1 / 26

Advanced Authentication in Software Engineering - CSE870 Course Overview

Explore key authentication protocols like Needham-Schroeder, Otway-Rees, Kerberos, and their applications in secure communication. Dive into class and state diagrams, commonalities, and additional requirements. Learn the ins and outs of authentication methods, potential problems, and effective key exchange. Develop a solid understanding of preventing replay attacks and the role of nonces. Discover the trust model behind each protocol and the importance of secure key generation. Enhance your knowledge with practical examples and applications in the field of software engineering.

billywest
Download Presentation

Advanced Authentication in Software Engineering - CSE870 Course Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. AuthenticationAdvanced Software Engineering (CSE870)Instructor: Dr. B. ChengContact info: chengb at cse dot msu dot edu Eduardo Diaz Dan Fiedler Andres Ramirez

  2. Road Map • Introduction to Authentication • Needham-Schroeder, Otway-Rees, Kerberos • Commonalities • Additional Requirements • Class Diagrams • State Diagrams • Conclusions

  3. Authentication • Meet: • Alice (Staff) • Bob (MISys)

  4. Authentication • Purpose • Key exchange. • Allow Alice to secretly communicate with Bob using a shared cryptographic key. • Methods • Private keys, shared keys, public keys… • Potential Problems • Trustworthy? • Safe handling of private keys?

  5. Needham-Schroeder • Alice Cathy: {Alice || Bob || rand1} • Cathy Alice: {Alice || Bob || rand1}Ksess || {Alice || Ksess}kbob}kalice 3. Alice Bob: {Alice || ksess}kbob 4. Bob Alice: {rand2}ksess 5. Alice Bob: {rand2 - 1}ksess

  6. Needham Schroeder • Motive? • Prevent replay attacks • A valid data transmission is retransmitted maliciously. • Nonces • Randomly generated numbers to identify exchanges. • Key idea: Cathy is trusted by Alice and Bob.

  7. Otway-Rees • Alice Bob: num || Alice || Bob || { rand1 || num || Alice|| Bob}kalice 2. Bob Cathy: num || Alice || Bob || {rand1 || num || Alice || Bob}kalice || {rand2 || num || Alice || Bob}kbob 3. Cathy Bob: num || {rand1 || ksess}kalice || {rand2 || ksess}kbob 4. Bob Alice: num || {rand1 || ksess}kalice

  8. Otway-Rees • Motivation • Needham-Schroeder assumes all cryptographic keys are secure… in practice generated pseudorandomly… but it can be predicted. • Num • Verify that num agrees through the exchanges. • Key Idea • Cathy is again the trustworthy element.

  9. Kerberos • Alice Cerberus: Alice || Barnum • Cerberus Alice: {kalice,barnum}kalice || Talice,barnum • Alice Barnum: Guttenberg || Aalice,barnum || Talice,barnum • Barnum Alice: Alice || {kalice,guttenberg}kalicebarnum || Talice,guttenberg • Alice Guttenberg: Aalice,guttenberg || Talice,guttenberg 6. Guttenberg Alice: {t+1}kalice,guttenberg

  10. Kerberos • What is T? • Talice,barnum = Barnum || {Alice || Alice Address || valid time || kalice,barnum}kbarnum • What is A? • {Alice || generation time || kt}kalice,barnum • Kt… not used.

  11. Kerberos • Motivation • Separate authentication of the user to ticket granting server and resource being requested. • 2 Servers • Authenticate first • Obtain ticket second • Key Idea: • Time windows • Separation of trusted parties

  12. Commonalities • Message Passing • Authentication Requests • Encryption / Decryption • Key Passing • … other than that, not much! • Each protocol has slight variants.

  13. Additional Requirements • Same as other groups plus: • Incorporate 2 design patterns • 1 must be a security design pattern • Strategy Design Pattern (encryption algorithms) • Single Access Point (entry and logging) • Instantiate the framework at MISys • At the whitebox level

  14. Whitebox Class Diagram

  15. N.S. Class Diagram

  16. O.R. Class Diagram

  17. Kerberos Class Diagram

  18. Whitebox Class Diagram-MISys

  19. State Diagrams, NS

  20. State Diagrams, N.S.

  21. State Diagram, O.R.

  22. State Diagram, O.R.

  23. State Diagram, Kerberos

  24. Graybox Class Diagram

  25. BlackBox Class Diagram

  26. Conclusions • Questions?

More Related