1 / 11

Computer security: authentication of principals and cryptographic protocols

Computer security: authentication of principals and cryptographic protocols. Frans Kaashoek 6.033 Spring 2007. HKN Underground Guide. https://sixweb.mit.edu/student/evaluate/6.033-s2007 Link posted on 6.033 home page Deadline: May 20. key distribution. Charles.

venus
Download Presentation

Computer security: authentication of principals and cryptographic protocols

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer security: authentication of principalsand cryptographic protocols Frans Kaashoek 6.033 Spring 2007

  2. HKN Underground Guide https://sixweb.mit.edu/student/evaluate/6.033-s2007 Link posted on 6.033 home page Deadline: May 20

  3. key distribution Charles • 3 is a certificate for Alice’s public key • Charles is called a certificate authority • The interaction is an example of a cryptographicprotocol 3. M = {“A’s Kapub =…”}, sign(M, KCpriv) 2. Alice? Alice Bob 1. M, Sign(M, KApriv)

  4. Shorter notation Charles • Subscript for signing • Superscript for encrypting 3. {“A’s Kapub =…”}KCpriv 2. Alice? Alice Bob 1. {M}KBpubKApriv

  5. Denning-Sacco CA {A, B} {A, KApub, T}KCApriv {A, KBpub, T}KCApriv {A, KApub, T}KCApriv+{{KAB, T}KApriv}KBpub Alice Bob {data, T}KAB Authenticate Alice to Bob and Bob to Alice Set up a shared-secret key

  6. Impersonation Attack Thinks Bob is Alice Charles {A, KApub, T}KCApriv {{KAB, T}Kapriv}KCpub {A, KApub, T}KCApriv+{{KAB, T}KApriv}KBpub {A, KApub, T}KCApriv+{{KAB, T}KApriv}KBpub Alice Bob

  7. Denning-Sacco (fixed) CA {A, B} {A, KApub, T}KCApriv {A, KBpub, T}KCApriv {A, KApub, T}KCApriv{{A, B, KAB, T}KApriv}KBpub Alice Bob {A, B, data, T}KAB Be explicit!

  8. Example: Web (SSL simplified) • U: https://www.amazon.com • B →W: {randomc, session-id, ciphersuites} • B ← W: {randoms, session-id, {amazon.com, Kpub-amazon}Kversign} • B: verify({amazon.com, Kpub-amazon}Kversign, Kpub-verisign)? • B →W: {pre-master-secret}Kpub-amazon • ......

  9. X509 certificate • struct X509_certificate { unsigned version; unsigned serial; signature_cipher_identifier; issuer_signature; issuer_name; subject_name; subject_public_key_cipher_identifier; subject_public_key; validity_period; };

More Related