digest based authentication
play

Digest Based Authentication James Undery - Ubiquity Sanjoy Sen - - PowerPoint PPT Presentation

Nov 02, 2023 •138 likes •224 views

Digest Based Authentication James Undery - Ubiquity Sanjoy Sen - Nortel Networks Vesa Torvinen - Ericsson Digest Authentication SIP & RFC 2617 Its deployed today Its simple UAC to UAS UAC to proxy draft-undery-sip-auth-00 proxy

  1. Digest Based Authentication James Undery - Ubiquity Sanjoy Sen - Nortel Networks Vesa Torvinen - Ericsson

  2. Digest Authentication SIP & RFC 2617 It’s deployed today It’s simple UAC to UAS UAC to proxy draft-undery-sip-auth-00 proxy to UAS Bid-down protection Integrity protection Mutual authentication Suggested replay protection implementation

  3. What’s New proxy to UAS authentication UAS-Authenticate UAS-Authorization UAS-Authentication-Info 492 response Bid-down protection Prefixes added to nonces Protects scheme and quality of protection Doesn’t protect algorithms (See open issues)

  4. What’s New Mutual Authentication *-Authentication-Info non digest specific Integrity Complete one hop message integrity Negotiated header integrity With bid down protection

  5. Open issues (1/4) No algorithm protection If a hashing algorithm is broken (i.e. one of the following hold,) we need algorithm revocation given H(m) you can extract m given m and H(s+m) you can find n, st H(s+m) = H(s+n) Proposal - make limitation explicit, algorithm revocation is out of scope No negotiation of body integrity protection Proxies can’t alter message bodies Proposal - leave unchanged

  6. Open issues (2/4) No protection against weak passwords If a scheme uses a weak password / session key protection can be compromised Care should always be taken to match the strength of protection against the time you wish a secret to remain secret Proposal - make limitation explicit, the solution is out of scope 492 Mechanism requires UAC support UAS has already applied policy that could result in failure of this dialog Proposal - leave unchanged, explicitly note deficiency

  7. Open issues (3/4) Client side can’t initiate authentication Could include *-Authorization header or new header / Require option Require option only applies to target of challenge and generally a bad idea Can’t respond to responses in general Can immediately respond to tear-down dialog created by requests Only one server responding in a non 4xx/5xx/6xx manner will cause problems Proposal - make limitation explicit

  8. Open issues (4/4) Forking and response collation issues Can’t guarantee upstream entities see challenges Response collation oriented towards success Proposal - make limitation explicit

Recommend

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
IT350 Web and Internet Programming SlideSet #18: HTTP Authentication

IT350 Web and Internet Programming SlideSet #18: HTTP Authentication

IT350 Web and Internet Programming SlideSet #18: HTTP Authentication http://www.httpwatch.com/httpgallery/authentication/ http://httpd.apache.org/docs/2.2/howto/auth.html Outline HTTP Basic Authentication HTTP Digest Authentication 1

349 views • 8 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
A Little Confusing Without [a block digest], one must query the offset digest with all

A Little Confusing Without [a block digest], one must query the offset digest with all

A Little Confusing Without [a block digest], one must query the offset digest with all possible offsets: although the extra space afforded by not having a block digest increases the accuracy of the offset digest, the testing of every offset

125 views • 9 slides
SY306 Web and Databases for Cyber Operations SlideSet #21: HTTP Authentication

SY306 Web and Databases for Cyber Operations SlideSet #21: HTTP Authentication

SY306 Web and Databases for Cyber Operations SlideSet #21: HTTP Authentication http://www.httpwatch.com/httpgallery/authentication/ http://httpd.apache.org/docs/2.2/howto/auth.html Outline HTTP Basic Authentication HTTP Digest

226 views • 8 slides
Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services

Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services

Overview Cryptography functions Secret key (e.g., DES) Security Public key (e.g., RSA) Message digest (e.g., MD5) Security services Privacy: preventing unauthorized release of information Outline Authentication:

883 views • 5 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in

A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in

A Key to Your Heart: Biometric Authentication Based on ECG Signals Who Are You?! Adventures in Authentication Workshop (WAY) 2019 Nikita Samarin, Donald Sannella Traditional Passwords Most common mechanism of authenticating users online

251 views • 14 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication:

SSL 1 Web Security Secure Socket Layer (SSL) December 7, 2000 SSL 2 Web Security authentication: basic, digest often supplemented by cookies access control via network addresses multi-layered: SHTTP (secure HTTP) = just

713 views • 32 slides
FAYETTE COUNTY, GEORGIA 2019 Property Tax Digest / Millage Rates PUBLIC HEARINGS AUGUST 15,

FAYETTE COUNTY, GEORGIA 2019 Property Tax Digest / Millage Rates PUBLIC HEARINGS AUGUST 15,

FAYETTE COUNTY, GEORGIA 2019 Property Tax Digest / Millage Rates PUBLIC HEARINGS AUGUST 15, 2019 2019 Tax Digest Changes 2018 Diges Digest $5,90 ,901,66 ,669,19 ,198 Growth th (D (Decr ecrease) ease) in in Diges Digest Re Real

420 views • 16 slides
HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

288 views • 10 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Source: [5] Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter Pilgerstorfer 03.03.2015 1 Motivation Pairing without user interaction Traditional authentication E.g. enter/confirm shared PIN

270 views • 26 slides
Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim

Lapin (an efficient authentication protocol based on Ring-LPN) Stefan Heyse, Eike Kiltz, Vadim Lyubashevsky, Christof Paar, Krzysztof Pietrzak Authentication Protocols Prover Verifier HB-style authentication shared AES key K protocols

563 views • 22 slides
Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author:

Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author:

IETF94 2 Nov. 2015 Yokohama SDNRG WG Secure SDN Authentication & Authorization for Multi-tenancy (DNS based PKI model) Author: www.huawei.com Hosnieh Rafiee Ietf{at}rozanak.com Motivation Problem: secure SDN authentication,

546 views • 10 slides
Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with

Innovations in permutation-based encryption & authentication . based on joint work with Fast Software Encryption Conference 2017 1 Joan Daemen 1 , 2 Guido Bertoni 1 , Michal Peeters 1 , Gilles Van Assche 1 and Ronny Van Keer 1 1

855 views • 30 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago

Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago

Lecture 14 Passwords and Authentication Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Slides based on Baileys ECE 422 Major Portions Courtesy Ryan Cunningham AUTHENTICATION Authentication Basics

653 views • 42 slides
Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada

Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada

Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada Popa April 12, 2016 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof. Dan Boneh Authentication &

1.11k views • 73 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides

More recommend