1 / 39

Network Security

Network Security. Chapter 2. Network Security Protocols. Objectives. Key Establishment Technique Key Authentication Authenticated Key Establishment Protocol Key generation in SKC Kerberos : Key generation in SKC Key Establishment in PKC Authentication Protocols Security of password

brendan-dudley
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Chapter 2. Network Security Protocols

  2. Objectives • Key Establishment Technique • Key Authentication • Authenticated Key Establishment Protocol • Key generation in SKC • Kerberos : Key generation in SKC • Key Establishment in PKC • Authentication Protocols • Security of password • Authentication using SKC • Authentication using PKC

  3. Introduction • The three important aspect of network security: • authentication, encryption, message authentication • Key : Central to the idea of cryptography. • Some definitions related to key. • key establishment : a process or protocol where by a shared secret becomes available to two or more parties, for subsequent cryptographic use.

  4. Key establishment technique • Key transport : a key establishment technique where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s). • Key agreement : a key establishment technique in which a shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, (ideally) such that no part can predetermine the resulting value.

  5. Key establishment technique • Key pre-distribution : key establishment protocols whereby the resulting established keys are completely determined apriori by initial keying material. • Dynamic key establishment : the key is established by a fixed pair (or group) of users varies on subsequent executions. Also referred to as session key establishment

  6. Key authentication • Key authentication : the property whereby one party is assured that no other party asides from a specifically identified second party( and possibly additional identified trusted parties) may gain access to a particular secret key. • It need not involve any action whatsoever by the second party. For this reason, it is some times referred to more precisely as (implicit) key authentication. • Key conformation : the property whereby one party is assured that a second (possibly unidentified) party actually has possession of particular secret key. • Explicit key authentication : the property obtained when (implicit) key authentication and key conformation hold.

  7. Authentication Summary

  8. Authenticated key establishment protocol • Authentication protocol : to provide to one party some degree of assurance regarding the identity of another with which it is purportedly communicating • Key establishment protocol : to establish a shared secret. • Authenticated key establishment protocol :to establish a shared secret with a party whose identity has been (or can be) collaborated.

  9. Key Generation in SKC • Requirement for a SKC : - random and long enough to deter a brute force attack. - practical key size : AES : 128, 192, 256 bits • Key distribution in SKC - For a network with n nodes, each nodes wish to talk securely to every other node. How many keys would this require? n = 50  1,225 keys n = 250  31,125 keys

  10. Key Generation in SKC • Solutions for key distribution in SKC • : Key distribution center (KDC) • KDC stores keys for all nodes in the network • Each node in the network is configured with only one key • How does it work? • 1) Alice  KDC : request session key for Bob. • 2) KDC  B, A : send same session key

  11. Kerberos : Key Generation in SKC • Entity authentication and session key generation • Based on Needham-Schroeder protocol • Drawback • Bottleneck • single point of failure

  12. Key Establishment in PKC • Public key Cryptography - each entity : (public key, private key) pair. - Certificate Authority(CA) : - trusted third party : certifying the owner of a public key - combine public key with entity’s identity. - issue certificate = “Alice’s public key is Kwa” + SignPCA( hash(“Alice’s public key is Kwa”)) - provide certificate verification service

  13. Diffie-Hellman Key Exchange Remember DHP !!!

  14. Man-in-the-middle attack against Diffie-Hellman • Alice and Bob think they are talking each other. • Eve impersonate Alice and Bob to Bob and Alice respectively.

  15. Enhanced Diffie-Hellman Key Exchange • Static Diffie Hellman - g, n is fixed, - CA  Alice : - CA  Bob : • Dynamic Diffie-Hellman - g, n : ephemeral (established dynamically) - CA  Alice : - CA  Bob :

  16. RSA • RSA encryption See the chap. 8 of handbook!!

  17. RSA • RSA signing

  18. RSA based cryptographic schemes • PKCS#1 • homomorphic property of basic RSA • RSA based cryptographic schemes • see [ this ] for security analysis

  19. Authentication Protocol • Authentication : the Process of verifying that a node or users is who they claim to be. • Usage in network : access control • Access control : primary defense mechanisms in network security and computer security.

