1 / 32

Chapter 30

Chapter 30. Message Security, User Authentication, and Key Management. Message Security It involves confidentiality, integrity, authentication and finally non-repudiation. User Authentication It means verifying the identity of the person or process that wants to communicate with a system.

jola
Download Presentation

Chapter 30

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Chapter 30 Message Security,User Authentication,and Key Management

  2. Message Security It involves confidentiality, integrity, authentication and finally non-repudiation. User Authentication It means verifying the identity of the person or process that wants to communicate with a system. Key management It involves the distribution of symmetric keys and the certification of the public keys. Applications of Cryptography

  3. Message security • Privacy means that the sender and the receiver expect confidentiality. The transmitted message must make sense to only the intended receiver. To all others, the message must be unintelligible. • There are two methods to achieve the privacy • Privacy with Symmetric–Key Cryptography • Privacy with Public–Key Cryptography

  4. Key is shared between the interested parties. Privacy with Symmetric–Key Cryptography

  5. Achieve privacy using public-key encryption. There are two keys: a private key and a public key. The private key is kept by the receiver. Problem: Verification of the owner (Owner must be verified or certified) Privacy using public-key encryption

  6. Message Authentication: Receiver needs to be sure of the sender’s identity and that an imposter has not sent the message. Using Digital signature. Integrity: Data must arrive at the receiver exactly as they were sent. Using Digital Signature. Non-repudiation: Receiver must be able to prove that a received message came from a specific sender. The sender must not be able to deny sending a message that he or she, in fact, did send. The burden of proof falls on the receiver. Message Security (cont.)

  7. Digital Signature • Authentication, integrity and non-repudiation is provided using digital signature. Privacy is not provided by digital signature. • When sending a document electronically: • Sign the whole document. • Sender uses her private key to encrypt (sign) the message. • Receiver uses sender’s public key to decrypt the message. • Integrity: If the intruder intercepted the message and partially or totally changed it & encrypt using its key, the decrypted message would be unreadable by receiver. • Authentication: If intruder sends a message, he has to encrypt the message using his private key. The receiver when decrypt the message using actual sender’s public key, the message will become unreadable. • Non-repudiation: Receiver can save the message and then prove that the message could be encrypted and decrypted using sender’s private and public key. Since only the sender knows her private key, she cannot deny sending the message.

  8. Using a public key to sign the entire message is very inefficient if the message is very long. Sign a digest (condensed version) of the document. Sender creates a digest of the message using the hash function. The hash function creates a fixed-size digest from a variable-length message. Two common hash functions: MD5 (Message Digest 5) – Produces 120-bit digest SHA-1 (Secure Hash Algorithm 1) – Produces 160-bit digest Two properties of hash functions: Hashing is one-way; digest can only be created from the message, not vice versa. Hashing is a one-to-one function; there is little possibility that two messages will create the same digest. Signing the Digest

  9. After the digest has been created, it is encrypted (signed) using the sender’s private key. The encrypted digest is attached to the original message and send to the receiver. Receiver receives the original message and the encrypted digest. He separates the two. Applies hash function to the message to create a second digest. Decrypts the received digest using the public key of sender. If the two digests are same, then all three security measures are preserved.

  10. How about the security of the message: Digest has not been changed (integrity), and the digest is a representation of the message. So the message has not been changed (remember, it is improbable that two messages create the same digest). Integrity has been provided. Digest comes from the true sender, so the message also comes from the true sender. If an intruder had initiated the message, the message would not have created the same digest (it is impossible that two messages create the same digest). The sender cannot deny the message since she cannot deny the digest; the only message that can create that digest, with a very high probability, is the received message.

