1 / 70

Some Issues in Network Security Authentication, Fair Exchange and Intrusion Detection

Some Issues in Network Security Authentication, Fair Exchange and Intrusion Detection. Department of CSIE National Chiayi University Chia-Yi Taiwan R.O.C. Chih-Hung Wang. Agenda. Introduction Network Authentication Password Authentication Human Identification Fair Exchange/Payment

hung
Download Presentation

Some Issues in Network Security Authentication, Fair Exchange and Intrusion Detection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Some Issues in Network SecurityAuthentication, Fair Exchange and Intrusion Detection Department of CSIE National Chiayi University Chia-Yi Taiwan R.O.C. Chih-Hung Wang Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  2. Agenda • Introduction • Network Authentication • Password Authentication • Human Identification • Fair Exchange/Payment • Payment Systems • Fair Exchange/Payment Protocols • Intrusion Detection • IDS • A New Approach: Honeypot Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  3. Introduction —Authentication • Authentication • Message Authentication • Message Authentication Code (MAC) • Digital Signature • User Authentication • Direct • Fingerprint • Voice • Retina • Indirect • Password • Human Identification Scheme • Key Distribution Protocol Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  4. Signer’s Public Key Signer’s Private Key Signature Signer Recipient Verify the signature Introduction—Digital Signature • Digital Signature Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  5. Introduction —Security Issues in Authentication • Identification (Password Authentication) • Authentication Service • Kerberos (Authentication & Key Distribution) • PKI (Certificates Authority) • Communication • SSL • Payment System and Commerce • SET Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  6. Authentication & Key Distribution Client Browser Certificate HTTP Server certificate Introduction—Authentication • SSL Handshake Protocol Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  7. Internet Merchant Cardholder Internet Certificate Authority Issuer Payment network ……. Payment gateway Acquirer Introduction—Authentication • SET Protocol Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  8. 2. AS verifies user’s Access rights in database, creates ticket-granting ticket and session key. Results are encrypted using key derived from user’s password. Once per user logon session 1. User logs on to workstation and requests service on host Kerberos (1)Request ticket-granting ticket Authentication Server (AS) (2)Ticket + session key (3)Request service-granting ticket (4)Ticket + session key Ticket-granting Server (TGS) Once per user service session 3. Workstation prompts user for password and uses password to decrypt incoming message, then sends ticket and authenticator that contains user’s name, network address, and time to TGS. 4. TGS decrypts ticket and authenticator, verifies request, then creates ticket for requested server (5)Request service (6)Provide server authenticator 6. Server verifies that ticket and authenticator match, then grants access to service. If mutual authentication is required, server returns an authenticator 5. Workstation sends ticket and authenticator to server Introduction—Authentication • Three Party KDP: Kerberos Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  9. Introduction —Fair Exchange • One-line TTP fair payments • BuySafe. http://www.buysafe.com.tw Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  10. Part I Network Authentication Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  11. Authentication & Identification • Password Authentication • Sending Plain-Password through an insecure channel Packet Sniffing Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  12. Authentication & Identification Packet Sniffing Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  13. Authentication & Identification • Password Authentication • Encrypt password • Suffer from replay attack where the intruder intercepts the encrypted password and re-sends it to the server Replay EK(PW) EK(PW) Intercept User Server Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  14. (1) EPK-S{Connect, T_id} Server Terminal (2) EPK-T{“User Name:”} (3) EPK-S{User-ID} (4) EPK-T{“Password:”, Timestamp} (5) EPK-S{User-Password, Timestamp_U} Timestamp_U =? Timestamp Authentication & Identification • Password Authentication with Timestamp Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  15. Authentication & Identification • Human Identification Scheme • Password Authentication in an insecure channel Peeping attack Network Verifier Intercept Replay attack Prover Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  16. Current News (Peeping Attack) Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  17. Authentication & Identification • Password Authentication with Encryption • Avoid intercept attack • Password Authentication with Timestamp • Avoid replay attack • Challenge-Response Protocol • Avoid intercept, replay & peeping attacks Question Answer Verifier Prover Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  18. Human Identification • Users can identify themselves to a host via insecure channels without any help of auxiliary devices. • The computational complexity of identification process for the end users must be bounded to the human ability of memorizing and computations. Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  19. Human Identification • Previous Works • Matsumoto & Imai [Eurocrypt’91] • Wang, Hwang & Tsai [Eurocrypt;95] • A simple example • W: window alphabets; SW: secret words q= 8 5 1 7 3 6 4 2 W={1,2,4,6} SW=3124 A={1,2,3,4} Verify a。f=SW a= 3 1 2 1 3 4 2 4 |Q|=8 |W|=4 |A|=4 Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  20. Human Identification • General Case • Prover selects at least  distinct question blocks randomly and uniformly out from  blocks to generate the answer • Ex: |Q|=36 |W|=18 |A|=2 =10=20 …  Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  21. Human Identification • Security • Known-A random attack Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  22. Human Identification • Our attack • Passive attack • Password can be revealed in trials q= 8 5 1 7 3 6 4 2 a= 3 1 2 1 3 4 2 4 Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  23. Human Identification • Theorem1 Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  24. Human Identification • Replay Challenge Attack q= 8 5 1 7 3 6 4 2 a1= 3 1 2 1 3 4 2 4 Not Change a2= 3 2 1 1 4 3 2 4 Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  25. Human Identification Lemma 1: Let a and a’ be two distinct answer blocks of the same question q. If there exists an i, i<|Q|>, such that a(i) a’(i), then qW Theorem 2: The window W of Matsumoto and Imai human identification scheme with ==1 can be found in expected trials if an intruder replays the same question one time. Corollary 1: Similar to theorem 2, an intruder can found the window W in expected trials if an intruder replays the same question n time Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  26. Human Identification • Case 1: |Q|=36 |W|=18 |A|=2 ==1 • Case 2: |Q|=50 |W|=10 |A|=3 ==1 Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  27. Part II Fair Exchange/Payment Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  28. Fair Exchange/Payment • Fair payments/exchange • Two parties (buyer and merchant) exchange the electronic items in the network to each other in a fair manner • No one can gain an advantage over the other even if there are malicious actions in exchanging process • Bit by bit (simultaneously) exchange • On-line TTP (Trusted Third Party) • Off-line TTP Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  29. Fair Payment • Off-line TTP • TTP need to participate in the exchange protocols only when the faults occur • Always able to solve the disputes Normal case Dispute TTP Soft goods negotiate $ Soft goods Merchant $ Merchant Buyer Information Security Lab., CSIE, NCYU, Taiwan, R.O.C. Buyer

