1 / 12

Lecture 9: Cryptographic Authentication

Lecture 9: Cryptographic Authentication. objectives and classification one-way secret key public key mutual secret key public key establishing session key. Authentication Objectives and Classification. Objectives Authentication (what was that again?) one-way mutual

barb
Download Presentation

Lecture 9: Cryptographic Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Lecture 9: Cryptographic Authentication • objectives and classification • one-way • secret key • public key • mutual • secret key • public key • establishing session key

  2. Authentication Objectives and Classification • Objectives • Authentication (what was that again?) • one-way • mutual • Immunity from attacks • efficiency: minimum number of messages exchanged • bootstrapping a session: establishing a session key • types of authentication • password authentication (authenticating humans or machines on their behalf) • what’s wrong with it? • cryptographic challenge-response • secret key • public key

  3. Secret Key One-Way problems • one-way authentication, • who is not authenticated? why is that a problem? • connection hijacking possible • dictionary attack possible if Trudy is eavesdropping (if KAB is derived from a password) • Bob stores key in clear • what is possible if Bob’s machine is broken into? I’m Alice a challenge R Alice Bob F(KAB,R)

  4. Secret Key One-Way: Variant advantages • can be used for mutual authentication, how? • replay attack possible if R’s lifetime is not limited problems • requires reversible cryptography • subject to dictionary attack, without eavesdropping, if R is recognizable I’m Alice KAB{R} Alice Bob R

  5. Secret Key One-Way: Timestamp Based • alternatively, with a hash function, send: I’m Alice, timestamp, H(KAB,timestamp) advantages • easy integration into password-sending systems • efficient: single message, stateless (what does that mean?) problems • clocks need to be synchronized, • extra protection against replay needed • if Alice uses same password to multiple servers, Trudy can authenticate to a different server if acts quickly • clock protection needed at Bob I’m Alice, KAB{timestamp} Alice Bob

  6. Secret Key One-Way: Timestamp Based • alternatively, with a hash function, send: I’m Alice, timestamp, H(KAB,timestamp) advantages • easy integration into password-sending systems • efficient: single message, stateless (what does that mean?) problems • clocks need to be synchronized, • extra protection against replay needed • if Alice uses same password to multiple servers, Trudy can authenticate to a different server if acts quickly • clock protection needed at Bob I’m Alice, KAB{timestamp} Alice Bob

  7. Public Key, One-Way I’m Alice where []A is Alice’s signature. Can this be done with encryption? problem • Trudy can get Alice to sign/decrypt any text he chooses, how? • why is decryption useful? solution • don’t use the same key for authentication and other purposes • give structure (formatting) (e.g. type field) to challenge so it cannot be mistaken for other things R Alice Bob [R]A

  8. Secret KeysMutual Authentication simple solution: run one-way authentication twice in reverse directions • can we save a message? problems with simple solution (to be explained next) • reflection attack • password guessing I’m Alice R1 F(KAB,R1) Alice Bob R2 F(KAB,R2)

  9. Reflection Attack I’m Alice, R1 Trudy opens two connections to Bob and reuses the results of the second connection to complete the first solutions: • use dissimilar keys for directions • format challenges • have initiator authenticate first (more next slide) R2, F(KAB,R1) Trudy 1stconnection Bob F(KAB,R2) I’m Alice, R2 2ndconnection Trudy Bob R3, F(KAB,R2)

  10. Dictionary Attack Against Mutual Authentication Trudy can obtain material for offline password guessing (no eavesdropping) by forcing Bob to encrypt her challenge Solution against dictionary and reflection attacks: I’m Alice R1 Alice Bob F(KAB,R1), R2 F(KAB,R2) password guessing is still possible if Trudy can impersonate Bob (considered harder)

  11. Mutual AuthenticationPublic Keys • [] – signature, {} – encryption • why does Alice sign R? • (minor) problem, • assume R is going to be used as conversation key,if Trudy records the conversation and, after the conversation is over, overruns Bob (breaks into Bob’s computer and learns his secrets), she can decode the conversation • why overrunning Alice won’t help? • we already know the solution, what is it? I’m Alice, [{R}B]A Alice Bob

  12. Establishing Session Key secret keys • knowing , KAB and R modify them in some way, ex: (KAB+1){R} (KAB+1){R} • why not KAB{R}? • KAB{R+1} ? public keys • send additional random nonces(a number that is used only once) {R}A , {R}B and use them to derive a session key.

More Related