1 / 48

IE MS5710 Key Management and Authentication

IE MS5710 Key Management and Authentication. 5 March 20 13 Prof. CHAN Yuen-Yan, Rosanna Department of Information Engineering The Chinese University of Hong Kong. Key Management and Distribution. public key cryptosystems are inefficient Public key encryption are relatively slow

takoda
Download Presentation

IE MS5710 Key Management and Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. IEMS5710Key Management and Authentication 5 March 2013 Prof. CHAN Yuen-Yan, Rosanna Department of Information Engineering The Chinese University of Hong Kong

  2. Key Management and Distribution public key cryptosystems are inefficient Public key encryption are relatively slow so almost never use for direct data encryption rather use to encrypt secret keys for distribution topics of cryptographic key management / key distribution are complex cryptographic, protocol, & management issues symmetric schemes require both parties to share a common secret key IEMS5710 - Lecture 7

  3. Key Distribution • symmetric schemes require both parties to share a common secret key • issue is how to securely distribute this key, whilst protecting it from others • frequent key changes is also desirable • often secure system failure due to a break in the key distribution scheme IEMS5710 - Lecture 7

  4. Key Distribution given parties A and B have various key distribution alternatives: A can select key and physically deliver to B third party can select & deliver key to A & B if A & B have communicated previously can use previous key to encrypt a new key if A & B have secure communications with a third party C, C can relay key between A & B IEMS5710 - Lecture 7

  5. Key Distribution Task IEMS5710 - Lecture 7

  6. Key Hierarchy typically have a hierarchy of keys master key used to encrypt session keys shared by user & key distribution center session key temporary key used for encryption of data between users for one logical session then discarded IEMS5710 - Lecture 7

  7. Key Distribution Scenario IEMS5710 - Lecture 7

  8. Simple Secret Key Distribution IEMS5710 - Lecture 7 • A very simple scheme • allows secure communications • no keys before/after exist • Any problem with this scheme?

  9. Man-in-the-Middle Attack IEMS5710 - Lecture 7 this very simple scheme is vulnerable to an active man-in-the-middle attack

  10. Secret Key Distribution with Confidentiality and Authentication IEMS5710 - Lecture 7

  11. Hybrid Key Distribution Another key distribution method retain use of private-key KDC KDC shares different secret master key with corresponding user public-key used to distribute master keys especially useful with widely distributed users distributes session key using master key rationale performance Can be implemented on top of an existing KDC scheme easily IEMS5710 - Lecture 7

  12. Public-Key Certificates Distribution of public key using certificates a certificate binds identity to public key usually with other info such as period of validity, rights of use etc with all contents signed by a trusted Public-Key or Certificate Authority (CA) can be verified by anyone who knows the public-key authorities public-key IEMS5710 - Lecture 7

  13. Public-Key Certificates IEMS5710 - Lecture 7

  14. X.509 Authentication Service part of CCITT X.500 directory service standards distributed servers maintaining user info database defines framework for authentication services directory may store public-key certificates with public key of user signed by certification authority also defines authentication protocols uses public-key crypto & digital signatures algorithms not standardised, but RSA is recommended X.509 certificates are widely used have 3 versions IEMS5710 - Lecture 7

  15. X.509 Certificate Use IEMS5710 - Lecture 7

  16. X.509 Certificates issued by a Certification Authority (CA), containing: version V (1, 2, or 3) serial number SN (unique within CA) identifying certificate signature algorithm identifier AI issuer X.500 name (CA) period of validity TA (from - to dates) subject X.500 name A (name of owner) subject public-key info (algorithm, parameters, key) issuer unique identifier (v2+) subject unique identifier (v2+) extension fields (v3) signature (of hash of all fields in certificate) IEMS5710 - Lecture 7

  17. X.509 Certificates IEMS5710 - Lecture 7

  18. Obtaining a Certificate any user with access to CA can get any certificate from it only the CA can modify a certificate because they cannot be forged, certificates can be placed in a public directory IEMS5710 - Lecture 7

  19. CA Hierarchy if both users share a common CA then they are assumed to know its public key otherwise CA's must form a hierarchy use certificates linking members of hierarchy to validate other CA's each CA has certificates for clients (forward) and parent (backward) each client trusts parents certificates enable verification of any certificate from one CA by users of all other CAs in hierarchy IEMS5710 - Lecture 7

  20. Certificate Revocation certificates have a period of validity may need to revoke before expiry, eg: user's private key is compromised user is no longer certified by this CA CA's certificate is compromised CA’s maintain list of revoked certificates the Certificate Revocation List (CRL) users should check certificates with CA’s CRL IEMS5710 - Lecture 7

  21. Certificate Extensions Certificate extensions consist of: key and policy information convey info about subject & issuer keys, plus indicators of certificate policy certificate subject and issuer attributes support alternative names, in alternative formats for certificate subject and/or issuer certificate path constraints allow constraints on use of certificates by other CA’s X.503 Version 3 extension Contains additional information is needed in a certificate email/URL, policy details, usage constraints IEMS5710 - Lecture 7

  22. Public Key Infrastructure IEMS5710 - Lecture 7

  23. PKIX Management functions: registration initialization certification key pair recovery key pair update revocation request cross certification protocols: CMP (Certificate Management Protocol), CMC (Certificate Management over CMS, CMS is Cryptographic Message Syntax) IEMS5710 - Lecture 7

  24. User Authentication fundamental security building block basis of access control & user accountability is the process of verifying an identity claimed by or for a system entity has two steps: identification - specify identifier verification - bind entity (person) and identifier (different from message authentication) IEMS5710 - Lecture 7

