network security network security protocol 1 network security chapter 2. network security protocols
TRANSCRIPT
Network Security Network Security Protocol 1
Network Security
Chapter 2. Network Security Protocols
Network Security Network Security Protocol 2
Key Establishment Technique
Key Authentication
Authenticated Key Establishment Protocol
Key generation in SKC
Kerberos : Key generation in SKC
Key Establishment in PKC
Authentication Protocols
Security of password
Authentication using SKC
Authentication using PKC
Objectives
Network Security Network Security Protocol 3
The three important aspect of network security:– authentication, encryption, message authentication
Key : Central to the idea of cryptography.
Some definitions related to key.– key establishment : a process or protocol where by a shared secret becomes available to two or more parties, for subsequent cryptographic use.
Introduction
Network Security Network Security Protocol 4
Key transport : a key establishment technique where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s).
Key agreement : a key establishment technique in which a shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, (ideally) such that no part can predetermine the resulting value.
Key establishment technique
Network Security Network Security Protocol 5
Key pre-distribution : key establishment protocols whereby the resulting established keys are
completely determined apriori by initial keying material.
Dynamic key establishment : the key is established by a fixed pair (or group) of users varies on
subsequent executions. Also referred to as session key establishment
Key establishment technique
Network Security Network Security Protocol 6
Key authentication : the property whereby one party is assured that no other party asides from a specifically identified second party( and possibly additional identified trusted parties) may gain access to a particular secret key.
It need not involve any action whatsoever by the second party. For this reason, it is some times referred to more precisely as (implicit) key authentication.
Key conformation : the property whereby one party is assured that a second (possibly unidentified) party actually has possession of particular secret key.
Explicit key authentication : the property obtained when (implicit) key authentication and key conformation hold.
Key authentication
Network Security Network Security Protocol 7
Authentication Summary
Authentication term Central focus
authentication Depends on context of usage
Entity authenticationIdentity of a party, and aliveness at a given instant
Data origin authentication Identity of the source of data
(implicit) key authenticationIdentity of party which may possibly share a key
Key conformationEvidence that a key is possessed by some party
Explicit key authenticationEvidence an identified party possesses a given key
Network Security Network Security Protocol 8
Authentication protocol : to provide to one party some degree of assurance regarding the identity of another with which it is purportedly communicating
Key establishment protocol : to establish a shared secret.
Authenticated key establishment protocol :to establish a shared secret with a party whose identity has been (or can be) collaborated.
Authenticated key establishment protocol
Network Security Network Security Protocol 9
Requirement for a SKC :
- random and long enough to deter a brute force attack.
- practical key size : AES : 128, 192, 256 bits
Key distribution in SKC
- For a network with n nodes, each nodes wish to talk securely to every other node. How many keys would this require?
n = 50 1,225 keys
n = 250 31,125 keys
Key Generation in SKC
2
)1(2
nnCn
Network Security Network Security Protocol 10
Key Generation in SKC
Solutions for key distribution in SKC : Key distribution center (KDC)
KDC stores keys for all nodes in the network
Each node in the network is configured with only one key
How does it work? 1) Alice KDC : request session key for Bob.
2) KDC B, A : send same session key
Network Security Network Security Protocol 11
Entity authentication and session key generation
Based on Needham-Schroeder protocol
Drawback– Bottleneck
– single point of failure
Kerberos : Key Generation in SKC
Network Security Network Security Protocol 12
Public key Cryptography - each entity : (public key, private key) pair.
- Certificate Authority(CA) :
- trusted third party : certifying the owner of a public key
- combine public key with entity’s identity.
- issue certificate = “Alice’s public key is Kwa” +
SignPCA( hash(“Alice’s public key is Kwa”))
- provide certificate verification service
Key Establishment in PKC
Network Security Network Security Protocol 13
Diffie-Hellman Key Exchange
xyxy gS key session Shared
Remember DHP !!!
Network Security Network Security Protocol 14
) (mod ng k
Man-in-the-middle attack against Diffie-Hellman
xpEA gS
kyBE gS
) (mod ng x
) (mod ng y
) (mod ng p
• Alice and Bob think they are talking each other.
• Eve impersonate Alice and Bob to Bob and Alice respectively.
)(mod ng p
Network Security Network Security Protocol 15
Static Diffie Hellman
- g, n is fixed,
- CA Alice :
- CA Bob :
Dynamic Diffie-Hellman
- g, n : ephemeral (established dynamically)
- CA Alice :
- CA Bob :
Enhanced Diffie-Hellman Key Exchange
Alice} n, mod{ xiCA gEK
Bob} n, modyiCA gEK {
Alice} n, mod,,{ xiCA gngEK
Bob} n, modyiCA gngEK ,,{
xyxyAB
xyyxAB gSKgSKAlice )( : Bob ,)(:
Network Security Network Security Protocol 16
RSA encryption
RSA
See the chap. 8 of handbook!!
Network Security Network Security Protocol 17
RSA signing
RSA
Network Security Network Security Protocol 18
PKCS#1
homomorphic property of basic RSA
RSA based cryptographic schemes
see [ this ] for security analysis
RSA based cryptographic schemes
Network Security Network Security Protocol 19
Authentication : the Process of verifying that a node or users is who they claim to be.
