Handshake Protocols COEN 350 Simple Protocol Alice Hi

  • Slides: 23
Download presentation
Handshake Protocols COEN 350

Handshake Protocols COEN 350

Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Simple Protocol Vulnerable to sniffing and replay attack. Alice: Hi, I am Alice. My

Simple Protocol Vulnerable to sniffing and replay attack. Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice. . Mallory: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

Shared Secret Alice and Bob share a secret key K. Alice: I am Alice.

Shared Secret Alice and Bob share a secret key K. Alice: I am Alice. Bob: Encrypt R. Alice: EK(R) Bob (calculates EK(R) as well. ): Welcome Alice.

Shared Secret Vulnerable to DOS attack. while(1) { Mallory: I am Alice. Bob: Encrypt

Shared Secret Vulnerable to DOS attack. while(1) { Mallory: I am Alice. Bob: Encrypt R. Mallory: X. Bob (EK(R) != X): Access denied. }

Shared Secret Vulnerable to sniffing and replay attack if R is not random or

Shared Secret Vulnerable to sniffing and replay attack if R is not random or if R is repeated.

Shared Secret, use of clock Alice: I am Alice, EK(clock). Bob calculates clock, compares

Shared Secret, use of clock Alice: I am Alice, EK(clock). Bob calculates clock, compares with his value: Welcome Alice.

Shared secret, use of clock Man in the Middle + replay attack: Mallory to

Shared secret, use of clock Man in the Middle + replay attack: Mallory to Bob: KILL, KILL. Alice: Hi, I’m Alice. EK(clock). Mallory to Alice: KILL, KILL. Mallory to Bob: Hi, I’m Alice. EK(clock). Bob: Hi, Alice.

Public Key Alice: “I’m Alice. ” Bob: “R”. Alice: “EAlice(R)”. Bob calculates “DAlice. EAlice(R)

Public Key Alice: “I’m Alice. ” Bob: “R”. Alice: “EAlice(R)”. Bob calculates “DAlice. EAlice(R) == R: Hi Alice.

Public Key Alice: “I’m Alice. ” Bob creates random challenge R: “EAlice(R)”. Alice: “R”.

Public Key Alice: “I’m Alice. ” Bob creates random challenge R: “EAlice(R)”. Alice: “R”. Bob checks R == R: Hi Alice.

Public Key: DOS attack Trudy: “I’m Alice. ” Bob: “R”. Trudy: “X” Bob calculates

Public Key: DOS attack Trudy: “I’m Alice. ” Bob: “R”. Trudy: “X” Bob calculates “DAlice. EAlice(X) != R: Access Denied. Bob spends much more time computing than Trudy!

Mutual Authentication: Shared Secret Alice: “I am Alice” Bob: “RB” Alice: EK(RB). RA. Bob

Mutual Authentication: Shared Secret Alice: “I am Alice” Bob: “RB” Alice: EK(RB). RA. Bob calculates EK(RB) himself: EK(RA). Hi Alice calculates EK(RA) herself: Hi Bob.

Mutual Authentication with less messages? Alice: I am Alice. RA Bob: RB. EK(RA). Alice:

Mutual Authentication with less messages? Alice: I am Alice. RA Bob: RB. EK(RA). Alice: Hi Bob. EK(RB). Bob: Hi Alice.

Mutual Authentication with less steps is vulnerable to the replay attack Session Session 1

Mutual Authentication with less steps is vulnerable to the replay attack Session Session 1 1 2 2 1 1 Trudy: I am Alice. RA. Bob: RB. EK(RA). Trudy: I am Alice. RB. Bob: RB’. EK(RB). Trudy: Hi Bob. EK(RB). Bob: Hi Alice.

Warning Signals Requestor should authenticate herself first. ¡ Don’t have requestor and requestee do

Warning Signals Requestor should authenticate herself first. ¡ Don’t have requestor and requestee do exactly the same thing. (E. g. use different key pairs. ) ¡ If you provide encryption service, you set yourself up for a key guessing attack. ¡

Public Key: Simple Mutual Authentication Alice: “I am Alice. RA” Bob: “EBob(RA). RB” Alice

Public Key: Simple Mutual Authentication Alice: “I am Alice. RA” Bob: “EBob(RA). RB” Alice DBob. EBob (RA)=RA: Hello Bob. EAlice(RB). Bob: DAlice. EAlice(RB) = RB: Hello Alice.

Key Distribution Centers Maintains a shared secret for each registered user. ¡ To set-up

Key Distribution Centers Maintains a shared secret for each registered user. ¡ To set-up a connection requires the KDC to set up a session key. ¡

Key Distribution Center Original Algorithm Alice to KDC: Alice wants Bob. ¡ KDC to

Key Distribution Center Original Algorithm Alice to KDC: Alice wants Bob. ¡ KDC to Alice: Here is your session key. ¡ KDC to Bob: Here is your session key. ¡ This needs to be modified.

Key Distribution Center: Needham Schroeder Protocol Alice to KDC: N 1, Alice wants Bob.

Key Distribution Center: Needham Schroeder Protocol Alice to KDC: N 1, Alice wants Bob. KDC to Alice: KA(N 1, KS, Bob, Ticket), where Ticket=KB(KS, Alice). Alice to Bob: Ticket, KS(N 2). Bob to Alice: KS(N 2 -1, N 3). Alice to Bob: K(N 3 -1). N 1, N 2, N 3 are nonces to prevent replay attacks.

Key Distribution Center: Needham Schroeder Protocol Variant Alice to KDC: N 1, Alice wants

Key Distribution Center: Needham Schroeder Protocol Variant Alice to KDC: N 1, Alice wants Bob. KDC to Alice: KA(N 1, KS, Bob, Ticket), where Ticket=KB(KS, Alice). Alice to Bob: Ticket, KS(N 2). Bob to Alice: KS(N 2 -1), KS(N 3). Alice to Bob: K(N 3 -1). N 1, N 2, N 3 are nonces to prevent replay attacks.

Replay attack on modified NS Alice to KDC: N 1, Alice wants Bob. KDC

Replay attack on modified NS Alice to KDC: N 1, Alice wants Bob. KDC to Alice: KA(N 1, KS, Bob, Ticket), where Ticket=KB(KS, Alice). Alice to Bob: Ticket, KS(N 2). Bob to Alice: KS(N 2 -1), KS(N 3). Alice to Bob: KS(N 3 -1). Trudy as Alice to Bob: Ticket, KS(N 2) Bob to Alice, but intercepted by Trudy: KS(N 2 -1), KS(N 4) Trudy as Alice to Bob: Ticket, KS(N 4). Bob to Alice, but intercepted by Trudy. KS(N 4 -1), KS(N 5). Trudy as Alice to Bob: KS(N 4 -1).

Key Distribution Center Assume that Alice’s key has become compromised. ¡ Trudy can now

Key Distribution Center Assume that Alice’s key has become compromised. ¡ Trudy can now present herself as Alice to Bob with an old ticket. ¡ Tickets need to have an expiration date!!!!!! ¡