  11. Verifies the identity of one entity for another. An entity can be person, a process, a client, or a server. In message authentication, the identity of the sender is verified for each single message. In user authentication, the user identity is verified once for the entire duration of system access. User Authentication

  12. First approach Alice sends her identity and password in an encrypted message, using the symmetric key KAB. The intruder cannot decipher the password or the data because he does not know KAB. If the intruder has interest in the data message sent, he can intercept both the authentication and data messages, store them, and resend them later to the receiver. Receiver has no way to know that this is a replay of a previous message. There is nothing in this procedure to guarantee the freshness of the message. Replay attack: Intruder can send the same request twice after interrupting it. Authentication using a symmetric key

  13. Authentication using a symmetric key

  14. Second Approach: Using a nonce To prevent replay attack, add something to distinguish a fresh authentication request from a repeated one. [Nonce] Nonce is a large random number that is used only once, a one-time number. Receiver uses Nonce [RB] to challenge the sender, to make sure that sender is authentic and that someone is not impersonating the sender. Authentication Procedure: Alice sends her identity. Bob challenge Alice by sending Nonce, Bob needs to respond with nonce RB in plaintext. Alice responds to this message by sending back the nonce and encrypting it using the symmetric key.

  15. Second Approach: Using a nonce

  16. Alice sends identification and nonce to Bob. Bob responds with its own nonce and also responding to the nonce it received. Alice responds to the nonce it received. Alice and Bob use a different set of nonce for different sessions and do not allow multiple authentications to take place at the same time. If not, reflection attack is possible. Bidirectional Authentication

  17. Sender can encrypt the message with its private key and let Receiver use Sender’s public key to decrypt the message and authenticate the sender. An intruder can announce its public key to the receiver in place of sender. Intruder can then encrypt the message containing a nonce with its private key. Receiver decrypts it with intruder’s public key, which he believes is Sender’s. An intruder can fool the receiver. Verification of Sender’s key is needed. User authentication with public-key cryptography

  18. How symmetric keys are distributed and how public keys are certified. Symmetric key distribution If n people want to communicate with one another, there is a need for n(n-1)/2 symmetric keys. If n is large, number of keys needed will be very huge. In a group of n people, each person must have and remember n-1 keys, one of every other person in the group. How can two parties securely acquire the shared key? It cannot be done over phone or Internet; these are not secure. Symmetric key between two parties is useful if it is used only once; it must be created for one session and destroyed when the session is over. Key Management

  19. Diffie-Hellman Method One-time session key for two parties. Session key needed not be stored or remembered. Parties do not have to meet to agree on the key, it can be done through the Internet. Pre-requisite Two parties choose two numbers N and G N is a large prime number with restriction that (N-1)/2 must also be a prime number. G is also a prime number. These numbers are not confidential and so they can be shared via Internet or made public

  20. Figure 30.11Diffie-Hellman method • x and y are large random numbers. • The symmetric (shared) key in the Diffie-Hellman protocol is K = Gxy mod N. • Knowing N and G, to find x and y is very difficult for the intruder. But intruder can have a key between her and Alice and the another key between her and Bob. This is called as man-in-the-middle attack.

  21. Example 2 Assume G = 7 and N = 23. The steps are as follows: 1. Alice chooses x = 3 and calculates R1 = 73 mod 23 = 21. 2. Alice sends the number 21 to Bob. 3. Bob chooses y = 6 and calculates R2 = 76 mod 23 = 4. 4. Bob sends the number 4 to Alice. 5. Alice calculates the symmetric key K = 43 mod 23 = 18. 6. Bob calculates the symmetric key K = 216 mod 23 = 18. The value of K is the same for both Alice and Bob; Gxy mod N = 718 mod 23 = 18.

  22. Figure 30.12Man-in-the-middle attack • Intruder comes in between and intercepts R1, sent by Alice to Bob, and R3, sent by Bob to Alice. It is also known as a bucket brigade attack because it resembles a short line of volunteers passing a bucket of water from person to person.

  23. Figure 30.13First approach using KDC • As R1 and R2 are send as plaintext it could be intercepted by any intruder. • How to encrypt R1 and R2 while they are used to get the symmetric key? • Solution is trusted third party, a source that both Alice and Bob can trust. This idea is behind a key distribution center (KDC). • Alice and Bob are both clients of the KDC. Alice has established one symmetric key between herself and the center in a secure way, such as going to the center personally. We call Alice’s symmetric key KA. Bob has done the same; we call his symmetric key KB.

