authentication protocol n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Authentication Protocol PowerPoint Presentation
Download Presentation
Authentication Protocol

Loading in 2 Seconds...

play fullscreen
1 / 32

Authentication Protocol - PowerPoint PPT Presentation


  • 201 Views
  • Uploaded on

Authentication Protocol. Yuan Xue. Authentication Basics. Terms Authentication vs. integrity Message authentication = data integrity Source authentication non-repudiation Authentication is the process of reliably verifying the identity of someone (or something)

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Authentication Protocol' - sarah-jacobs


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
authentication basics
Authentication Basics
  • Terms
    • Authentication vs. integrity
    • Message authentication = data integrity
    • Source authentication
    • non-repudiation
  • Authentication is the process of reliably verifying the identity of someone (or something)
    • A computer authenticates another computer
    • A computer is authenticates a person
      • User’s secret must be remembered by the user
  • Secure communication
    • Initial authentication handsake 

Integrity protection and/or encryption of the data

key

authentication approaches
Authentication Approaches
  • Password-based
  • Address-based
  • Cryptographic
  • Other approaches

Basic Guideline

  • What you know
  • What you have
  • Who you are
password based authentication
Password-Based Authentication
  • Authentication based on what you know
  • Pro
    • Easy to use
  • Con
    • Insecure: Eavesdropping
    • Solution combine with cryptography-based
  • Storing user passwords
    • Password can not be stored in cleartext
    • Store hashes of the password
    • Store encrypted version
  • Password guessing
    • Online vs. offline

I’m Alice, my passwd is 123456

Bob

Alice

address based authentication
Address-based Authentication
  • Authentication based on where you are
    • Infer the identity of the source based on the network address
  • Example
    • IEEE Xexplore/ACM DL
    • Unix rtools
  • Pro
    • Easy to use
    • Transparent to end user
address based authentication1
Address-based Authentication
  • UNIX Berkeley rtools
    • Computer B has a list of network addresses of “equivalent machines”
      • If A is listed, then any account on A is equivalent to the same account name on B
    • Computer B has a list of <address, remote account, local account>
      • E.g. <A, Alice, Bob>, then request from A with name Alice will be authorized with account Bob
address based authentication2
Address-based Authentication
  • In UNIX, hosts.equiv and .rhosts files list hosts and users that are trusted by the local host when a connection is made using the rshd service
  • A global file /etc/hosts.equiv contains trusted remote hosts.
  • In each user’s home directory, a per-user .rhosts file contains host-user pairs.
address based authentication3
Address-based Authentication
  • File format
    • hostname [username]
    • + anyhost/user
  • Example hosts.equiv entries ( Local computer A )
    • + + 
      • Allows any user from any host to connect to A
    • B + 
      • Allows any user from the remote hosts B to connect to A.
    • + Alice 
      • Allows the user Alice to connect to A from any remote host.
  • Example .rhosts entries
    • In these examples, the .rhosts file is in the home directory of the user Alice on computer A.
    • + + 
      • Allows any user from any host to connect to this host (A) as the user Alice.
    • B Bob 
      • Allows the user Bob from the remote host B to connect to A as the user Alice.
  • Example of how the hosts.equiv and the .rhosts file combine
    • Rule: the most restrictive combination of the entries applies
    • hosts.equiv file with <+ Alice>
    • .rhosts in the home directory of the user Alice with the following entry: B +
    • In this case, these entries combine to mean that only the user Alice from the remote host B can connect to A as Alice.
address based authentication4
Address-based Authentication
  • Entry <+ +>  severe security hazards
    • It allows any user on any machine to connect to the local host as the same user name.
    • If it is specified in the /etc/hosts.equiv file, it allows any user on any machine to connect to the local host as any user.
  • If A trusts B and B is hacked, then the attacker could gain access to A.
  • Network address impersonation (address spoofing)
    • Ingress filtering
cryptographic authentication
Cryptographic Authentication
  • For connection-oriented communication, overall process involves

authentication + secure communication (connection)

