28
Cryptography and Cryptography and Network Security Network Security Chapter 15 Chapter 15 Fifth Edition Fifth Edition by William Stallings by William Stallings Lecture slides by Lawrie Lecture slides by Lawrie Brown Brown

Ch15

Tags:

Embed Size (px)

DESCRIPTION

 

Citation preview

Page 1: Ch15

Cryptography and Cryptography and Network SecurityNetwork Security

Chapter 15Chapter 15

Fifth EditionFifth Edition

by William Stallingsby William Stallings

Lecture slides by Lawrie BrownLecture slides by Lawrie Brown

Page 2: Ch15

Chapter 15 – User Chapter 15 – User AuthenticationAuthentication

We cannot enter into alliance with We cannot enter into alliance with neighboring princes until we are neighboring princes until we are acquainted with their designs.acquainted with their designs.

——The Art of WarThe Art of War, Sun Tzu, Sun Tzu

Page 3: Ch15

User AuthenticationUser Authentication

fundamental security building blockfundamental security building block basis of access control & user accountabilitybasis of access control & user accountability

is the process of verifying an identity is the process of verifying an identity claimed by or for a system entityclaimed by or for a system entity

has two steps:has two steps: identification - specify identifieridentification - specify identifier verification - bind entity (person) and identifierverification - bind entity (person) and identifier

distinct from message authenticationdistinct from message authentication

Page 4: Ch15

Means of Means of User AuthenticationUser Authentication

four means of authenticating user's identityfour means of authenticating user's identity based one something the individual based one something the individual

knows - e.g. password, PINknows - e.g. password, PIN possesses - e.g. key, token, smartcardpossesses - e.g. key, token, smartcard is (static biometrics) - e.g. fingerprint, retinais (static biometrics) - e.g. fingerprint, retina does (dynamic biometrics) - e.g. voice, sign does (dynamic biometrics) - e.g. voice, sign

can use alone or combinedcan use alone or combined all can provide user authenticationall can provide user authentication all have issuesall have issues

Page 5: Ch15

Authentication ProtocolsAuthentication Protocols

used to convince parties of each others used to convince parties of each others identity and to exchange session keysidentity and to exchange session keys

may be one-way or mutualmay be one-way or mutual key issues arekey issues are

confidentiality – to protect session keysconfidentiality – to protect session keys timeliness – to prevent replay attackstimeliness – to prevent replay attacks

Page 6: Ch15

Replay AttacksReplay Attacks

where a valid signed message is copied and where a valid signed message is copied and later resentlater resent simple replaysimple replay repetition that can be loggedrepetition that can be logged repetition that cannot be detectedrepetition that cannot be detected backward replay without modificationbackward replay without modification

countermeasures includecountermeasures include use of sequence numbers (generally impractical)use of sequence numbers (generally impractical) timestamps (needs synchronized clocks)timestamps (needs synchronized clocks) challenge/response (using unique nonce)challenge/response (using unique nonce)

Page 7: Ch15

One-Way AuthenticationOne-Way Authentication

required when sender & receiver are not in required when sender & receiver are not in communications at same time (eg. email)communications at same time (eg. email)

have header in clear so can be delivered have header in clear so can be delivered by email systemby email system

may want contents of body protected & may want contents of body protected & sender authenticatedsender authenticated

Page 8: Ch15

Using Symmetric EncryptionUsing Symmetric Encryption

as discussed previously can use a two-as discussed previously can use a two-level hierarchy of keyslevel hierarchy of keys

usually with a trusted Key Distribution usually with a trusted Key Distribution Center (KDC)Center (KDC) each party shares own master key with KDCeach party shares own master key with KDC KDC generates session keys used for KDC generates session keys used for

connections between partiesconnections between parties master keys used to distribute these to themmaster keys used to distribute these to them

Page 9: Ch15

Needham-Schroeder ProtocolNeedham-Schroeder Protocol

original third-party key distribution protocoloriginal third-party key distribution protocol for session between A B mediated by KDCfor session between A B mediated by KDC protocol overview is:protocol overview is:

1. 1. A->KDC: A->KDC: IDIDAA || || IDIDBB || || NN11

22. KDC ->. KDC -> A: E(KA: E(Kaa,[K,[Kss||||IDIDBB||||NN11|| E(K|| E(Kbb,[,[KKss||||IDIDAA])])])])

3. 3. A ->A -> B: E(KB: E(Kbb, [, [KKss||||IDIDAA])])

4. 4. B ->B -> A: E(KA: E(Kss, , [[NN22])])

5. 5. A ->A -> B: E(KB: E(Kss, [f(, [f(NN22)]))])

