150 likes | 292 Views
Class 6 Authentication and Secrets CIS 755: Advanced Computer Security Spring 2014. Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S14/. Administrative stuff. Quiz today (end of class) Project proposal due next week No office hours on Friday Paper reading and the “ huh? ” moment
E N D
Class 6Authentication and SecretsCIS 755: Advanced Computer SecuritySpring 2014 Eugene Vasserman http://www.cis.ksu.edu/~eyv/CIS755_S14/
Administrative stuff • Quiz today (end of class) • Project proposal due next week • No office hours on Friday • Paper reading and the “huh?” moment • Use Google Scholar • What did you think of the reading assignment?
Cool stuff • Elliptic curves • y2 = x3 + ax + b • Secure multiparty computation • General existence result • Communication complexity • Threshold cryptography • Encryption, signatures, secret sharing
More cool stuff • Identity-based encryption (IBE) • Time period-based • Attribute-based encryption (ABE) • Zero-knowledge (ZK) proofs • General existence result in NP • Interactive or non-interactive (NZIK) • Strength from number of rounds or predefined • Homomorphic encryption
Yet more cool stuff • Key management • Key trees • Hierarchical, time-based access • One-time use tokens • Compare to capabilities • Blind signatures • Compact signature aggregation • Commitments (vs. hashes)
Today’s readings Bryant – Designing an Authentication System: a Dialogue in Four Scenes. MIT, 1988. (Kerberos V4) Afterword by Ts’o. MIT, 1997. (Kerberos V5) Fu, Sit, Smith, and Feamster – Dos and Don'ts of Client Authentication on the Web. 2001.
User authentication • What do we usually think of? • Passwords! • In essence: something only you know • What does authentication provide? • Access control • In essence: access to a limited resource
Access control • Authentication → access • No authentication → no access • What are we protecting? • Who is our adversary? • Threat model • Who is trusted? • Where does enforcement occur?
My voice is my passport; authorize me! • User A says: • I want access to resource R • Kerberos server, authenticate me! • R does not know if A has rights to access R • Kerberos server: • Checks if A is who she says she is • Checks if A is authorized for access to R • R trusts Kerberos server but not A
Authentication → capability →access • Kerberos server issues a “token”T to A • T is tied to A • T expires • T cannot be generated by anyone other than Kerberos server (cannot be forged) • T tells resource R that: • T was issued by the Kerberos server • A has the right to access R for a limited time
Questions? Why SSL, not Kerberos, for e-commerce? What’s the major difference between SSL certificates and Kerberos tokens? What’s the “SSL equivalent” of a Kerberos server?
V5 and Encrypt-then-MAC • Changes in Kerberos V5: • Replay protection beyond timestamps • One fewer layer of encryption • Secure delegation • Mechanism for verifying decryption is incorrect: should use encrypt-then-MAC • More secure then MAC-then-encrypt or encrypt-and-MAC (provably secure, in fact!)
SSL 3.0/TLS 1.0 vulnerabilities • US CERT Vulnerability Note VU#864643: SSL 3.0 and TLS 1.0 allow chosen plaintext attack in CBC modes • “An attacker with the ability to pose as a man-in-the-middle and to generate specially-crafted plaintext input could decrypt the contents of an SSL- or TLS-encrypted session. This could allow the attacker to recover potentially sensitive information (e.g., HTTP authentication cookies).” • NOT new – known CBC-mode attacks
Exercise How do we handle password-based authentication over an insecure channel?
Questions? Quiz