Network Security

1
Network Security

• Chapter 2. Network Security Protocols

2
Objectives

• Key Establishment Technique
• Key Authentication
• Authenticated Key Establishment Protocol
• Key generation in SKC
• Kerberos Key generation in SKC
• Key Establishment in PKC
• Authentication Protocols
• Security of password
• Authentication using SKC
• Authentication using PKC

3
Introduction

• The three important aspect of network security
• authentication, encryption, message
  authentication
• Key Central to the idea of cryptography.
• Some definitions related to key.
• key establishment a process or protocol where
  by a shared secret becomes available to two or
  more parties, for subsequent cryptographic use.

4
Key establishment technique

• Key transport a key establishment technique
  where one party creates or otherwise obtains a
  secret value, and securely transfers it to the
  other(s).
• Key agreement a key establishment technique in
  which a shared secret is derived by two (or more)
  parties as a function of information contributed
  by, or associated with, each of these, (ideally)
  such that no part can predetermine the resulting
  value.

5
Key establishment technique

• Key pre-distribution
• key establishment protocols whereby the
  resulting established keys are completely
  determined apriori by initial keying material.
• Dynamic key establishment
• the key is established by a fixed pair (or
  group) of users varies on subsequent executions.
  Also referred to as session key establishment

6
Key authentication

• Key authentication the property whereby one
  party is assured that no other party asides from
  a specifically identified second party( and
  possibly additional identified trusted parties)
  may gain access to a particular secret key.
• It need not involve any action whatsoever by the
  second party. For this reason, it is some times
  referred to more precisely as (implicit) key
  authentication.
• Key conformation the property whereby one party
  is assured that a second (possibly unidentified)
  party actually has possession of particular
  secret key.
• Explicit key authentication the property
  obtained when (implicit) key authentication and
  key conformation hold.

7
Authentication Summary
Authentication term Central focus
authentication Depends on context of usage
Entity authentication Identity of a party, and aliveness at a given instant
Data origin authentication Identity of the source of data
(implicit) key authentication Identity of party which may possibly share a key
Key conformation Evidence that a key is possessed by some party
Explicit key authentication Evidence an identified party possesses a given key
8
Authenticated key establishment protocol

• Authentication protocol to provide to one
  party some degree of assurance regarding the
  identity of another with which it is purportedly
  communicating
• Key establishment protocol to establish a
  shared secret.
• Authenticated key establishment protocol to
  establish a shared secret with a party whose
  identity has been (or can be) collaborated.

9
Key Generation in SKC

• Requirement for a SKC
• - random and long enough to deter a brute
  force attack.
• - practical key size AES 128, 192, 256
  bits
• Key distribution in SKC
• - For a network with n nodes, each nodes wish
  to talk securely to every other node. How many
  keys would this require?
• n 50 ? 1,225 keys
• n 250 ? 31,125 keys

10
Key Generation in SKC

• Solutions for key distribution in SKC
• Key distribution center (KDC)
• KDC stores keys for all nodes in the network
• Each node in the network is configured with only
  one key
• How does it work?
• 1) Alice ? KDC request session key for
  Bob.
• 2) KDC ? B, A send same session key

11
Kerberos Key Generation in SKC

• Entity authentication and session key generation
• Based on Needham-Schroeder protocol
• Drawback
• Bottleneck
• single point of failure

12
Key Establishment in PKC

• Public key Cryptography
• - each entity (public key, private key)
  pair.
• - Certificate Authority(CA)
• - trusted third party certifying the
  owner of a public key
• - combine public key with entitys
  identity.
• - issue certificate Alices public key
  is Kwa
• SignPCA(
  hash(Alices public key is Kwa))
• - provide certificate verification service

13
Diffie-Hellman Key Exchange
Remember DHP !!!
14
Man-in-the-middle attack against Diffie-Hellman

• Alice and Bob think they are talking each
  other.
• Eve impersonate Alice and Bob to Bob and Alice
  respectively.

15
Enhanced Diffie-Hellman Key Exchange

• Static Diffie Hellman
• - g, n is fixed,
• - CA ? Alice
• - CA ? Bob
• Dynamic Diffie-Hellman
• - g, n ephemeral (established dynamically)
• - CA ? Alice
• - CA ? Bob

16
RSA

• RSA encryption

See the chap. 8 of handbook!!
17
RSA

• RSA signing

18
RSA based cryptographic schemes

• PKCS1
• homomorphic property of basic RSA
• RSA based cryptographic schemes
• see this for security analysis

19
Authentication Protocol

• Authentication the Process of verifying that a
  node or users is who they claim to be.
• Usage in network access control
• Access control primary defense mechanisms in
  network security and computer security.