Page 10: Ch15

Needham-Schroeder ProtocolNeedham-Schroeder Protocol

used to securely distribute a new session used to securely distribute a new session key for communications between A & Bkey for communications between A & B

but is vulnerable to a replay attack if an old but is vulnerable to a replay attack if an old session key has been compromisedsession key has been compromised then message 3 can be resent convincing B then message 3 can be resent convincing B

that is communicating with Athat is communicating with A modifications to address this require:modifications to address this require:

timestamps in steps 2 & 3 (Denning 81)timestamps in steps 2 & 3 (Denning 81) using an extra nonce (Neuman 93)using an extra nonce (Neuman 93)

Page 11: Ch15

One-Way AuthenticationOne-Way Authentication

use refinement of KDC to secure emailuse refinement of KDC to secure email since B no online, drop steps 4 & 5since B no online, drop steps 4 & 5

protocol becomes:protocol becomes:1. 1. A->KDC: A->KDC: IDIDAA || || IDIDBB || || NN11

22. KDC ->. KDC -> A: E(KA: E(Kaa, [K, [Kss||||IDIDBB||||NN1 1 || E(K|| E(Kbb,[,[KKss||||IDIDAA])])])])

3. 3. A ->A -> B: E(KB: E(Kbb, [, [KKss||||IDIDAA])]) || E(K|| E(Kss, M), M)

provides encryption & some authenticationprovides encryption & some authentication does not protect from replay attackdoes not protect from replay attack

Page 12: Ch15

KerberosKerberos

trusted key server system from MIT trusted key server system from MIT provides centralised private-key third-party provides centralised private-key third-party

authentication in a distributed networkauthentication in a distributed network allows users access to services distributed allows users access to services distributed

through networkthrough network without needing to trust all workstationswithout needing to trust all workstations rather all trust a central authentication serverrather all trust a central authentication server

two versions in use: 4 & 5two versions in use: 4 & 5

Page 13: Ch15

Kerberos RequirementsKerberos Requirements

its first report identified requirements as:its first report identified requirements as: securesecure reliablereliable transparenttransparent scalablescalable

implemented using an authentication implemented using an authentication protocol based on Needham-Schroederprotocol based on Needham-Schroeder

Page 14: Ch15

Kerberos v4 OverviewKerberos v4 Overview

a basic third-party authentication schemea basic third-party authentication scheme have an Authentication Server (AS) have an Authentication Server (AS)

users initially negotiate with AS to identify self users initially negotiate with AS to identify self AS provides a non-corruptible authentication AS provides a non-corruptible authentication

credential (ticket granting ticket TGT) credential (ticket granting ticket TGT) have a Ticket Granting server (TGS)have a Ticket Granting server (TGS)

users subsequently request access to other users subsequently request access to other services from TGS on basis of users TGTservices from TGS on basis of users TGT

using a complex protocol using DESusing a complex protocol using DES

Page 15: Ch15

Kerberos v4 DialogueKerberos v4 Dialogue

Page 16: Ch15

Kerberos 4 OverviewKerberos 4 Overview

Page 17: Ch15

Kerberos RealmsKerberos Realms

a Kerberos environment consists of:a Kerberos environment consists of: a Kerberos servera Kerberos server a number of clients, all registered with servera number of clients, all registered with server application servers, sharing keys with serverapplication servers, sharing keys with server

this is termed a realmthis is termed a realm typically a single administrative domaintypically a single administrative domain

if have multiple realms, their Kerberos if have multiple realms, their Kerberos servers must share keys and trust servers must share keys and trust

Page 18: Ch15

Kerberos RealmsKerberos Realms

Page 19: Ch15

Kerberos Version 5Kerberos Version 5

developed in mid 1990’sdeveloped in mid 1990’s specified as Internet standard RFC 1510specified as Internet standard RFC 1510 provides improvements over v4provides improvements over v4

addresses environmental shortcomingsaddresses environmental shortcomings• encryption alg, network protocol, byte order, ticket encryption alg, network protocol, byte order, ticket

lifetime, authentication forwarding, interrealm authlifetime, authentication forwarding, interrealm auth and technical deficienciesand technical deficiencies

• double encryption, non-std mode of use, session double encryption, non-std mode of use, session keys, password attackskeys, password attacks

