1 / 23

Handshake Protocols

Handshake Protocols. COEN 350. Simple Protocol. Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice. Simple Protocol. Vulnerable to sniffing and replay attack. Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice. ...

uri
Download Presentation

Handshake Protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Handshake Protocols COEN 350

  2. Simple Protocol Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

  3. Simple Protocol Vulnerable to sniffing and replay attack. Alice: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice. ... Mallory: Hi, I am Alice. My password is “fiddlesticks”. Bob: Welcome, Alice.

  4. Shared Secret Alice and Bob share a secret key K. Alice: I am Alice. Bob: Encrypt R. Alice: EK(R) Bob (calculates EK(R) as well.): Welcome Alice.

  5. Shared Secret Vulnerable to DOS attack. while(1) { Mallory: I am Alice. Bob: Encrypt R. Mallory: X. Bob (EK(R) != X): Access denied. }

  6. Shared Secret Vulnerable to sniffing and replay attack if R is not random or if R is repeated.

  7. Shared Secret, use of clock Alice: I am Alice, EK(clock). Bob calculates clock, compares with his value: Welcome Alice.

  8. Shared secret, use of clock Man in the Middle + replay attack: Mallory to Bob: KILL, KILL, KILL, KILL. Alice: Hi, I’m Alice. EK(clock). Mallory to Alice: KILL, KILL, KILL, KILL. Mallory to Bob: Hi, I’m Alice. EK(clock). Bob: Hi, Alice.

  9. Public Key Alice: “I’m Alice.” Bob: “R”. Alice: “EAlice(R)”. Bob calculates “DAliceEAlice(R) == R: Hi Alice.

  10. Public Key Alice: “I’m Alice.” Bob creates random challenge R: “EAlice(R)”. Alice: “R”. Bob checks R == R: Hi Alice.

  11. Public Key: DOS attack Trudy: “I’m Alice.” Bob: “R”. Trudy: “X” Bob calculates “DAliceEAlice(X) != R: Access Denied. Bob spends much more time computing than Trudy!

  12. Mutual Authentication: Shared Secret Alice: “I am Alice” Bob: “RB” Alice: EK(RB). RA. Bob calculates EK(RB) himself: EK(RA). Hi Alice. Alice calculates EK(RA) herself: Hi Bob.

  13. Mutual Authentication with less messages? Alice: I am Alice. RA Bob: RB. EK(RA). Alice: Hi Bob. EK(RB). Bob: Hi Alice.

  14. Mutual Authentication with less steps is vulnerable to the replay attack Session 1 Trudy: I am Alice. RA. Session 1 Bob: RB. EK(RA). Session 2 Trudy: I am Alice. RB. Session 2 Bob: RB’. EK(RB). Session 1 Trudy: Hi Bob. EK(RB). Session 1 Bob: Hi Alice.

  15. Warning Signals • Requestor should authenticate herself first. • Don’t have requestor and requestee do exactly the same thing. (E.g. use different key pairs.) • If you provide encryption service, you set yourself up for a key guessing attack.

  16. Public Key: Simple Mutual Authentication Alice: “I am Alice. RA” Bob: “EBob(RA). RB” Alice DBobEBob (RA)=RA: Hello Bob. EAlice(RB). Bob: DAliceEAlice(RB) = RB: Hello Alice.

  17. Key Distribution Centers • Maintains a shared secret for each registered user. • To set-up a connection requires the KDC to set up a session key.

  18. Key Distribution CenterOriginal Algorithm • Alice to KDC: Alice wants Bob. • KDC to Alice: Here is your session key. • KDC to Bob: Here is your session key. This needs to be modified.

  19. Key Distribution Center:Needham Schroeder Protocol Alice to KDC: N1, Alice wants Bob. KDC to Alice: KA(N1,KS,Bob,Ticket), where Ticket=KB(KS,Alice). Alice to Bob: Ticket, KS(N2). Bob to Alice: KS(N2-1,N3). Alice to Bob: K(N3-1). N1, N2, N3 are nonces to prevent replay attacks.

  20. Key Distribution Center:Needham Schroeder Protocol Variant Alice to KDC: N1, Alice wants Bob. KDC to Alice: KA(N1,KS,Bob,Ticket), where Ticket=KB(KS,Alice). Alice to Bob: Ticket, KS(N2). Bob to Alice: KS(N2-1),KS(N3). Alice to Bob: K(N3-1). N1, N2, N3 are nonces to prevent replay attacks.

  21. Replay attack on modified NS Alice to KDC: N1, Alice wants Bob. KDC to Alice: KA(N1,KS,Bob,Ticket), where Ticket=KB(KS,Alice). Alice to Bob: Ticket, KS(N2). Bob to Alice: KS(N2-1),KS(N3). Alice to Bob: KS(N3-1). Trudy as Alice to Bob: Ticket, KS(N2) Bob to Alice, but intercepted by Trudy: KS(N2-1), KS(N4) Trudy as Alice to Bob: Ticket, KS(N4). Bob to Alice, but intercepted by Trudy. KS(N4-1), KS(N5). Trudy as Alice to Bob: KS(N4-1).

  22. Key Distribution Center • Assume that Alice’s key has become compromised. • Trudy can now present herself as Alice to Bob with an old ticket. • Tickets need to have an expiration date!!!!!!!!!!!

More Related