Usage in network : access control
Access control : primary defense mechanisms in network security and computer security.
Authentication Protocol
Network Security Network Security Protocol 20
Use the address of the node in the network.
MAC address or IP address
Allows only a preconfigured set of MAC or IP address to access the network.
Usually implemented in the switch or router
Loop holes : – Simple one-to-one mapping between a node and a user.
– So does not really authenticate the user
– Weak to MAC spoofing and IP spoofing attack.
Address-Based Authentication
Network Security Network Security Protocol 21
Storing <username, password> pair list in a file on the server machine.
– If the password file is compromised, all user passwords are compromised.
Machine store <username, hash(password)> pair– Even though the file is compromised, the passwords are still secure.
– But still open to dictionary attack.
Password for Local Authentication (Login)
Network Security Network Security Protocol 22
Human generated passwords– Come from a small domain– Easy to guess – dictionary attacks
Stronger passwords– Computer generated or verified– Not user friendly– Hard to remember
Insecurity of Passwords
Network Security Network Security Protocol 23
Eavesdropping. (Solution: encrypt the channel, e.g. using SSL or SSH.)
Offline dictionary attacks. – Attacker compute < word, hash(word)> pair list – Attacker get password file and search hash(password) in his
stored list.– (Solution: limit access to password file, use salt.)
< word, hash(word+salt), salt>
• Online dictionary attacks: Attacker guesses a username/password pair and tries to login. Real time.
• Case study : e-Bay user account hacking [ link ]
Possible attacks on passwords
Network Security Network Security Protocol 24
Countermeasures against online dictionary attacks
Username / pwd-1
Username / pwd-2
Username / pwd-5
Answer 2 (No)
Answer 1 (No)
Answer 5 (No)
Delayed answer
Account locked
Network Security Network Security Protocol 25
Risks of locking accounts
• eBay experiences dictionary attacks, but does not implement account locking.
• Denial of service attacks: To lock a user, try to login into his account with random passwords. (auctions, corporates…)
• Customer service costs: Users whose accounts are locked call a customer service center – impose call cost
Network Security Network Security Protocol 26
Password for network authentication differ from local login.
Hashed password can not be sent over the network.
Captured hashed password can be used for offline dictionary attack
Using Salt (transmit in plain text) still weak to offline attack.
Password for Network Authentication
Network Security Network Security Protocol 27
In a network authentication, use password for deriving shared keys to be used in challenge response system.
Key = part of hash(password)
One-way authentication using SKC
Authentication using SKC
Network Security Network Security Protocol 28
One-way Authentication using SKC-variation
Network Security Network Security Protocol 29
One-way Authentication using SKC-variation
Bob : state-less prevent Denial of Service(DoS) attack
timestamp : require time synchronization, not trivial in a
large network.
if stream cipher is used, 1 bit flip in the cipher text flips
1 bit in the plain text.
Eve may get an approximate time stamp by flipping the millisecond
bits.
Network Security Network Security Protocol 30
Authenticate each other.
(Reduced Massages)
Mutual Authentication using SKC
Network Security Network Security Protocol 31
Mutual authentication using SKC-Reflection Attack
How to prevent the reflection attack
(1) Unique format for each direction – even and odd challenge
(2) Different symmetric key for each direction
Network Security Network Security Protocol 32
Bob(server) saves (username, )
After one authentication, Bob sets raise to (m-1)
When m=1, reconfigure new password.
How to avoid new password reconfiguration when m=1
use salt with password
Lamport’s Hash
: (m-1) times hash of R1.
Network Security Network Security Protocol 33
One-way authentication Mutual Authentication
Key Database compromise does not compromise the security of the System.
Authentication using PKC
Network Security Network Security Protocol 34
SKC
(Advantages)– less computation intensive
– more resilient to DoS Attacks.
(Disadvantages)– Key database compromise security of whole system is compromised.
– Eve can collect < plaintext, ciphertext> pairs launch dictionary attack.
How to: Eve claims to be Bob and send challenge to A, then collect the cipher text for the challenge.
What to use for authentication : SKC or PKC?
Network Security Network Security Protocol 35
PKC
(advantages)–Key database compromise does not compromise the security of whole system
– dictionary attack is not applicable.
(Disadvantages)– computation intensive
– weak to DoS Attacks.
What to use for authentication: SKC or PKC?
Network Security Network Security Protocol 36
Instead of trying to break the authentication protocol, it circumvent it completely.
Cause : authentication result is not linked to the rest of the session.
Solution : Use authenticated key agreement protocol.
Session Hijacking
Network Security Network Security Protocol 37
SKC-based mutual authentication and key establishment
Needham Schroeder
Network Security Network Security Protocol 38
Kerberos
Network Security Network Security Protocol 39
[B. Pinkas] Securing Passwords against Dictionary attack
http://www.pinkas.net/PAPERS/pwdweb.pdf
[e-bay case] http://news.com.com/2100-1017-868278.html?tag=yt
Collin Boyd, Anish Mathuria, Protocols for Authentication and Key Establishment, Springer-Verlag
Evaluation of RSA cryptographic Schemes, http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1011_rsa.pdf
Resources