20
Address-Based Authentication

• Use the address of the node in the network.
• MAC address or IP address
• Allows only a preconfigured set of MAC or IP
  address to access the network.
• Usually implemented in the switch or router
• Loop holes
• Simple one-to-one mapping between a node and a
  user.
• So does not really authenticate the user
• Weak to MAC spoofing and IP spoofing attack.

21
Password for Local Authentication (Login)

• Storing ltusername, passwordgt pair list in a file
  on the server machine.
• If the password file is compromised, all user
  passwords are compromised.
• Machine store ltusername, hash(password)gt pair
• Even though the file is compromised, the
  passwords are still secure.
• But still open to dictionary attack.

22
Insecurity of Passwords

• Human generated passwords
• Come from a small domain
• Easy to guess dictionary attacks
• Stronger passwords
• Computer generated or verified
• Not user friendly
• Hard to remember

23
Possible attacks on passwords

• Eavesdropping. (Solution encrypt the channel,
  e.g. using SSL or SSH.)
• Offline dictionary attacks.
• Attacker compute lt word, hash(word)gt pair list
• Attacker get password file and search
  hash(password) in his stored list.
• (Solution limit access to password file, use
  salt.)
• lt word, hash(wordsalt), saltgt
• Online dictionary attacks Attacker guesses a
  username/password pair and tries to login. Real
  time.
• Case study e-Bay user account hacking link

24
Countermeasures against online dictionary attacks
Delayed answer
Account locked
25
Risks of locking accounts

• eBay experiences dictionary attacks, but does not
  implement account locking.
• Denial of service attacks To lock a user, try
  to login into his account with random passwords.
  (auctions, corporates)
• Customer service costs Users whose accounts are
  locked call a customer service center impose
  call cost

26
Password for Network Authentication

• Password for network authentication differ from
  local login.
• Hashed password can not be sent over the network.
• Captured hashed password can be used for offline
  dictionary attack
• Using Salt (transmit in plain text) ? still weak
  to offline attack.

27
Authentication using SKC

• In a network authentication, use password for
  deriving shared keys to be used in challenge
  response system.
• Key part of hash(password)
• One-way authentication using SKC

28
One-way Authentication using SKC-variation
29
One-way Authentication using SKC-variation

• Bob state-less ? prevent Denial of
  Service(DoS) attack
• timestamp require time synchronization, not
  trivial in a large network.
• if stream cipher is used, 1 bit flip in the
  cipher text flips 1 bit in the plain text.
• Eve may get an approximate time stamp by
  flipping the millisecond bits.

30
Mutual Authentication using SKC

• Authenticate each other.
• 
  (Reduced Massages)
  

31
Mutual authentication using SKC-Reflection Attack

• How to prevent the reflection attack
• Unique format for each direction even and odd
  challenge
• Different symmetric key for each direction

32
Lamports Hash
(m-1) times hash of R1.

• Bob(server) saves (username,
  )
• After one authentication, Bob sets raise to (m-1)
• When m1, reconfigure new password.
• How to avoid new password reconfiguration when
  m1
• ? use salt with password

33
Authentication using PKC

• One-way authentication
  Mutual Authentication
• Key Database compromise ? does not compromise the
  security of the System.

34
What to use for authentication SKC or PKC?

• SKC
• (Advantages)
• less computation intensive
• more resilient to DoS Attacks.
• (Disadvantages)
• Key database compromise ? security of whole
  system is compromised.
• Eve can collect lt plaintext, ciphertextgt pairs ?
  launch dictionary attack.
• How to Eve claims to be Bob and send challenge
  to A, then collect the cipher text for the
  challenge.

35
What to use for authentication SKC or PKC?

• PKC
• (advantages)
• Key database compromise ? does not compromise the
  security of whole system
• dictionary attack is not applicable.
• (Disadvantages)
• computation intensive
• weak to DoS Attacks.

36
Session Hijacking

• Instead of trying to break the authentication
  protocol, it circumvent it completely.
• Cause authentication result is not linked to
  the rest of the session.
• Solution Use authenticated key agreement
  protocol.

37
Needham Schroeder

• SKC-based mutual authentication and key
  establishment

38
Kerberos
39
Resources

• B. Pinkas Securing Passwords against Dictionary
  attack
• http//www.pinkas.net/PAPERS/
  pwdweb.pdf
• e-bay case http//news.com.com/2100-1017-868278
  .html?tagyt
• Collin Boyd, Anish Mathuria, Protocols for
  Authentication and Key Establishment,
  Springer-Verlag
• Evaluation of RSA cryptographic Schemes,
  http//www.ipa.go.jp/security/enc/CRYPTREC/fy15/do
  c/1011_rsa.pdf