requests of services

4
14.1 Environment
5
Possible attacks

Eavesdropping
Replay use the previously tapped messages to
gain access to the system at the later time
A user gains access to a workstation and pretend
(impersonate) to be another user operating from
the workstation
A user alters the network address of workstation
A to workstation B and sends messages that appear
to come from the impersonated workstation B

6
Goals of Kerberos

Secure Kerberos should withstand against the
above attacks
Reliable Kerberos employs a distributed
architecture, with one system to back up another
Transparent users are not aware that
authentication is happening. A user uses his
password to enter the system
Scalable supporting large numbers of servers and
clients

7
Kerberos 4

Use only secret-key cryptosystem, such as DES
Provide authentication service and
confidentiality (message privacy) gt (Recall
Chap7 and Chap11)
Two security servers (At the same workstation)
AS authentication server
TGS ticket-granting server
Thinking Why two servers ?
Management
Security (Withstanding Guessing attack)
Once per user logon session
Once per type service session

8
Ticket

An encrypted message TicketV issued by a security
server to a user A so that the user can use
TicketV to enter a service server V.
TicketV is encrypted with server Vs key KV.
Therefore, the user cannot know the content of
Ticket.
TicketVEKv(IDA, ADA, IDV, Lifetime, Kv,s)
IDA the name of user A
IDV the name of server V
ADA the address (IP) of the workstation that A
logs in
KAV the session key used by A and V
Lifetime the valid time of this ticket

9
Security server
Service server V
3. TicketV
1. Request service of V
2. TicketV
4. Grant/reject
User A
10
Overview of Kerberos

AS
Check validity of the password of a user A who
requests to login into the system
Issue a ticket-granting ticket Tickettgs of TGS
to A so that A can access TGS
TGS
Check validity of Tickettgs sent by user A
Process the service request from user A
Issue a service-granting ticket TicketV to A so
that A can access the service server V

11
Overview of Kerberos (cont.)

Service server V
Check validity of TicketV sent by user A
Grant/reject the service request by user A

12
(No Transcript)
13
Beyond-3G Our proposed system
14
Protocol-1 (Password-gt PKC certificate)
15
Protocol-2 (Password-gt PKC certificate)
16
Password

The user uses only his password to login.
The users password should not be transmitted
through the network in plaintext.
The password should not be used often. It would
be better to use it only once per logon session.
Guessing attacks

17
Message exchanges of Kerberos 4

Let C be the user who would like to login.
Let ADc be the address of the workstation that
the user use to login to the system
Messages exchanges of Kerberos 4
User C obtains a ticket-granting ticket with his
password
User C uses the ticket-granting ticket to obtain
a service-granting ticket, one for each type of
service
User C uses the service-granting ticket to obtain
the service that the service-granting ticket
authorizes.

18
To obtain ticket-granting ticket

1. C?AS IDCIDtgsTS1
2. AS ?C EKcKc,tgsIDtgsTS2Lifetime2Ticke
ttgswhere
TickettgsEKtgsKc,tgsIDcADcIDtgsTS2Li
fetime2
Note
1. If the user C does not know the password, he
cannot open the message sent from AS
2. TSs are time-stamps to prevent the replay
attack
3. Kc is the key derived from Cs password.
4. Kc,tgs is the session key between C and TGS

19
To obtain service-granting ticket

1. C?TGS IDvTickettgsAuthenticatorc
2. TGS ?C EKc,tgsKc,vIDvTS4Ticketv
where TicketvEKvKc,vIDcADcIDvTS4Lifeti
me4 TickettgsEKtgsKc,tgsIDcADcIDtg
sTS2Lifetime2 AuthenticatorcEKc,tgs
IDcADcTS3
Note
1. V is the service server.
2. Since TGS knows Ktgs, it can open Tickettgs
and then uses Kc,tgs to verify Authenticatorc

20
To obtain service

1. C?V TicketvAuthenticatorc
2. V ?C EKc,vTS51
where TicketvEKvKc,vIDcADcIDvTS4Lifeti
me4 AuthenticatorcEKc,vIDcADcTS5
Note
1. Since the service server V knows Kv, it can
open Ticketv and then uses EKc,v to verify
Authenticatorc.
2. User C authenticates V using EKc,vTS51.
3. It is mutual authentication.