  24. First Approach Using a KDC Step 1: Alice sends a plaintext message to the KDC to obtain a symmetric session key between Bob and Herself. The message contains her registered identity (the word Alice) and the identity of Bob (the word Bob). This message is not encrypted; it is public. KDC does not care. Step 2: KDC receives the message and creates what is called a ticket. The ticket is encrypted using Bob’s Key (KB). The ticket contains the Alice and Bob identities and the session key (KAB). The ticket with a copy of the session key is sent to Alice. Alice can decrypt it and get the session key. Step 3: Alice sends the ticket to Bob. Bob opens the ticket and knows that Alice needs to send messages to him using KAB as the session key. Sending data: After the third step, Alice and Bob can exchange data using KAB as a one-time session key.

  25. Figure 30.14Needham-Schroeder protocol • This protocol uses multiple challenge-response interactions between parties to achieve a flawless protocol. Four different nonces: RA, RB, R1, and R2.

  26. Figure 30.15Otway-Rees protocol • R is a common nonce. Ticket sent by Alice to Bob is meant for KDC.

  27. In public-key cryptography, everyone has access to everyone’s public key. If Bob sends his public key to Alice, How to prevent an intruder from capturing Bob’s pubic key and send her own public key to Alice? Certification Authority [CA]: Bob wants people to know his public key. Bob wants no one to accept a public key forged as Bob’s. CA binds a public key to an entity and issues a certificate. CA has a well-known public key itself that cannot be forged. CA verifies Bob using picture or whatever. CA gets Bob’s public key and writes it on the certificate. To prevent the certificate from getting forged, CA creates a message digest from the certificate and encrypts the message digest with its private key. Public-key certification

  28. Now Bob uploads the certificate as plaintext and the encrypted message digest. Anybody who wants Bob’s public key downloads the certificate and the encrypted digest. A digest can be created: From the certificate And also by decrypting the encrypted digest using the CA’s public key. If the two digests are equal, the certificate is valid and no imposter has posed as Bob. X.509: To maintain universal format for public keys.

  29. Table 30.1 X.500 fields

  30. Figure 30.16PKI hierarchy • At the first level, we can have a root CA that can certify the performance of CAs in the second level; these level-1 CAs may operate in a large geographic area or logical area. The level-2 CAs may operate in smaller geographic areas. • In this hierarchy, everybody trusts the root. But people may or may not trust intermediate CAs. • If Alice needs to get Bob’s certificate, she may find a CA somewhere to issue the certificate. But Alice may not trust that CA. In a hierarchy Alice can ask the next-higher CA to certify the original CA. The inquiry may go all the way to the root.

  31. Figure 30.17Kerberos servers • Kerberos is an authentication protocol, and at the same time a KDC, that has become very popular. Originally, developed by MIT. Latest version is version 5. • Three servers are involved in Kerberos protocol: • Authentication Server (AS), Ticket-Granting Server (TGS), Real (data) server that provides services to others. • AS: Each user registers with the AS and is granted a user identity and a password. The AS has a database with these identities and the corresponding passwords. • TGS: Issues a ticket for the real server (Bob). Alice verifies her ID just once with AS, she can contact TGS multiple times to obtain tickets for different real servers. • Real Server: Real server (Bob) provides services for the user (Alice).

  32. Figure 30.18Kerberos example • Ks = Session key. • KTG = TGS Symmetric key. • In step 2, Alice does not know KA, but when the message arrives, she types her password.The password and the appropriate algorithm together create KA if the password is correct. • T = Timestamp. This presents a replay by intruder. • For different servers, repeat the last four steps only. • Version 5: longer lifetime, tickets can be renewed, accept any symmetric-key algorithm, uses a different protocol for describing data types, has more overhead than version 4.

More Related