  25. Means of User Authentication four means of authenticating user's identity based one something the individual knows - e.g. password, PIN possesses - e.g. key, token, smartcard is (static biometrics) - e.g. fingerprint, retina does (dynamic biometrics) - e.g. voice, sign can use alone or combined all can provide user authentication all have issues IEMS5710 - Lecture 7

  26. Authentication Protocols used to convince parties of each others identity and to exchange session keys may be one-way or mutual key issues are confidentiality – to protect session keys timeliness – to prevent replay attacks IEMS5710 - Lecture 7

  27. Replay Attacks where a valid signed message is copied and later resent countermeasures include use of sequence numbers (generally impractical) timestamps (needs synchronized clocks) challenge/response (using unique nonce) IEMS5710 - Lecture 7

  28. One-Way Authentication required when sender & receiver are not in communications at same time (e.g. email) have header in clear so can be delivered by email system may want contents of body protected & sender authenticated IEMS5710 - Lecture 7

  29. Using Symmetric Encryption as discussed previously can use a two-level hierarchy of keys usually with a trusted Key Distribution Center (KDC) each party shares own master key with KDC KDC generates session keys used for connections between parties master keys used to distribute the session keys IEMS5710 - Lecture 7

  30. Needham-Schroeder Protocol original third-party key distribution protocol for session between A and B mediated by KDC protocol overview is: 1. A->KDC: IDA|| IDB|| N1 2. KDC ->A: E(Ka,[Ks||IDB||N1|| E(Kb,[Ks||IDA])]) 3. A ->B: E(Kb, [Ks||IDA]) 4. B ->A: E(Ks, [N2]) 5. A ->B: E(Ks, [f(N2)]) IEMS5710 - Lecture 7

  31. Needham-Schroeder Protocol used to securely distribute a new session key for communications between A & B but is vulnerable to a replay attack if an old session key has been compromised then message 3 can be resent convincing B that is communicating with A modifications to address this require: timestamps in steps 2 & 3 (Denning 81) using an extra nonce (Neuman 93) IEMS5710 - Lecture 7

  32. One-Way Authentication IEMS5710 - Lecture 7 • use refinement of KDC to secure email • Since now B is not required to be online, drop steps 4 & 5 • protocol becomes: 1. A->KDC: IDA|| IDB|| N1 2. KDC ->A: E(Ka, [Ks||IDB||N1 || E(Kb,[Ks||IDA])]) 3. A ->B: E(Kb, [Ks||IDA])|| E(Ks, M) • provides encryption & some authentication • does not protect from replay attack

  33. Kerberos trusted key server system from MIT provides centralised private-key third-party authentication in a distributed network allows users access to services distributed through network without needing to trust all workstations rather all trust a central authentication server two versions in use: 4 & 5 IEMS5710 - Lecture 7

  34. Kerberos Requirements its first report identified requirements as: secure reliable transparent scalable implemented using an authentication protocol based on Needham-Schroeder IEMS5710 - Lecture 7

  35. Kerberos v4 Overview a basic third-party authentication scheme Can be used with Apache and Linux servers have an Authentication Server (AS) users initially negotiate with AS to identify self AS provides a non-corruptible authentication credential (ticket granting ticket TGT) have a Ticket Granting server (TGS) users subsequently request access to other services from TGS on basis of users TGT IEMS5710 - Lecture 7

  36. Kerberos 4 Overview IEMS5710 - Lecture 7

  37. Kerberos v4 Dialogue IEMS5710 - Lecture 7

  38. Kerberos Realms a Kerberos environment consists of: a Kerberos server a number of clients, all registered with server application servers, sharing keys with server this is termed a realm typically a single administrative domain if have multiple realms, their Kerberos servers must share keys and trust IEMS5710 - Lecture 7

  39. Kerberos Realms IEMS5710 - Lecture 7

  40. Kerberos Version 5 developed in mid 1990’s specified as Internet standard RFC 1510 provides improvements over v4 addresses environmental shortcomings encryption algorithm, network protocol, byte order, ticket lifetime, authentication forwarding, interrealm authentication and technical deficiencies double encryption, non-standard mode of use, session keys, password attacks IEMS5710 - Lecture 7

  41. Kerberos v5 Dialogue IEMS5710 - Lecture 7

  42. One-Way Authentication public-key approaches for email (a one-way authentication) encryption of message for confidentiality, authentication, or both must now public keys using costly public-key alg on long message for confidentiality encrypt message with one-time secret key, public-key encrypted for authentication use a digital signature may need to protect by encrypting signature use digital certificate to supply public key IEMS5710 - Lecture 7

  43. Federated Identity Management use of common identity management scheme across multiple enterprises & numerous applications supporting many thousands, even millions of users principal elements are: authentication, authorization, accounting, provisioning, workflow automation, delegated administration, password synchronization, self-service password reset, federation Kerberos contains many of these elements IEMS5710 - Lecture 7

  44. Identity Management (Identity holders, e.g. the users) IEMS5710 - Lecture 7

  45. Identity Federation IEMS5710 - Lecture 7

  46. Standards Used Security Assertion Markup Language (SAML) XML-based language for exchange of security information between online business partners part of OASIS (Organization for the Advancement of Structured Information Standards) standards for federated identity management e.g. WS-Federation (Web Service Federation) for browser-based federation IEMS5710 - Lecture 7

  47. Federated Identity Examples IEMS5710 - Lecture 7

  48. References • William Stallings, Cryptography and Network Security Principles and Practices, 5/e, Pearson • Chapter 14 • Chapter 15 IEMS5710 - Lecture 7

More Related