Cryptographic Authentication Protocols CS 470 Introduction to Applied

  • Slides: 18
Download presentation
Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk CS

Cryptographic Authentication Protocols CS 470 Introduction to Applied Cryptography Instructor: Ali Aydin Selcuk CS 470, A. Selcuk Cryptographic Authentication 1

Cryptographic Authentication • Password authentication subject to eavesdropping • Alternative: Cryptographic challenge-response – Symmetric

Cryptographic Authentication • Password authentication subject to eavesdropping • Alternative: Cryptographic challenge-response – Symmetric key – Public key CS 470, A. Selcuk Cryptographic Authentication 2

Symmetric Key Challenge-Response An example protocol: CS 470, A. Selcuk a challenge R F(KAB,

Symmetric Key Challenge-Response An example protocol: CS 470, A. Selcuk a challenge R F(KAB, R) Cryptographic Authentication Bob Alice I’m Alice 3

Limitations: • Authentication not mutual (login only) • Subject to connection hijacking (login only)

Limitations: • Authentication not mutual (login only) • Subject to connection hijacking (login only) • Subject to off-line password guessing (if K is derived from password) • Bob’s database has keys in the clear CS 470, A. Selcuk Cryptographic Authentication 4

Symmetric Key Challenge-Response CS 470, A. Selcuk I’m Alice, KAB{timestamp} Cryptographic Authentication Bob Alice

Symmetric Key Challenge-Response CS 470, A. Selcuk I’m Alice, KAB{timestamp} Cryptographic Authentication Bob Alice A one-message protocol: 5

• • • Easy integration into password-sending systems More efficient: Single message, stateless

• • • Easy integration into password-sending systems More efficient: Single message, stateless Care needed against replays Care needed if key is common across servers Clock has to be protected as well Alternatively, with a hash function, send, I’m Alice, timestamp, H(KAB, timestamp) CS 470, A. Selcuk Cryptographic Authentication 6

Public Key Challenge-Response By signature: CS 470, A. Selcuk R [R]A Cryptographic Authentication Bob

Public Key Challenge-Response By signature: CS 470, A. Selcuk R [R]A Cryptographic Authentication Bob Alice I’m Alice 7

Public Key Challenge-Response By decryption: CS 470, A. Selcuk {R}A R Cryptographic Authentication Bob

Public Key Challenge-Response By decryption: CS 470, A. Selcuk {R}A R Cryptographic Authentication Bob Alice I’m Alice 8

• Problem: Bob (or Trudy) can get Alice to sign/decrypt any text he

• Problem: Bob (or Trudy) can get Alice to sign/decrypt any text he chooses. • Solutions: – Never use the same key for different purposes (e. g. , for login and signature) – Have formatted challenges CS 470, A. Selcuk Cryptographic Authentication 9

Mutual Authentication Both Alice and Bob authenticate each other An example protocol: I’m Alice

Mutual Authentication Both Alice and Bob authenticate each other An example protocol: I’m Alice F(KAB, R 1) Bob Alice R 1 R 2 F(KAB, R 2) CS 470, A. Selcuk Cryptographic Authentication 10

Some saving: CS 470, A. Selcuk R 1, F(KAB, R 2) F(KAB, R 1)

Some saving: CS 470, A. Selcuk R 1, F(KAB, R 2) F(KAB, R 1) Cryptographic Authentication Bob Alice I’m Alice, R 2 11

Reflection attack: R 1, F(KAB, R 2) F(KAB, R 1) Bob Trudy I’m Alice,

Reflection attack: R 1, F(KAB, R 2) F(KAB, R 1) Bob Trudy I’m Alice, R 2 CS 470, A. Selcuk R 3, F(KAB, R 1) Cryptographic Authentication Bob Trudy I’m Alice, R 1 12

• Solutions: – Different keys for Alice and Bob – Formatted challenges, different

• Solutions: – Different keys for Alice and Bob – Formatted challenges, different for Alice and Bob • Principle: Initiator should be the first to prove its identity CS 470, A. Selcuk Cryptographic Authentication 13

Another weakness: Trudy can do dictionary attack against KAB acting as Alice, without eavesdropping.

Another weakness: Trudy can do dictionary attack against KAB acting as Alice, without eavesdropping. Solution against both problems: I’m Alice F(KAB, R 1), R 2 Bob Alice R 1 F(KAB, R 2) (Dictionary attack still possible if Trudy can impersonate Bob. ) CS 470, A. Selcuk Cryptographic Authentication 14

Mutual authentication with PKC: R 2, {R 1}A R 1 Bob Alice I’m Alice,

Mutual authentication with PKC: R 2, {R 1}A R 1 Bob Alice I’m Alice, {R 2}B • Problem: How can the public/private keys be remembered by ordinary users? • They can be stored in an electronic token (USB), or can be retrieved from a server with password-based authentication & encryption. CS 470, A. Selcuk Cryptographic Authentication 15

Session Key Establishment • A session key is needed to authenticate/encrypt the rest of

Session Key Establishment • A session key is needed to authenticate/encrypt the rest of the session. • The session key must be – different for each session – unguessable by an eavesdropper – not KAB{x} for some x predictable/extractable by an attacker • Good if both sides contribute – avoids replays (“freshness guarantee”) – works if either side has a good random number generator CS 470, A. Selcuk Cryptographic Authentication 16