Page 20: Ch15

Kerberos v5 DialogueKerberos v5 Dialogue

Page 21: Ch15

Remote User Remote User AuthenticationAuthentication in Ch 14 saw use of public-key encryption in Ch 14 saw use of public-key encryption

for session key distributionfor session key distribution assumes both parties have other’s public keysassumes both parties have other’s public keys may not be practicalmay not be practical

have Denning protocol using timestampshave Denning protocol using timestamps uses central authentication server (AS) to uses central authentication server (AS) to

provide public-key certificatesprovide public-key certificates requires synchronized clocksrequires synchronized clocks

have Woo and Lam protocol using nonceshave Woo and Lam protocol using nonces care needed to ensure no protocol flawscare needed to ensure no protocol flaws

Page 22: Ch15

One-Way AuthenticationOne-Way Authentication have have public-key approaches for emailpublic-key approaches for email

encryption of message for confidentiality, encryption of message for confidentiality, authentication, or bothauthentication, or both

must now public keysmust now public keys using costly public-key alg on long messageusing costly public-key alg on long message

for confidentiality encrypt message with for confidentiality encrypt message with one-time secret key, public-key encryptedone-time secret key, public-key encrypted

for authentication use a digital signaturefor authentication use a digital signature may need to protect by encrypting signaturemay need to protect by encrypting signature

use use digital certificate to supply public keydigital certificate to supply public key

Page 23: Ch15

Federated Identity Federated Identity ManagementManagement

use of common identity management schemeuse of common identity management scheme across multiple enterprises & numerous applications across multiple enterprises & numerous applications supporting many thousands, even millions of users supporting many thousands, even millions of users

principal elements are:principal elements are: authentication, authorization, accounting, authentication, authorization, accounting,

provisioning, workflow automation, delegated provisioning, workflow automation, delegated administration, password synchronization, self-service administration, password synchronization, self-service password reset, federationpassword reset, federation

Kerberos contains many of these elementsKerberos contains many of these elements

Page 24: Ch15

Identity ManagementIdentity Management

Page 25: Ch15

Identity Identity FederationFederation

Page 26: Ch15

Standards UsedStandards Used

Security Assertion Markup Language (SAML)Security Assertion Markup Language (SAML) XML-based language for exchange of security XML-based language for exchange of security

information between online business partnersinformation between online business partners part of OASIS (Organization for the part of OASIS (Organization for the

Advancement of Structured Information Advancement of Structured Information Standards) standards for federated identity Standards) standards for federated identity managementmanagement e.g. e.g. WS-Federation for browser-based federationWS-Federation for browser-based federation

need a few mature industry standardsneed a few mature industry standards

Page 27: Ch15

Federated Identity ExamplesFederated Identity Examples

Page 28: Ch15

SummarySummary

have considered:have considered: remote user authentication issuesremote user authentication issues authentication using symmetric encryptionauthentication using symmetric encryption the Kerberos the Kerberos trusted key server systemtrusted key server system authentication using asymmetric encryptionauthentication using asymmetric encryption federated identity managementfederated identity management


0205084567 ch15

0205084567 ch15

Technology
Ch15 solarsystemsection1

Ch15 solarsystemsection1

Education
Schermerhorn Mgmt9 Ch15

Schermerhorn Mgmt9 Ch15

Documents
Ch15 Pricing

Ch15 Pricing

Documents
Discrete Ch15

Discrete Ch15

Documents
Ch15 Transactions

Ch15 Transactions

Documents
Romney Ch15

Romney Ch15

Documents
CH15 16 Solutions

CH15 16 Solutions

Documents
Krajewski Ism Ch15

Krajewski Ism Ch15

Documents
tangowithdjango - Ch15

tangowithdjango - Ch15

Engineering
Clean code ch15

Clean code ch15

Technology
Fm10e ch15

Fm10e ch15

Business
ch15 mia

ch15 mia

Documents
Cengel ch15

Cengel ch15

Documents
DataBase Ch15

DataBase Ch15

Documents
Ch15 solarsystemsection2

Ch15 solarsystemsection2

Education
Ch15 - 2015

Ch15 - 2015

Documents
Ch15 Taylor

Ch15 Taylor

Documents
Ch15 slideshare

Ch15 slideshare

Documents
Lecture Ch15

Lecture Ch15

Documents
Ch15 Groundwater

Ch15 Groundwater

Documents
Ch15 Tables

Ch15 Tables

Documents
Ch15 - Weebly

Ch15 - Weebly

Documents
Ch15 outline

Ch15 outline

Documents
Ch15 testing

Ch15 testing

Documents
Ch14.3 ch15

Ch14.3 ch15

Documents
Corbin14e ch15

Corbin14e ch15

Health & Medicine
Cs ill ch15

Cs ill ch15

Technology
Ch15 ImageGallery

Ch15 ImageGallery

Documents
Bonus ch15

Bonus ch15

Business