Authentication Protocols - PowerPoint PPT Presentation

About This Presentation
Title:

Authentication Protocols

Description:

Authentication Protocols Celia Li Computer Science and Engineering York University * * Outline Overview of authentication Symmetric key authentication protocols ... – PowerPoint PPT presentation

Number of Views:148
Avg rating:3.0/5.0
Slides: 32
Provided by: JoshZa4
Category:

less

Transcript and Presenter's Notes

Title: Authentication Protocols


1
Authentication Protocols
Celia Li Computer Science and Engineering York
University
2
Outline
  • Overview of authentication
  • Symmetric key authentication protocols
    (Kerberos)
  • Public key authentication protocols (SSL)
  • Authentication protocols in Wireless Local Area
    Networks (WLAN)

3
Outline
  • Overview of authentication
  • Symmetric key authentication protocols
    (Kerberos)
  • Public key authentication protocols (SSL)
  • Authentication protocols in Wireless Local Area
    Networks (WLAN).

4
Overview of Authentication
  • The process of determining whether someone is,
  • in fact, who it is declared to be.
  • An authentication protocol consists of a sequence
  • of messages between principals and will be
  • described using different notations.
  • Principals parties who cooperate by exchanging
  • messages over networks.

5
Notation
  •  
  • E(K M) denotes encrypting message plaintext M
  • with key K.
  • Ka key of principal A 
  • Kab shared key of principle A and B
  • Principals are generally denoted by capitals such
    as
  • A, B and S (server)
  • (1) A ? B M1
  • (2) B ? S M2
  • (3) S ? B M3

6
Notation
  • Na A number generated by a principal A.
    Generally
  • termed as a nonce.
  • A nonce could be
  • a timestamp a number denoting the current time.
  • a sequence number
  • a random number that can be used for one time
  •  
  • A ? B A, E(Kab Na)
  • A is identity of node A (ip address or computer
    name)

7
Overview of Authentication
  • Timeliness in Authentication Protocols
  • An authentication protocol is required to
    guarantee that the parties involved in the
    authentication process are present during the
    execution of the protocol.
  • Nonces are generally used to assess timeliness
    in authentication protocols.

8
Attacks on Authentication Protocol
  • Replay attack
  • The attacker records the message of an
    authentication protocol and replays this
    information to attempt to falsely authenticate to
    the other principle.
  •  
  • Counter measures
  • Using timestamps, sequence number or random
    numbers.
  •  

9
Outline
  • Overview of authentication
  • Symmetric key authentication protocols
    (Kerberos)
  • Public key authentication protocols (SSL)
  • Authentication protocols in Wireless Local Area
    Networks (WLAN)

10
Symmetric Key Authentication Without Trusted
Third Party
  • Symmetric key one-pass unilateral authentication
    protocol

B authenticates A
If Na (timestamp) has a recent value, B can prove
As identity.
  • Symmetric key two-pass unilateral
    authentication protocol

B authenticates A
  • Symmetric key three-pass mutual authentication

B authenticates A
A authenticates B
Na Timestampt , Ra, Rb Random numbers. Each
random number only
can be used one time.
11
Symmetric Key Authentication With Trusted Third
Party
  • NS (Needham-Schroeder) Symmetric Key
    Authentication

A B trust S, Kas is a shared key of A S, Kbs
is a shared key of B S
  • A gets a shared key Kab generated by S
  • B gets shared key Kab
  • A authenticates B
  • B authenticates A

S Trusted Third Party
(1)
(2)
(3), (5)
A
B
(4)
12
Kerberos Authentication
  • A typical example of symmetric key
  • authentication with trusted third party
  • The trusted third party in Kerberos is the
  • authentication server which is in charge of
  • distribute shared keys.
  • Kerberos ticket is employed for the
  • authentication purpose

13
Kerberos Authentication
  • Kerberos Ticket
  • A certificate issued by an authentication
    server, encrypted using the key of the
    authentication server.
  • The ticket contains
  • the key that will be used for authentication of
    the client to the verifier who will verify the
    correctness of the key
  • the name of the principal to whom the key was
    issued
  • an expiration time of the ticket

14
Kerberos authentication
  • Client C wants to access server S. Client C and
    sever S need to authenticate
  • each other
  • Authentication server is comprised of two
    parts
  • A Key Distribution Server
  • G Ticket Grant Server
  • (1) C sends a random number N1 to A
  • (2) A sends back a ticket Tcg to C.
  • Kac shared key between A and C
  • Kcg shared key between C and G
  • C authenticates A if N1 is correct

15
Kerberos authentication
  • (3) C forwards the ticket Tcg to G
  • N2 random number
  • T time stamp
  • G authenticates C if time stamp is correct
  • (4) G sends back a service ticket Tcs to C.
  • Kcs shared key between C and S
  • C authenticates G if N2 is correct
  • (5) C sends ticket Tcs to S
  • T time stamp
  • S authenticates C if time stamp is correct
  • (6) C authenticates S if time stamp is correct

16
Outline
  • Overview of authentication
  • Symmetric key authentication protocols
    (Kerberos)
  • Public key authentication protocols (SSL)
  • Authentication protocols in Wireless Local Area
    Networks (WLAN)

17
Public Key Certificate
  • Commonly used for public key authentication
    protocols
  • An electronic document which uses a digital
    signature to bind together a public key with an
    identity
  • the name of a person or an organization, their
    address
  • Issued by a certification authority (CA)
  • e.g. VeriSign
  • The certificate can be used to verify if a
    public key belongs to an individual.

