CMSC 414 Computer and Network Security Lecture 15 - PowerPoint PPT Presentation

1 / 6

About This Presentation

Title:

CMSC 414 Computer and Network Security Lecture 15

Description:

CMSC 414. Computer and Network Security. Lecture 15. Jonathan Katz. Ethereal demonstration (telnet and CHAP) Basic authentication protocols... – PowerPoint PPT presentation

Number of Views:18

Avg rating:3.0/5.0

Slides: 7

Provided by: jka9

Learn more at: http://www.cs.umd.edu

Category:

Tags: cmsc | computer | demonstration | lecture | network | security

Transcript and Presenter's Notes

Title: CMSC 414 Computer and Network Security Lecture 15

1
CMSC 414Computer and Network SecurityLecture 15

Jonathan Katz

2
Ethereal demonstration (telnet and CHAP)
3
Basic authentication protocols

Server stores H(pw) user sends pw
Secure against server compromise, but not
eavesdropping (or replay attacks)
Server stores pw, sends R user sends H(pw,R)
Secure against eavesdropping, but not server
compromise (or dictionary attack)
What if the user sends R also?
Can we achieve security against both?
We will see later

4
Other techniques for human auth.

Tokens
Magnetic stripe cards
Smartcards
Standalone tokens
Still need a secure auth. protocol!

5
Biometrics

Various possibilities
Drawbacks
Entropy?
Are biometric data secret?
Revocation?
Difficult to use securely!
Non-uniform
Errors
Still need a secure protocol

6
Public-key protocols

Server stores pk user stores sk
Server sends R user signs R
Using a secure signature scheme
Is this secure?
Potential weaknesses
What if we had used encryption instead?
Can we achieve security against server compromise
and eavesdropping without using public-key crypto?

Write a Comment

User Comments (0)

About PowerShow.com

Recommended Relevance Latest Highest Rated Most Viewed

Sort by:

Related More from user

CrystalGraphics Presentations

Introducing-PowerShowcom PowerPoint PPT Presentation

Introducing-PowerShowcom - Introducing-PowerShowcom (Without Music)

CrystalGraphics 3D Character Slides for PowerPoint PowerPoint PPT Presentation

CrystalGraphics 3D Character Slides for PowerPoint - CrystalGraphics 3D Character Slides for PowerPoint

Chart and Diagram Slides for PowerPoint PowerPoint PPT Presentation

Chart and Diagram Slides for PowerPoint - Beautifully designed chart and diagram s for PowerPoint with visually stunning graphics and animation effects. Our new CrystalGraphics Chart and Diagram Slides for PowerPoint is a collection of over 1000 impressively designed data-driven chart and editable diagram s guaranteed to impress any audience. They are all artistically enhanced with visually stunning color, shadow and lighting effects. Many of them are also animated. And they’re ready for you to use in your PowerPoint presentations the moment you need them. – PowerPoint PPT presentation

Related Presentations

CMSC 414 Computer and Network Security Lecture 25 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 25 - CMSC 414 Computer and Network ... (can then be handled out-of-band) Honeypots Decoy systems to lure ... address spoofing Stateful firewalls Typical packet ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 10 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 10 - Bad cryptography, bad implementations, bad design ... Server just rebooted and needs randomness....is there enough entropy after being ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 4 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 4 - CMSC 414 Computer and Network Security Lecture 4 Jonathan Katz Review If we want perfect secrecy, we face several inherent limitations Key as long as the message Key ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 23 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 23 - CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz Input validation Buffer overflows can be viewed as an example of problems caused by improper input ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 24 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 24 - CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz Administrivia Zeller-Felten paper on webpage HW4 Final exam reminder + study guide Course evaluations ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 17 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 17 - No impersonation (obviously!) No off-line password guessing ... In contrast to eavesdropping, server impersonation, and man-in-the-middle ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer (and Network) Security Lecture 2 PowerPoint PPT Presentation

CMSC 414 Computer (and Network) Security Lecture 2 - What if this locksmith is trustworthy? Why do we assume that she is trustworthy? More assumptions Two assumptions are (almost) always made: ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 20 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 20 - CMSC 414 Computer and Network ... Based on everything from last midterm through today Zero knowledge (ZK) ZK proofs can offer deniability and secrecy A zero ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 12 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 12 - CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz Password selection User selection of passwords is typically very poor Low-entropy password makes ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 6 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 6 - CMSC 414 Computer and Network Security Lecture 6 Jonathan Katz ... = H(x ) Hash functions in practice MD5 128-bit output Introduced in 1991 ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 15 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 15 - ... design. E.g., recognize dependencies between columns ... One might expect that by limiting to aggregate information, individual privacy can be preserved ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 9 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 9 - Unless a subject is given explicit access to an object, it should be denied access ... All accesses to objects should be checked to ensure they are allowed ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 14 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 14 - Biometrics. How much entropy is there? How private are these? How reliable are they? ... Biometrics. Difficult to use securely. Errors. Non-uniform. Still need ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 9 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 9 - CMSC 414 Computer and Network Security Lecture 9 Jonathan Katz | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 7 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 7 - CMSC 414 Computer and Network Security Lecture 7 Jonathan Katz | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 5 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 5 - Main goal is collision resistance: Hard to find distinct x, x' such ... No longer collision resistant (as of 2004) Still second pre-image resistant (for now... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 21 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 21 - CMSC 414 Computer and Network Security Lecture 21 Jonathan Katz | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 27 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 27 - CMSC 414 Computer and Network Security Lecture 27 Jonathan Katz | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 14 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 14 - ... BIOS boot block BIOS OS loader OS Application TPM Hardware measuring Extend PCR Collision resistance of SHA1 ensures uniqueness * * Mandatory access ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 22 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 22 - CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz Network layers Application Transport Network Data link Physical Roughly Application layer: the ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 24 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 24 - ret. Basic exploit. Suppose stack looks like: When func() exits, user will ... str ret Code for P. Program P: exec( '/bin/sh' ) (exact shell code by Aleph One) ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 11 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 11 - Equivalence myth: ACLs and capabilities are 'just' two views of ... Capabilities can also expire with time. If OS stores capabilities, can delete upon request ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 17 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 17 - ... and have user decrypt it. Mutual authentication (if decrypts 'validly' ... And how to fix it... Public-key based... Include Epk(session-key) in protocol? ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 26 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 26 - SSL runs on top of TCP, in a user-level process. Recall, does not ... Using TCP rather than UDP simplifies things. Recall, this opens a potential DoS attack ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 10 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 10 - E.g., 'append' may not be distinct from 'write' E.g., in UNIX, no access controls for root ... Granularity of rights (e.g., 'append' ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer (and Network) Security Lecture 13 PowerPoint PPT Presentation

CMSC 414 Computer (and Network) Security Lecture 13 - If user not present in ACL, nor member of any group in ACL, deny access ... Note: an explicit deny overrides any permissions ... all access denied. Why brackets? ... | PowerPoint PPT presentation | free to view

CMSC 414 Computer and Network Security Lecture 18 PowerPoint PPT Presentation

CMSC 414 Computer and Network Security Lecture 18 - Client sends Epk(R, password, session-key) Insecure in general! ... 'Dos and Don'ts of Client. Authentication on the Web' (Fu, et al.) Authentication using 'cookies' ... | PowerPoint PPT presentation | free to view