    • Based on prior knowledge/ownership of master key
    • Dependably verify the knowledge/ownership of key
    • Distribution of session keys
    • integrity protection and/or encryption of the data using session keys

authentication

cryptographic authentication1
Cryptographic Authentication
  • For connection-less communication, overall process involves

authentication + data transmission

    • Based on prior knowledge/ownership of key
    • Generation of data encryption keys
    • integrity protection and/or encryption of the data using data encryption keys
  • One time authentication
    • E.g., prove driver’s identify to a secured gate.
cryptographic authentication2
Cryptographic Authentication
  • Basic idea
    • Alice proves her identity to Bob by performing a cryptographic operation on a quantity (challenge) Bob supplies.
    • The cryptographic operation performed by Alice is based on Alice’s key.
    • Cryptographic operations include
      • Symmetric key encryption, asymmetric key encryption, hash operations.
cryptographic authentication3
Cryptographic Authentication
  • Approaches
    • Symmetric-key based
      • Distributed (communication peers share a master key)
      • KDC-based (communication peers share master keys with KDC)
    • Asymmetric-key based
  • Two types of authentication
    • One-way authentication (login only)
    • Mutual authentication
authentication using symmetric key distributed one way authentication
Authentication using Symmetric-Key(Distributed One-Way Authentication)
  • Priori: Alice and Bob share a master key
  • Result: Alice proves her identity to Bob
  • E(KAB, R)
  • H(KAB||R)

I’m Alice

R

Alice

Bob

F(KAB, R)

  • Weakness:
  • 1.Offline-password guessing attack
  • 2. If the database at Bob is hacked, attacker could impersonate Alice
authentication using symmetric key distributed one way authentication1
Authentication using Symmetric-Key(Distributed One-Way Authentication)
  • Priori: Alice and Bob share a master key
  • Result: Alice proves her identity to Bob; Bob can also prove his identify, if R is a timestamp.
  • Limit:
    • Requires reversible cryptography
    • Vulnerability to dictionary attack

I’m Alice

E(KAB, R)

Alice

Bob

R

authentication using symmetric key distributed mutual authentication
Authentication using Symmetric-Key(Distributed Mutual Authentication)
  • E(KAB, R)
  • H(KAB||R)
  • Limitation
    • Too many messages
    • Could we reduce them?

I’m Alice

R1

Alice

Bob

F(KAB, R1)

R2

F(KAB, R2)

authentication using symmetric key distributed mutual authentication1

I’m Alice, R2

I’m Alice

R1, F(KAB, R2)

Alice

Bob

R1

Alice

Bob

F(KAB, R1)

F(KAB, R1)

R2

F(KAB, R2)

Authentication using Symmetric-Key(Distributed Mutual Authentication)

Simplify

Any Problem?

reflection attack
Reflection Attack

I’m Alice, R2

Reflection attack

  • A way of attacking a challenge-response authentication system which uses the same protocol in both directions.
  • The basic idea is to trick the target into providing the answer to its own challenge.

R1, F(KAB, R2)

Alice

Bob

F(KAB, R1)

Flawed protocol design

I’m Alice, R2

R1, F(KAB, R2)

Cathy

Bob

I’m Alice, R1

Cathy

Bob

R3, F(KAB, R1)

F(KAB, R1)

This is what’s going to happen

reflection attack solutions
Reflection Attack -- Solutions

Principle:

  • Don’t have Alice and Bob do exactly the same thing
    • Different key/protocol along the two directions
    • The responder sends its identifier within the response, so if it receives a response that has its identifier in it, it can reject it.
  • Have the initiator prove its identity first
    • Initiating party to first respond to challenges before the target party responds to its challenges.

I’m Alice, F(KAB, R2)

F(KAB, f(R2)||R1)

Alice

Bob

F(KAB, F(R1))

authentication using symmetric key kdc based authentication
Authentication using Symmetric-Key(KDC-based Authentication)
  • Basic idea
    • KDC and A can establish a trust relationship using KA
    • KDC and B can establish a trust relationship using KB
    • KDC needs to provide A and B a shared secret based on their master keys so that they could use to authenticate each other
    • Once A and B has a a shared secret (KS), the procedure used in distributed symmetric-key-based authentication can be used to perform mutual authentication.
  • Step 1
    • KDC provides A and B a shared secret KS
  • Step 2
    • A and B perform mutual authentication using KS
step 1