18
Public Key Certificate
  • Public key certificates include
  • Public key of the user
  • DN (name of the user)
  • Validity period of the certificate
  • Name of the certificate issuer
  • Digital signature of the
  • certificate issuer

19
Public Key Authentication without Trusted Third
Party
Public key one-pass unilateral authentication
protocol
B authenticates A
Public key two-pass unilateral authentication
protocol
B authenticates A
Public key three-Pass mutual authentication
protocol
B authenticates A
A authenticates B
CertA public key certificate of A Ka-1 private
key of A, Kb-1 private key of b
20
Public Key Authentication with Trusted Third Party
NS (Needham-Schroeder) Public Key Authentication
Protocol
A asks Bs public key from S
S sends Bs public key Kb to A
B gets As identity
B asks As public key from S
S sends As public key Ka to B
A authenticates B by verifying Na
B authenticates A by verifying Nb
S Trusted Third Party
(5)
(1)
(4)
(2)
(3)
(7)
A
B
(6)
21
Secure Socket Layer Protocol (SSL)
  • Universally accepted on the Web for
    authenticated and encrypted communication between
    clients and servers.
  • Typical example of public key authentication
  • Protect sensitive information such as Social
    Security Number (SSN), Credit Card Number, etc.

Web Server
Client
22
SSL
  • Server Certificate
  • The SSL protocol requires a server certificate
    so that client can authenticate the server.
  • Client Certificate (Optional)
  • You can optionally configure your server to
    request a client certificate so that server can
    authenticate the client.
  • Only discuss how client authenticates server in
    SSL

23
SSL
Client authenticates server based on certificate
issued by certificate authority (CA)
  • Client ? server Hello message
  • Server ? client servers public key certificate,
    including servers public key, digital signature
    signed by certificate authority (CA)
  • Client uses CAs public key to verify digital
    signature signed by CA, thus verifies servers
    certificate.
  • Client ? server a random number
  • in order to prove servers identity.
  • 5. Server encrypts random number with its
    private key.
  • 6. Server ? client the encrypted message
  • Clients decrypts the message using servers
    public key to verify identity of the server.

24
Compare SSL and Kerberos
SSL Kerberos
Uses public key encryption Uses symmetric key encryption
Certificate based   Relies on a trusted third party  
Ideal for secure communications with a large, variable user base that is not known in advance, such as the WWW.  Ideal for networked environments where all services and users are known in advance.
25
Outline
  • Overview of authentication
  • Symmetric key authentication protocols
    (Kerberos)
  • Public key authentication protocols (SSL)
  • Authentication protocols in Wireless Local Area
    Networks (WLAN)

26
Authentication Protocols in WLAN
  • WPA (Wi-Fi Protected Access)
  • Certification program created to secure wireless
    computer networks.
  • Provides stronger data encryption and user
    authentication
  • Implements the IEEE 802.11i standard.
  •  
  • The three entities of WPA are the client, the
    Authentication Server (AS), and the Access Point
    (AP).

AS
  • Only after the client is authenticated by the
    authentication server, the authenticator (Access
    Point) allows the client to access the network

27
Authentication Protocols in WLAN
  • Symmetric key approach EAP-LEAP
  • Public key approach EAP-TLS
  •  Symmetric Key Approaches
  • Efficient and require little computational power
  • Resource constrain, e.g., computational power of
    PDAs, mobile VoIP phones, have.
  • Drawbacks
  • Most protocols derive the shared secret from the
    user's password and some passwords are not
    strong, it is easy for the attacker to extract
    the secret key from them.

28
Lightweight Extensible Authentication Protocol
(LEAP)
The server knows the password of the client.
Password is the shared key between the client C
and authentication server S
29
Authentication Protocols in WLAN
  • Public key Approaches
  • Provides strong security
  • Cannot authenticate a client without
  • public certificate
  • Example EAP-TLS

30
EAP-Transport Layer Security (EAP-TLS)
  • AS verifies clients digital signature using
    clients public key got from clients certificate
    Certclient
  • Get random number p by decrypting with its
    private key
  • Client calculates H(c,s,p), compares it with the
    value sent by As

31
References
1 Kerberos http//web.mit.edu/kerberos/www/ 2
SSL http//docs.sun.com/source/816-6156-1
0/contents.htm 3 EAP-TLS http//en.wikipedia.or
g/wiki/Extensible_Authentication_Protocol
Write a Comment
User Comments (0)
About PowerShow.com