230 likes | 470 Views
Security. Chapter 8. Part II Secure Channels. Secure Channels. Secure Channels: Authentication Integrity & Confidentiality Protect against Interception (by ensuring confidentiality) Modification (by mutual authentication and ensuring message integrity)
E N D
Security Chapter 8 Part II Secure Channels
Secure Channels • Secure Channels: • Authentication • Integrity & Confidentiality • Protect against • Interception (by ensuring confidentiality) • Modification (by mutual authentication and ensuring message integrity) • Fabrication (same as modification ) • Not enough for interruption
Authentication and Integrity • Cannot do without each other • Authentication w/o integrity: • A can be guaranteed that m is from B • No guarantees that m has not been modified • Integrity w/o authentication: • A can be guaranteed that m has not been modified • No guarantees that m was from B
AuthenticationChallenge-Response Protocol (1) • Authentication based on a shared secret key.
AuthenticationChallenge-Response Protocol (2) • Authentication based on a shared secret key, but using three instead of five messages.
AuthenticationThe Reflection Attack • Successful attack by Chuck (C) for the Challenge-Response Protocol with fewer messages (version 2)
Secret Key Limitations • Secret key does not scale well • Need a key for each pair of parties • For N users/processes, need • N(N – 1)/2 keys • Each host has to manage N – 1 keys • Alternative: Centralized approach! • Key Distribution Center
AuthenticationKey Distribution Center (1) • The principle of using a KDC.
AuthenticationKey Distribution Center (2) • Using a ticket and letting Alice set up a connection to Bob.
AuthenticationNeedham-Schroeder Protocol (1) • The Needham-Schroeder authentication protocol.
AuthenticationNeedham-Schroeder Protocol (2) • KA,KDC(RA1,B,KA,B, KB,KDC(A,KA,B) • Nonce (RA1): random number used only once • Relate messages to each other • What if you we don't use nonce? • C steals B’s old key K’B,KDC • C intercepts an old response KA,KDC(RAx, B,KA,B, K’B,KDC(A,KA,B) • Previously returned by KDC to A • C waits for A to connect to KDC again • C can fool A
AuthenticationNeedham-Schroeder Protocol (3) • KA,KDC(RA1,B,KA,B, KB,KDC(A,KA,B) • Including B protects A against: • If B is left out, C could modify m1 replacing B with C • KDC thinks A is setting a channel up with C • Returning RA2 – 1 proves that B: • knows the key • And decrypted the challenge • (note that RA2 is enough in this case) • If C ever gets a hold of an old key K’A,B, C could replay m3!
AuthenticationNeedham-Schroeder Protocol (4) • Protection against malicious reuse of a previously generated session key in the Needham-Schroeder protocol.
AuthenticationPublic-Key Protocol • Mutual authentication in a public-key cryptosystem.
Message Integrity and Confidentiality • Confidentiality: use cryptography • Integrity: • Authentication is not sufficient • Example: contract negotiation (A sells something to B) • Need assurance for A that B cannot deny the agreement • Need assurance for B that A does not change the message (the term of the agreement) • Solution: use digital signatures
Digital Signatures • Need a unique association between the message and the signature • If B (the buyer) signs the message • B cannot bail out • B can verify the message is genuine, preventing A from changing the terms of the agreement
Digital Signatures – Public Key • Digital signing a message using public-key cryptography.
Digital Signatures – Public KeyProblems • A can bail out by claiming KA- was stolen • A decides to change the keys • Good idea! • A’s statement to B becomes useless • Need a central registry to keys (like PGP) • Encrypting all of m might be infeasible • Solution: encrypt a message digest • h = H(m), h has a fixed length
Digital Signatures – Message Digest • If m is changed to m’, H(m) H(m’)
Session Keys • Use one key for all sessions (long-lasting key) or a different key for each session (session key)? • Session keys: • Protect against replay attacks • Only one session is affected if key is compromised • Replacing keys often is expensive • Use a combination of long-lasting and session keys
Secure Group Communication • Protecting communication between a group of N members • Confidentiality: • Use one shared key • Trust?, more vulnerable than two-party communication • Use one shared key for each pair of members • Need N(N-1)/2 keys • Use public key • Need N keys only
Secure Replicated Services • Sharing a secret signature in a group of replicated servers.