Nonces • Nonce: Something created for one particular occasion • Nonce types: – Random

Nonces • Nonce: Something created for one particular occasion • Nonce types: – Random numbers – Timestamps – Sequence numbers • Random nonces needed for unpredictability • Obtaining random nonces from timestamps: encryption with a secret key. CS 470, A. Selcuk Cryptographic Authentication 17

Protocol Performance Comparison • Computational Complexity: (to minimize CPU time, power consumption) – Number

Protocol Performance Comparison • Computational Complexity: (to minimize CPU time, power consumption) – Number of – “ “ private-key operations public-key “ bytes encrypted with secret key bytes hashed • Communication Complexity: – Number of message rounds – Bandwidth consumption CS 470, A. Selcuk Cryptographic Authentication 18

Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Authentication Authentication Basics Definition 11 1 Authentication isAuthentication Authentication Basics Definition 11 1 Authentication is
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
COEN 351 Authentication Authentication n Authentication is basedCOEN 351 Authentication Authentication n Authentication is based
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Authentication Protocol Authentication Application Authentication Protocol Users wishAuthentication Protocol Authentication Application Authentication Protocol Users wish
COEN 351 Authentication Authentication n Authentication is basedCOEN 351 Authentication Authentication n Authentication is based
Outline User authentication Password authentication salt Challengeresponse authenticationOutline User authentication Password authentication salt Challengeresponse authentication
Security of Authentication Protocols Alexander Potapov Outline AuthenticationSecurity of Authentication Protocols Alexander Potapov Outline Authentication
470 470 CLASS RULES 2017 C 3 PERSONAL470 470 CLASS RULES 2017 C 3 PERSONAL
Simple Authentication Protocols Part 3 Protocols 1 ProtocolSimple Authentication Protocols Part 3 Protocols 1 Protocol
Cryptographic Signing of ONAP Artifacts ONAP Seccom CryptographicCryptographic Signing of ONAP Artifacts ONAP Seccom Cryptographic
Cryptographic Tools cryptographic algorithms important element in securityCryptographic Tools cryptographic algorithms important element in security
Cryptographic Security 1 Cryptographic Security Considerations Factors relianceCryptographic Security 1 Cryptographic Security Considerations Factors reliance
Cryptographic Security CS 5204 Operating Systems 1 CryptographicCryptographic Security CS 5204 Operating Systems 1 Cryptographic
Cryptographic Hash Functions Applications of Cryptographic Hash FunctionsCryptographic Hash Functions Applications of Cryptographic Hash Functions
Cryptographic Security Cryptographic Mechanisms Mesbah Islam Operating SystemsCryptographic Security Cryptographic Mechanisms Mesbah Islam Operating Systems
Network Protocols UNIT III INTERNETWORK PROTOCOLS Routing ProtocolsNetwork Protocols UNIT III INTERNETWORK PROTOCOLS Routing Protocols
Springer Protocols Springer 2009 116 Protocols Springer ProtocolsSpringer Protocols Springer 2009 116 Protocols Springer Protocols
NeedhamSchroeder Protocol Authentication Key Establishment CS 470 IntroductionNeedhamSchroeder Protocol Authentication Key Establishment CS 470 Introduction
Email Security CS 470 Introduction to Applied CryptographyEmail Security CS 470 Introduction to Applied Cryptography
Key Distribution CS 470 Introduction to Applied CryptographyKey Distribution CS 470 Introduction to Applied Cryptography
IPsec IKE CS 470 Introduction to Applied CryptographyIPsec IKE CS 470 Introduction to Applied Cryptography
IPsec AH ESP CS 470 Introduction to AppliedIPsec AH ESP CS 470 Introduction to Applied
Stream Ciphers CS 470 Introduction to Applied CryptographyStream Ciphers CS 470 Introduction to Applied Cryptography
Public Key Cryptography CS 470 Introduction to AppliedPublic Key Cryptography CS 470 Introduction to Applied
User Authentication and Cryptographic Primitives Brad Karp UCLUser Authentication and Cryptographic Primitives Brad Karp UCL
Scalable Cryptographic Authentication for High Performance Computing AndrewScalable Cryptographic Authentication for High Performance Computing Andrew
Challenge Response Authentication Cryptographic Public Key Cryptography PublicKeyChallenge Response Authentication Cryptographic Public Key Cryptography PublicKey
Lecture 9 Cryptographic Authentication objectives and classification onewayLecture 9 Cryptographic Authentication objectives and classification oneway
Frictionless Web Payments with Cryptographic Cardholder Authentication FranciscoFrictionless Web Payments with Cryptographic Cardholder Authentication Francisco
LDP Hello Cryptographic Authentication draftzhengmplsldphellocryptoauth01 Vero Zheng verozhenghuaweiLDP Hello Cryptographic Authentication draftzhengmplsldphellocryptoauth01 Vero Zheng verozhenghuawei
Challenge Response Authentication Cryptographic Public Key Cryptography PublicKeyChallenge Response Authentication Cryptographic Public Key Cryptography PublicKey