1 / 22

Public Key Cryptography & Password Protocols

Public Key Cryptography & Password Protocols. -Rashmi Kukanur. Outline. Study of protocols in assymetric scenarios Present and analyze password protocols Provide authentication and security features Public passwords. User Authentication Methods. Based on Something user knows (password)

mattox
Download Presentation

Public Key Cryptography & Password Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Public Key Cryptography&Password Protocols -Rashmi Kukanur

  2. Outline • Study of protocols in assymetric scenarios • Present and analyze password protocols • Provide authentication and security features • Public passwords

  3. User Authentication Methods • Based on • Something user knows (password) • Something user has (smartcard) • Something user is (fingerprint, speech recognition) • Password • Popular user authentication system • Used in asymmetric scenarios

  4. Password Authentication • Remote user access • Goal • strong authentication • without requiring the user to carry/remember except a password Firewall VPN traffic (authenticated using password)

  5. Cracking a password is easy • Weak : “low entropy” “easily guessed” drawn from a small space • Dictionary Attack • Simply guess the password and verify the guessed value using publicly available info • (example : one way function a=h(password)

  6. pwd Client Server Password Mechanisms • Password Transmission – ftp, telnet • Vulnerable to eavesdropping • Hashing password does not help

  7. Password Mechanisms – Contd. • Challenge Response • Vulnerable to dictionary attack on H(challenge, pwd) • One Time Passwords • User uses a different password every time • Inconvenient to the user • Still vulnerable to MIM , password guessing attacks challenge Client Server H (challenge, pwd)

  8. Additional functionalities • Mutual Authentication • Authenticated key-exchange • prevents session hijacking ,data forgery data exposure • User identity protection • remote authentication of mobile users

  9. Attacks on Password Based Protocols • Eavesdropping • Replay • Man-in-the-middle • Password Guessing Attacks • Off-line Attack • On-line Attack • Insider-assisted attacks • Exposure of secrets

  10. Terminology used • User - U , Server –S • S <-m <- U – message m from U to S • User secret password – spwd • Server public key – pk • User public password – ppwd • MD – collision resistant hash function • ENCpk – Encryption function

  11. Encrypted Password Transmission Set-up: ppwd:= MD(pk) Server (S) User (U) n,pk Check ppwd=MD(pk) Decrypt & U,n,ENCpk(spwd;U,S,n) Verify

  12. Encrypted Password TransmissionContd. • The public password ppwd authenticates server’s public key • Does not rely on the password as a cryptographic key • Encryption scheme is randomized • Should be infeasible to obtain ENCpk (n1,spwd) from ENCpk(n,spwd) for some n1!=n without knowing spwd • One-time pad encryption and ElGamal encryption vulnerable to attack

  13. Generic Encrypted Challenge Response Protocol Set-up: ppwd:= MD(pk) Server (S) User (U) n,pk Check ppwd =MD(pk) Decrypt & U,n,ENCpk(f(spwd;U,S,n)) Verify

  14. Contd. • With the use of weak human passwords as keys to cryptographic functions the security is questionable Solution - Use passwords under functions • These functions require to be one-to-one

  15. Resistance to server compromise • The Encrypted password transmission protocol • totally insecure if the server’s private key is compromised • Common heuristics for the f definition to protect against this • p1=H1(spwd,U,S) • p2=H2(spwd,U,S) • p3=H3(p2,salt) • f(spwd;n,U,S) = <MACp1(n,U,S),p2,n> • Defends against compromise of either password file or server’s private key • Attacker cannot break the MAC function since they are keyed over a much larger space

  16. Mutual Authentication and key exchange Set-up: ppwd:= MD(pk) Server (S)User (U) n,pk Check ppwd=MD(pk) Decrypt &U,n,ENCpk(k,f(spwd;k,U,S,n)) Pick random key k Verify y y = PRFk(n,S,U) Check y=PRFk(n,S,U) Set k1=PRFk(y ) Set k1=PRFk(y )

  17. Contd. • Mutual Authentication achieved • Does not achieve perfect forward secrecy • k1 revealed when servers private key exposed • Perfect forward secrecy achieved through Diffie-Hellman

  18. Mutual Authentication & Diffie Hellman exchange Set-up: ppwd:= MD(pk) Server (S) n,gx,pk User (U) Check ppwd =MD(pk) Decrypt & U,n,gy,c Pick k,gy Verify c=ENCpk(k,f(spwd;k,U,S,n,gx,gy)) z = PRFk(c) z Check z = PRFk(c) Set k1=PRFk(gxy ) Set k1=PRFk(gxy )

  19. Contd. • To compute k1 an attacker needs to be able to compute gxy • The second argument of f hashed under a collision resistant function • Protocol provides user anonymity by including user-identity under public key encryption

  20. Public Passwords • Used when client machine cannot verify the authenticity of the server’s public key • User verifies hashed version of the public key • It requires no secrecy protection but integrity • It does not need to be memorized • It enables the user to participate in protocols (impossible to carry out without a memory device) • Public password serves as a hand-held certificate for a public key( e.g credit-card applications)

  21. Representation and identification of public passwords • No need for the user to type in the password • Not necessary to know all 1024 bits to verify the key • More user readable and user friendly format • Mapping arbitrary binary strings into easy-to-read words • A dictionary of 2048 words and mapping of 11-bit string to different word in the dictionary (e.g 66-bit string represented by 6 words) • Using alphanumerics requires 12 characters to represent 60-bit strings • Authentication through image

  22. Need of public-key tools • Proved that a secure password protocol can be used to implement key-exchange protocol • Constructing secure password protocols using block ciphers and hash functions is unlikely

More Related