  20. Address-Based Authentication • Use the address of the node in the network. • MAC address or IP address • Allows only a preconfigured set of MAC or IP address to access the network. • Usually implemented in the switch or router • Loop holes : • Simple one-to-one mapping between a node and a user. • So does not really authenticate the user • Weak to MAC spoofing and IP spoofing attack.

  21. Password for Local Authentication (Login) • Storing <username, password> pair list in a file on the server machine. • If the password file is compromised, all user passwords are compromised. • Machine store <username, hash(password)> pair • Even though the file is compromised, the passwords are still secure. • But still open to dictionary attack.

  22. Insecurity of Passwords • Human generated passwords • Come from a small domain • Easy to guess – dictionary attacks • Stronger passwords • Computer generated or verified • Not user friendly • Hard to remember

  23. Possible attacks on passwords • Eavesdropping. (Solution: encrypt the channel, e.g. using SSL or SSH.) • Offline dictionary attacks. • Attacker compute < word, hash(word)> pair list • Attacker get password file and search hash(password) in his stored list. • (Solution: limit access to password file, use salt.) < word, hash(word+salt), salt> • Online dictionary attacks: Attacker guesses a username/password pair and tries to login. Real time. • Case study : e-Bay user account hacking [ link ]

  24. Username / pwd-1 Username / pwd-2 Username / pwd-5 Answer 2 (No) Answer 1 (No) Answer 5 (No) Countermeasures against online dictionary attacks Delayed answer Account locked

  25. Risks of locking accounts • eBay experiences dictionary attacks, but does not implement account locking. • Denial of service attacks:To lock a user, try to login into his account with random passwords. (auctions, corporates…) • Customer service costs: Users whose accounts are locked call a customer service center – impose call cost

  26. Password for Network Authentication • Password for network authentication differ from local login. • Hashed password can not be sent over the network. • Captured hashed password can be used for offline dictionary attack • Using Salt (transmit in plain text)  still weak to offline attack.

  27. Authentication using SKC • In a network authentication, use password for deriving shared keys to be used in challenge response system. • Key = part of hash(password) • One-way authentication using SKC

  28. One-way Authentication using SKC-variation

  29. One-way Authentication using SKC-variation • Bob : state-less  prevent Denial of Service(DoS) attack • timestamp : require time synchronization, not trivial in a large network. • if stream cipher is used, 1 bit flip in the cipher text flips 1 bit in the plain text. • Eve may get an approximate time stamp by flipping the millisecond bits.

  30. Mutual Authentication using SKC • Authenticate each other. • (Reduced Massages)

  31. Mutual authentication using SKC-Reflection Attack • How to prevent the reflection attack • Unique format for each direction – even and odd challenge • Different symmetric key for each direction

  32. Lamport’s Hash • Bob(server) saves (username, ) • After one authentication, Bob sets raise to (m-1) • When m=1, reconfigure new password. • How to avoid new password reconfiguration when m=1  use salt with password : (m-1) times hash of R1.

  33. Authentication using PKC One-way authentication Mutual Authentication • Key Database compromise  does not compromise the security of the System.

  34. What to use for authentication : SKC or PKC? • SKC (Advantages) • less computation intensive • more resilient to DoS Attacks. (Disadvantages) • Key database compromise  security of whole system is compromised. • Eve can collect < plaintext, ciphertext> pairs launch dictionary attack. How to: Eve claims to be Bob and send challenge to A, then collect the cipher text for the challenge.

  35. What to use for authentication: SKC or PKC? • PKC (advantages) • Key database compromise  does not compromise the security of whole system • dictionary attack is not applicable. (Disadvantages) • computation intensive • weak to DoS Attacks.

  36. Session Hijacking • Instead of trying to break the authentication protocol, it circumvent it completely. • Cause : authentication result is not linked to the rest of the session. • Solution : Use authenticated key agreement protocol.

  37. Needham Schroeder • SKC-based mutual authentication and key establishment

  38. Kerberos

  39. Resources • [B. Pinkas] Securing Passwords against Dictionary attack http://www.pinkas.net/PAPERS/pwdweb.pdf • [e-bay case] http://news.com.com/2100-1017-868278.html?tag=yt • Collin Boyd, Anish Mathuria, Protocols for Authentication and Key Establishment, Springer-Verlag • Evaluation of RSA cryptographic Schemes, http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1011_rsa.pdf

More Related