1 / 15

Class 6 Authentication and Secrets CIS 755: Advanced Computer Security Spring 2014

Class 6 Authentication and Secrets CIS 755: Advanced Computer Security Spring 2014. Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S14/. Administrative stuff. Quiz today (end of class) Project proposal due next week No office hours on Friday Paper reading and the “ huh? ” moment

carnig
Download Presentation

Class 6 Authentication and Secrets CIS 755: Advanced Computer Security Spring 2014

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Class 6Authentication and SecretsCIS 755: Advanced Computer SecuritySpring 2014 Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S14/

  2. Administrative stuff • Quiz today (end of class) • Project proposal due next week • No office hours on Friday • Paper reading and the “huh?” moment • Use Google Scholar • What did you think of the reading assignment?

  3. Cool stuff • Elliptic curves • y2 = x3 + ax + b • Secure multiparty computation • General existence result • Communication complexity • Threshold cryptography • Encryption, signatures, secret sharing

  4. More cool stuff • Identity-based encryption (IBE) • Time period-based • Attribute-based encryption (ABE) • Zero-knowledge (ZK) proofs • General existence result in NP • Interactive or non-interactive (NZIK) • Strength from number of rounds or predefined • Homomorphic encryption

  5. Yet more cool stuff • Key management • Key trees • Hierarchical, time-based access • One-time use tokens • Compare to capabilities • Blind signatures • Compact signature aggregation • Commitments (vs. hashes)

  6. Today’s readings Bryant – Designing an Authentication System: a Dialogue in Four Scenes. MIT, 1988. (Kerberos V4) Afterword by Ts’o. MIT, 1997. (Kerberos V5) Fu, Sit, Smith, and Feamster – Dos and Don'ts of Client Authentication on the Web. 2001.

  7. User authentication • What do we usually think of? • Passwords! • In essence: something only you know • What does authentication provide? • Access control • In essence: access to a limited resource

  8. Access control • Authentication → access • No authentication → no access • What are we protecting? • Who is our adversary? • Threat model • Who is trusted? • Where does enforcement occur?

  9. My voice is my passport; authorize me! • User A says: • I want access to resource R • Kerberos server, authenticate me! • R does not know if A has rights to access R • Kerberos server: • Checks if A is who she says she is • Checks if A is authorized for access to R • R trusts Kerberos server but not A

  10. Authentication → capability →access • Kerberos server issues a “token”T to A • T is tied to A • T expires • T cannot be generated by anyone other than Kerberos server (cannot be forged) • T tells resource R that: • T was issued by the Kerberos server • A has the right to access R for a limited time

  11. Questions? Why SSL, not Kerberos, for e-commerce? What’s the major difference between SSL certificates and Kerberos tokens? What’s the “SSL equivalent” of a Kerberos server?

  12. V5 and Encrypt-then-MAC • Changes in Kerberos V5: • Replay protection beyond timestamps • One fewer layer of encryption • Secure delegation • Mechanism for verifying decryption is incorrect: should use encrypt-then-MAC • More secure then MAC-then-encrypt or encrypt-and-MAC (provably secure, in fact!)

  13. SSL 3.0/TLS 1.0 vulnerabilities • US CERT Vulnerability Note VU#864643: SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes • “An attacker with the ability to pose as a man-in-the-middle and to generate specially-crafted plaintext input could decrypt the contents of an SSL- or TLS-encrypted session. This could allow the attacker to recover potentially sensitive information (e.g., HTTP authentication cookies).” • NOT new – known CBC-mode attacks

  14. Exercise How do we handle password-based authentication over an insecure channel?

  15. Questions? Quiz

More Related