  30. Fair Payment Using Confirmation Signatures • Boyd and Foo 1998 Asiacrypt’98 • Convertibility • Payment • C -> M : S(m) • C <-> M: M verifies interactively that S(m) is valid • M -> C : EC(Goods) • C -> M : SigC(m) Confirmation signatures • Dispute • M -> TTP: SigM(S(m), ETTP(Goods)) • TTP converts S(m) to SigC(m) • TTP -> M : SigC(m) • TTP -> C : EC(Goods) C: customer M: merchant m: purchase information Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  31. Fair Payment Using Confirmation Signatures • Non-transferability • Untraceable payments • Protect the privacy of payment behavior • Payment • C -> M : S(m) • C <-> M: M verifies interactively that S(m) is valid • M -> C : EC(Goods) • C -> M : SigC(m) Confirmation signatures with limited verifiers General signatures with limited verifiers Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  32. Undeniable Signatures • Undeniable Signatures • Chaum et al. 1989 • Require the signer’s cooperation to verify the validity of the signature • Non-transferability • Example • The signer may sign a terrible secret and fear that his enemies will find out he said this secret • Software protection Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  33. Undeniable Signatures • Undeniable Signatures • In many applications, the proliferation of certified copies could facilitate improper uses like blackmail or industrial espionage Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  34. Designated Confirmer Signatures • Designated confirmer signatures • Chaum 1994 Eurocrypt’94 • Eliminate the shortcoming of the undeniable signature in that the signature can only be verified by cooperating with the original signer • For many applications, the protection of undeniable is to week Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  35. Designated Confirmer Signatures • Signer’s cooperation • If the signer should become unavailable, such as should refuse to cooperate, then the recipient cannot make use of the signature Refuse to cooperate or be absent Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  36. DCS Protocol Design (1/2) • Signing Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  37. DCS Protocol Design (2/2) • Confirmation Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  38. Confirmer Signatures with Limited Verifiers • Malicious confirmer • The confirmer may prove the correctness of the signature to the signer's adversaries • New Approach • The signer pre-determines some verifiers whom the confirmer can convince later confirmer Other verifiers signer Pre-determined verifiers Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  39. Confirmer Signatures with Limited Verifiers • Definition • Let (S, C) be a designated confirmer signature which is signed by S and can be confirmed by C. We say that (S, C,{V_i, i=1, … , n}) is a designated confirmer signature with limited verifiers if C can only convince the verifiers {V_i, i=1, … , n} whom the signer S pre-determined. • Publication • C. H. Wang and Y. C. Chen. Limiting Verifiers in Designated Confirmer Signatures. Proceedings of the Eleventh Information Security Conference, Tainan, R.O.C., pp. 67-73, May 3-4, 2001. Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  40. Multiple Confirmers Signatures Schemes • For very large network: (t, n) threshold multiple confirmers signatures scheme • One confirmer may create both performance and security bottlenecks • Increasing the availability and security Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  41. Fair Payment with Electronic Cash • Asiacrypt’2003 C.H. Wang Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  42. Fair Payment with Electronic Cash • Our contributions (1/2) • Previous works of fair exchange are not really suitable for many applications on network payments because they are only used to exchange the confidential data or signatures. • Many payment applications need to protect the buyer's purchase privacy, which has never been considered in the previous papers. • In our view, a complete solution for fair payment should contain payment actions, such as electronic cash or network credit card method, instead of simply signing the purchase information. Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  43. Fair Payment with Electronic Cash • Our contributions (2/2) • Propose a generic model for real fair network payments. • Apply a subtle tool of Restrictive Confirmation Signature Scheme (RCSS) to achieve the property of untraceability. • Design a new technique of pseudo e-coin to achieve fairness of exchanging the electronic cash. • Demonstrate how to construct a practical and efficient fair network payment protocol based on the Brands' e-cash scheme [Bra93b]. Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  44. The Basic Model • Four parties involved in the protocol • Three procedures similar to a general e-cash • Withdrawal • Payment • Dispute • Deposit Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  45. Definition of RCSS • Definition 1: Restrictive Confirmation Signature Scheme (RCSS) Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  46. can not confirm confirmation Signing and verification The Concept of RCSS Confirmer Signer predetermined by the signer Verifiers Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  47. Obtains the electronic coins Blind signature Main Procedures • Withdrawal Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  48. Main Procedures • Payment Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  49. Main Procedures • Payment • Pseudo e-coins • In step 3, The merchant can gain a conviction that he can prove the validity of to TTP and ask TTP convert the pseudoe-coins into true e-coins if some faults occur. Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

  50. Main Procedures • Dispute • The buyer may refuse to send the true e-coins to the merchant after he receives the valid goods. TTP Information Security Lab., CSIE, NCYU, Taiwan, R.O.C.

More Related