1 / 14

Fundamentals of Computer Security

Fundamentals of Computer Security. Authentication. Scenario. Two parties (Alice and Bob, again) share a key for use with some secure cryptosystem. Using that same key, Alice and Bob may execute many independent instances of an agree cryptographic authentication protocol.

stephanie-rokos
Download Presentation

Fundamentals of Computer Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Fundamentals of Computer Security Authentication CSCI 379 Fundamentals of Computer Security

  2. Scenario • Two parties (Alice and Bob, again) share a key for use with some secure cryptosystem. • Using that same key, Alice and Bob may execute many independent instances of an agree cryptographic authentication protocol. • Each instance or round of authentication terminates either as accepted or rejected. CSCI 379 Fundamentals of Computer Security

  3. Password-based Authentication A: this is Alice requesting login to Bob’s system B: mmkay, what is your password? A: “swiss cheese” B: all right, I believe you’re Alice; you’re logged in Question: What are the problems with this picture? CSCI 379 Fundamentals of Computer Security

  4. Cryptographic Techniques Alice and Bob share a secret (encryption key). A: this is Alice requesting login to Bob’s system B: challenge A: response • The challenge should be different over time. One could rely on: • time stamps • counter • nonce CSCI 379 Fundamentals of Computer Security

  5. Simple-minded Crypto Authentication N is a nonce generated by Bob; Ka is some key that Bob knows is associated with Alice (a shared key between Alice and Bob, or Alice’s public key); Ea(N) is the result of encrypting nonce N with Ka. Ea(N1) N1 Eb(N2) N2 two-way authentication Ea(N1) N1, Eb(N2) N2 two-way authentication with three messages CSCI 379 Fundamentals of Computer Security

  6. Attacks on Simple Crypto Authentication Ea(N1) N1, Eb(N2) N2 Known plaintext attack: (passive) Eavesdropping can lead to accumulating encryption tables, and even break the key. Chosen ciphertext attack: (active) The attacker chooses a message and sends to either Bob or Alice, who decrypts the message and sends it back to the attacker. The attacker doesn’t know the key, so it can’t fake the third flow, but it can accumulate knowledge about plaintext-ciphertext pairs for chosen ciphertext. The attacker can potentially recover the key faster this way. CSCI 379 Fundamentals of Computer Security

  7. Attacks on Simple Crypto Authentication E(N1) N1,E(N2) E(N2) N2, E(N3) N2 session abandoned Oracle session attack: Authentication can be broken without breaking the crypto key… Flaw exposed: The cryptographic messages used in each flow must be different from one another, that is, an attacker shouldn’t be able to use messages appearing in the second flow to derive, reconstruct, or fake messages needed for the third flow. CSCI 379 Fundamentals of Computer Security

  8. Attacks on Simple Crypto Authentication N1 E(N1), E(N2) N2 ISO SC27 N1 N1 E(N1), E(N2) E(N1), E(N2) N2 N2 Parallel session attack: The attacker can turn Alice into an oracle against herself. CSCI 379 Fundamentals of Computer Security

  9. Attacks on Simple Crypto Authentication N1 N1 E(N1), E(N2) E(N1), E(N2) N2 N2 Parallel session attack: The attacker can turn Alice into an oracle against herself. Flaw exposed: There was no attempt at establishing session security. The crypto expression used in the second message must be asymmetric (direction dependent). CSCI 379 Fundamentals of Computer Security

  10. Systematic Derivation of a Minimal Protocol CSCI 379 Fundamentals of Computer Security

  11. Design Requirements for an Authentication Protocol • Nonce based. • Resistant to common attacks. • Usable at any layer of network architecture (small messages). • Usable at any processing base (few computations). • Using any cryptographic algorithm (symmetric key or public key). • Exportable (it’s easier to license authentication than confidentiality). • Extensible. CSCI 379 Fundamentals of Computer Security

  12. Canonical Protocol (1) N1 (2) N2, u(K1, N1, …) (3) v(K2, N2, …) Resistance to replay attacks: nonces are used. Resistance to oracle session attacks: the functions u() and v() must be different from one another. No restriction on crypto system: this would work with either symmetric or public key systems. Resistance to parallel session attacks: asymmetric crypto based on the direction of flows. That is, we can make u() = E(p(N1, D, …)) (D stands for anything that can reflect the direction of the flow, e.g. the sender’s address) and v() = E(q(N2, …)). Small cryptographic messages: (limit message size) mutual authentication is achieved with three small messages, which need not be sent in network packets of their own. The messages can be piggybacked onto connection requests, confirmations, etc. CSCI 379 Fundamentals of Computer Security

  13. Canonical Protocol (1) N1 (2) N2, E(f(N1, N2, D, …) # E(g(N1, N2, D, …)) (3) E(g(N1, N2, D, …)) Few cryptographic operations: any peer authentication requires at least two cryptographic expressions (one in each direction). The protocol above uses exactly two crypto operations. The same expression compute to produce or verify flow (2) is used in flow (3), so it can be computed only once. Resistance to inverleaving attacks: one would still need to test the protocol’s resistance to interleaving. Refer to the paper by Bird et al. “Systematic Design of a Family of Attack-Resistant Authentication Protocols”. CSCI 379 Fundamentals of Computer Security

  14. References • Systematic Design of a Family of Attack-Resistant Authentication Protocols. Bird et al.IEEE Journal on Selected Areas in Communications. 11: 679-693. 1993. • Fundamentals of Secure Computer Systems, Brett Tjaden. Franklin, Beedle & Associates, 2003. CSCI 379 Fundamentals of Computer Security

More Related