Both are vulnerable to replay attack

Step 1

KDC

E[KB, Ks||IDA]

  • Similar to Secret Key Distribution
  • Important Issue
    • Replay attack
  • Solution
    • Use of nonce
    • Use of timestamp

IDA||IDB||N1

E[KA, Ks||IDB||N1||ticket]

B

A

E[KB, Ks||IDA]

Needham-Schroeder

KDC

E[KB, Ks||IDA||T2]

IDA||IDB||T1

E[KA, Ks||IDB||T1||ticket]

B

A

E[KB, Ks||IDA ||T2]

Kerberos

step 2
Step 2

KDC

E[KB, Ks||IDA||T2]

  • Combine two one-way distributed authentication procedure

IDA||IDB||T1

E[KA, Ks||IDB||T1||ticket]

E[KB, Ks||IDA ||T2], E[Ks, N2]

A

B

E[Ks, f(N2), N3]

E[Ks, f(N3)]

authentication using asymmetric key one way authentication
Authentication using Asymmetric-Key(One-way Authentication)
  • Priori: Bob has Alice’s public key
  • Result: Alice proves her identity to Bob

I’m Alice

Alice

Bob

R

  • E(KRA, R)
  • DS(KRA,R)

F(KRA, R)

I’m Alice

E(KUA, R)

Alice

Bob

R

authentication using asymmetric key one way authentication1
Authentication using Asymmetric-Key(One-way Authentication)
  • Serious Security Issue
    • Cathy wants to impersonate Alice, she wants to have a Alice’s signature of quantity R
    • She can wait for Alice to authenticate herself to Bob

I’m Alice

Alice

Bob

R

Cathy

F(KRA, R)

  • Solution:
  • Should not use the same key for different purposes
  • R has some structure
  • Refer to PKCS standard
authentication using asymmetric key mutual authentication
Authentication using Asymmetric-Key(Mutual Authentication)

I’m Alice

E(KUB, R2)

Alice

Bob

E(KUA, R1), R2

R1

kerberos
Kerberos
  • An Authentication Service
    • Based on client-server model (user and server provider)
    • Mutual authentication support: between user and server
  • Key assumption
    • The server can not rely on the client host to authenticate user
  • Basics
    • Based on KDC-based symmetric key
    • Based on Needham-Schroeder protocol
    • Use “ticket” to distribute the key
    • Use “authenticator" to prove the identity of a user
    • Main entities
      • Authentication Server (AS)
      • Ticket Granting Server (TGS)
authentication vs key distribution
Authentication vs. Key Distribution
  • Cryptographic Authentication
    • Based on prior knowledge/ownership of key
    • Dependably verify the knowledge of key
    • Distribution of session keys (for connection-oriented communication)
  • Key Distribution
    • Prior knowledge/ownership of master keys
    • Distribution of session keys after verification of master keys
  • Symmetric key
    • A, B share a master key with KDC
    • A and B share a master key
  • Asymmetric key
    • A and B both have a pair of public and private keys
    • The public keys of A and B are reliably distributed to each other
authentication summary
Authentication Summary
  • Security in communication
    • An initial authentication handsake
    • Distribution of session keys
    • Then integrity protection and/or encryption of the data
  • Types
    • One-way
    • Mutual
  • Approaches
    • Symmetric key (KDC, distributed), Asymmetric key
  • Authentication Service
    • Kerberos (composed Needham-Schroeder protocol)
  • Attacks to Authentication
    • Replay Attack
    • Reflection Attack
slide31
Misc
  • How to retrieve the key
    • Computer
    • Person: password  key
      • Doing a hash of the password
      • Using the password to encrypt/decrypt a key which is stored in a computer/dir service
  • Timestamp vs. Nonce
    • Timestamp
      • needs synchronized system
      • Use fewer messages
    • Nonce
      • Challenge-response  more messages
      • Challenge (N) can be encrypted, response encrypts a function of N (f(N)) mutual authentication
authentication checklist
Authentication Checklist
  • Eavesdrop
  • Replay
  • Impersonate Alice/Bob
  • Address Spoof
  • Read Alice/Bob’s database
  • Modify the messages between Alice/Bob