1 / 0

Authentication (chapter 31)

Authentication (chapter 31). How do you know that who you connect to is who they say they are? If you access an important document on-line, how can you tell it has not been tampered with after it was posted?. Examples:. business site posts a document identifying who they are.

magda
Download Presentation

Authentication (chapter 31)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Authentication (chapter 31) How do you know that who you connect to is who they say they are? If you access an important document on-line, how can you tell it has not been tampered with after it was posted?
  2. Examples: business site posts a document identifying who they are. Consulting firm posts a report on a web site. Accounting firm stores ledgers. How do you know these documents are authentic and have not been altered “after the fact”? How do you protect against an unauthorized change? For example what if I download the business document, put my name in it, and put it on my web site so that I can get someone to send me their credit card information?
  3. Figure 31.1 Security services related to the message or entity
  4. Confidentiality – 31.2 Both sides need to exchange information confidentially. Session key: encryption key used only for the duration of a session. New one negotiated with each session
  5. If A and B both have a public key, each can encrypt using the other’s public key. Each can decrypt using their private key. If ONLY B has a public key, A can choose a session key A can encrypt it using B’s public key B can decrypt it (using its private key) to get the key If neither has a public key Diffie-Hellman
  6. Message integrity – 31.3/31.4 Once a message (document) is created, how can we tell if it’s been altered later? Alice posts a will online leaving everything to Fred. Bob accesses that document and inserts his name in place of Fred. or Someone intercepts an email you sent, changes it, and delivers it – with your name still attached!!
  7. Given a document Calculate a value that depends on the document’s contents similar to error detection-CRC or checksum Store that value on the document. If the document changes, so does the value. Of course, any one smart enough to change the document will also change the value, so we need a little more.
  8. Fingerprint (sometimes thumbprint) M….document; H…hash function calculate H(M) - also called the message digest This is a value dependant on M’s contents. H is a very special function that (in theory) will yield a different value for every possible M. That is, no two M’s result in the same digest. Mathematicians call this a one-to-one function. Hard to achieve in practice, but much thought goes into H.
  9. Let Dk’ represent a private key decryption algorithm Calculate Dk’(H(M)) and append that value to the document or send it independently of a message. Dk’(H(M)) is the fingerprint or thumbprint.
  10. To verify integrity of a document Independentlycalculate M’s digest value. apply Ek to the document’s fingerprint. That is, calculate Ek(Dk’(H(M))) – Ekis the public key encryption algorithm. Compare the values from the two steps above. If they don’t match, the document has been tampered with.
  11. Question What if a tamperer alters a document and simply creates a new fingerprint? Answer Since the fingerprint is calculated using the originator’s private key, this should be impossible Or, at least, nearly impossible. The tamperercould use his/her own private key, but then it would not be consistent with the originator’s public key.
  12. Question Could we change M but keep the fingerprint the same? If you change M to M’, what are the odds that H(M)=H(M’)? This would allow undetectable tampering of a document. This should be impossible. In practice, nearly impossible usually works. In such cases, M cannot be changed without detection. H must be chosen carefully In theory, we want: if M changes so will H(M) and, consequently, Dk’(H(M))
  13. Properties of H Must not be able to find a message with a given digest value. At least, it must be very difficult. The author calls thisone-wayness.
  14. Why? Alice sends a message to Bob promising to pay $20, calculates and stores the fingerprint. Bob encrypts the fingerprint to get the digest value and finds a way to change the message promising to pay $2000 and which has the same digest value, hence same fingerprint. Bob changes the message he got from Alice. Since the digest value is the same, the message will pass as being valid.
  15. Weak collision Given a message and digest, it is difficult to produce another message with the same digest value Strong collision Cannot find two messages that generate the same digest value. A little different from above since the digest value is not specified.
  16. hash algorithms: MD5 algorithm By Ron Rivest 128-bit digest value RFC 1321 Not collision resistant
  17. SHA-1 - Secure Hash Algorithm NIST FIPS (Federal Information Processing) Standard Standards for 256, 384, 512-bit values Details involve dividing message into blocks and performing all kinds of bit-level operations - ANDs, shifts, ex-ors, etc.
  18. Birthday attack Given n people what is the probability that two have the same birthday? Surprisingly, If n=23, probability ~ 0.5. Alternative question: given k random nos between 1 and N what is probability any two are the same.
  19. More formally! Let {x1, … , xk} and {y1, … , yk} be 2 sets of random numbers < 2m. If k=2m/2, then the probability that some xi = some yi ~ 0.5 If m=20, random nos are between 1 and 220 (around one million); k ~ 1000; If m=10, 2m = 1024 and k=32. Theorem: given k random nos between 1 and n what is probability all are distinct?
  20. if n = 365, get
  21. Application: Prepare correct document and a false document Define variations by using synonyms or extra spaces If there are 32 places where substitutions can be made then there are 232 variations of each document
  22. If H(M) = 64-bit number, there is a 50-50 chance that a valid and false document provide the same message digest. i.e. they are indistinguishable If H(M) is a 128-bit number then you need 264 versions of each for a 50-50 chance of a match. NOTE: 264 ~ 1019 (210 ~ 103)
  23. How big is 1019? One year has 365*24*60*60  31536000  3.15*107 seconds. Age of the universe: about 15 billion = 15*109 years (or 4.73 * 1017 seconds) since the big bang. 1019 seconds about 20 times the number of seconds that have elapsed since the big bang.
  24. Digital Signature – 31.5 A has a legal document, an ID (code), and a public/private decryption algorithm and key. It calculates Dk’(ID) and stores it on the document. A gives B the document. After applying Ek(Dk’(ID) ), B has A's ID. (Remember, Ek is public.) Later, B tries to hold A to the terms of the document.
  25. A says: "I never saw the document." B says: "You signed it." A says: "it's not my signature." B sues and calls an arbiter:
  26. B produces Dk’(ID) and ID to arbiter who applies Ek to independently get ID. Arbiter decides only the sender (A) can possibly know Dk’ and concludes the signature is that of A.It's similar to calling a handwriting analyst to provide testimonyin court. Assumes, of course, that no one has stolen k' from A nor has A given it to anyone.
  27. Outlook Digitally sign all messages Click the File tab. Click Options. Click Trust Center. Click Trust Center Settings. On the E-mail Security tab, under Encrypted Mail, select the Add digital signature to outgoing messages check box. You must have a certificate containing a digital ID.
  28. Following the previous steps there is a button to Get a digital ID You will be directed to [http://office.microsoft.com/en-us/providers/digital-id-HA001050484.aspx]
  29. Someotherreferences http://computer.howstuffworks.com/question571.htm http://www.rsa.com/rsalabs/node.asp?id=2182
  30. Entity authentication – 31.6 Passwords Change frequently Keep secure (don’t put on post-it notes taped to your monitor) Don’t use common words
  31. Can write a program that can find the password of an account if it is in the dictionary. example /etc/passwd file contains a list of accounts. /etc/shadow file contains a list of passwords encrypted using the Linux crypt command. Need root privilege to see this /usr/share/dict/linux.words contains a list of dictionary words
  32. Logic: copy part of /etc/shadow to a local shadow file (need root privilege to do this) Loopthrough the dictionary words encrypt each using the linuxcrypt command, and check whether it exists as a substring on the shadow file. Program: decrypt.c.
  33. Key Management – 31.7 I will skip most of 31.7 but will expand on X.509 certificates when covering SSL in the next chapter
  34. Summary and overview http://csrc.nist.gov/groups/ST/toolkit/index.html
More Related