21
Kerberos for different realms (Regions)
22
Kerberos for different realms-protocol

1. C?AS IDcIDtgsTS1
2. AS?C EKcKc,tgsIDtgsTS2Lifetime2Ticket
tgs
3. C?TGS IDtgsremTickettgsAuthenticatorc
4. TGS?C EKc,tgsKc,tgsremIDtgsremTS4Ticket
tgsrem
5. C?TGSrem IDvremTickettgsremAuthenticatorc
6. TGS?C EKc,tgsremKc,vremIDvremTS6Ticketv
rem
7. C?Vrem TicketvremAuthenticatorc

23
Kerberos 5

To correct some drawbacks in Kerberos 4
Kerberos 4 doubly encrypts the ticket
Kerberos uses a non-standard DES mode PCBC
The same ticket is used for a particular service
many times as long as the user stays on the same
logon session.
Password attack the attacker can mount the
password attack on the Kc that is derived from
the users password.

24
14.2 Authentication of public keys

Verification of a digital signature

KR Private key KU, KV Public key
Verification key
25
Authentication of public keys

Public key usage
Encryption

?
26
Recall Chap10 Distribution of public keys

1. Public announcement
2. Publicly available directory
3. Public-key authority
4. Public-key certificates
Note that Comparisons among four approaches.

27
Authentication of public keys

How does Bob know that the received key KUA (or
KVA) is valid, i.e., authentic, not revoked,
and not expired ?

28
Authentication of public keys

Off-line/on-line approach

Trusted agent T1
Trusted agent T
PKI (X.509) On-line
Trusted agent T2
Bob knows KVT
(Alice, KUA, Sig(KRT, Alice, KUA) )
(1)
(John, KUJ, Sig(KRT1, Alice, KUJ))
29
Directory service

Directory
A server or distributed set of servers that
maintains a database of information about users.
The database consists of user names and their
corresponding information, such as network
address (for email service, etc), public-key
certificate, etc.
ITU-T X.500 series define a directory service

30
X.509

Part of X.500 directory service
Based on public-key encryption and digital
signature
Provide public-key certificates of users
Define authentication protocols based on
public-key certificates
Used in S/MIME (Chap 15), IP security (Chap 16),
SSL/TLS (Chap 17), SET, etc.

31
CA (Certificate Authority)

A CA is a trusted server that issues
certificates.
CA X has a private signing key KRX and a
well-known verification key KVX corresponding to
KRX
There are a lot of CAs, usually arranged in the
tree structure

32
(No Transcript)
33
CA (Recall Domain Name Server)
34
Certificate

A certificate is issued by a CA X
A certificate of a user A consists of
The name of the issuer CA X
his/her public key KUA
the signature Sig(KRX, A, KUA) by the CA X
the expiration date
Range of application, such as, encryption/signatur
e

35
Certificate acquisition
Note CA does not know KRA
36
Certificate (cont.)

A certificate is put in the directory by the CA
or by the user so that every one can query its
data.
The directory does not create the public key. It
merely provides an easily accessible location for
users to obtain certificates.

37
Certificate format
38
Certificate format (cont.)

A real example

39
Certificate elements

Version currently v2 and v3
Serial number an integer value, unique with the
issuing CA.
Signature algorithm identifier the algorithm
used to sign the certificate together with
parameters
Issuer name X.500 name of the CA that created
and signed this certificate
Period of validity consist of two dates, the
first and last on which the certificate is valid

40
Certificate elements (cont.)

Subject name the name of the user
Subjects public-key information the public key
of the user, the system in which this key can be
used and parameters
Issuer unique identifier to identify the name of
the issuing CA in case of ambiguity occurred in
X.500
Extensions for other purposes (in V3)
Signature covers all of the other fields of the
certificate. It contains the hash code of the
other fields, encrypted with the CAs private
key. This field includes the signature algorithm
identifier.

41
Notations

CAltltAgtgtCAV, SN, AI, CA, TA, A, Ap
YltltXgtgt the certificate of user X issued by CA Y
YI the signing of I by Y. It consists of Y
with an encrypted hash code appended.
When user Z gets certificate YltltXgtgt and CA Ys
public key, he/she can verify the validity of
YltltXgtgt.

42
Verify certificates

To verify XltltBgtgt, one has to get the public key
of CA X and then verify this certificate.
X.509 uses Hierarchical structure to search the
appropriate verification key of the certificate.

43
X.509 hierarchy (Recall DNS)
44
X.509 hierarchy (cont.)