host authentication overview ece 525 authentication
play

HOST Authentication Overview ECE 525 Authentication Overview - PowerPoint PPT Presentation

Jun 02, 2023 •182 likes •288 views

HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of verifying the identity of the communicating principals to one another Usually sub-divided into Entity authentication Authentication

  1. HOST Authentication Overview ECE 525 Authentication Overview Authentication refers to the process of ‘ verifying the identity of the communicating principals to one another ’ Usually sub-divided into • Entity authentication Authentication in ‘real-time’ between two parties about ready to engage in com- munication • Message (or data origin ) authentication Relates to data such as email that may later need to be authenticated by the receiver as to the origin and time sent Note that authentication of the origin of data also addresses data integrity , i.e., whether the message has been tampered with by unauthorized parties This is true b/c unauthorized changes imply the data has a new source Authentication is typically carried out between •A prover A , e.g., a hardware token such as a smart card, and • A verifier B , e.g., a secure server operated by your bank ECE UNM 1 (2/7/18)

  2. HOST Authentication Overview ECE 525 Authentication Overview The verifier B either • Confirms or accepts the prover’s identity as authentic or • Terminates without acceptance, i.e., rejects Note that the information exchanged with verifier B must be designed to prevent reuse by B , otherwise it could impersonate A to a third party C Authentication can be used for security objectives including: • Access control • Entity and message authentication • Data integrity • Non-repudiation • Key authentication Authentication can be carried out using • S ymmetric encryption techniques , e.g., via message authentication codes or MACs • Public/private encryption schemes via digital signatures • Through authenticated key establishment methods ECE UNM 2 (2/7/18)

  3. HOST Authentication Overview ECE 525 Authentication Overview The most common usage models include access control to a resource, e.g., to com- puter accounts, ATMs, to software, to a building, etc. The capabilities provided in the authentication protocol depend on the security requirements • An authentication protocol may be unilateral , i.e., from prover to verifier, or it may be mutual • Some protocols may preserve privacy , to prevent malicious adversaries from track- ing instances of authentications between the prover and verifier over time • Others may be symmetric in nature, requiring the use of a shared secret between the prover and verifier (a trusted third party (TTP) may be used as a liaison here) • Or may be asymmetric with the prover and verifier maintaining their own private secrets The computational and communication overheads of the protocols will depend on: • The type of protocol • Its security requirements • The security properties that must be guaranteed ECE UNM 3 (2/7/18)

  4. HOST Authentication Overview ECE 525 Entity Authentication Entity authentication techniques can be divided into 3 categories: • Something you know : Passwords, PINs and secret or private keys whose knowledge is demonstrated in challenge-response protocols • Something you possess : Physical accessory, resembling a passport in function Magnetic-striped cards, smart-cards and hand-held customized calculators (password generators) which provide time-variant passwords • Something inherent : Biometrics, e.g., human physical characteristics such as finger- prints, voice, retinal patterns and signatures Passwords represent the most widely used form of authentication, but are considered weak authentication protocols Passwords provide unilateral and time-invariant authentication Here, the userid serves as the claim of identity and the password serves as evi- dence supporting the claim Attacks include • Eavesdropping to enable replay • Password guessing such as dictionary attacks ECE UNM 4 (2/7/18)

  5. HOST Authentication Overview ECE 525 Entity Authentication On most systems, the passwords are encrypted using a one-way function (OWF) before being stored on disk A technique called salting is also commonly used to make dictionary attacks more difficult by expanding the search space for the adversary Two-stage authentication and password-derived keys address the insufficient entropy issue associated with human chosen passwords An n -digit PIN verifies the user to the token , e.g., smart card, in the first stage The token typically embeds additional secrets for use in stage two between the token and the system A variant uses passkeys to map a user password to a cryptographic key using a OWF The most secure of the weak authentication schemes uses one-time passwords , which addresses eavesdropping and replay attacks on password schemes ECE UNM 5 (2/7/18)

  6. HOST Authentication Overview ECE 525 Entity Authentication Challenge-Response protocols fall in the class of strong authentication protocols Here, authentication requires the prover to demonstrate knowledge of a secret without revealing the secret itself to the verifier The prover provides a response to a time-variant challenge , with the response insep- arably bound to both the secret and the challenge The challenge can be a random number , called a nonce (for ‘used only once’), a sequence number or a timestamp Time-variant parameters are countermeasures to replay attacks and certain types of chosen-text attacks This is true b/c the uniqueness and timeliness guarantees allow one protocol instance to be distinguished from another Note that challenge-response protocols requires some type of computing device and secure storage for long-term keying material ECE UNM 6 (2/7/18)

  7. HOST Authentication Overview ECE 525 Entity Authentication: Challenge-Response by Symmetric-key Each pair of communicating parties share a secret key In large communities, a TTP can provide session keys in real time to circumvent the need to distribute n 2 key pairs A common form of unilateral authentication uses random number(s) (RN). (B generates random nonce r B ) A ← B : rB B : EK rB B * A → ( , ) A. J. Menezes, et al. text • B generates random nonce r B and transmits it to A (over an unsecured channel) • A encrypts the nonce and the identifier B using a shared secret key K and trans- mits the encrypted message back to B • B then decrypts and 1) checks that the r B received matches the r B sent and 2) verifies B* is equal to his own B The shared secret K must be securely transmitted to A and B beforehand, typically using a mechanism involving a TTP, in order for this scheme to work ECE UNM 7 (2/7/18)

  8. HOST Authentication Overview ECE 525 Entity Authentication: Challenge-Response by Symmetric-key Mutual authentication requires a second nonce r A and a third message: B : rB A ← (B generates nonce r B ) A → B : EK rA rB B * ( , , ) (A generates nonce r A ) A B : EK rB rA ← ( , ) A. J. Menezes, et al. text Encryption ensures the nonces and identifiers are ‘inseparably’ bound as discussed above Challenge-Response using Keyed One-Way Functions Encryption is considered a ‘heavy weight’ cryptographic primitive, and may be replaced in resource-constrained devices by: • A one-way function (OWF) or a non-reversible function with shared key, and • A challenge The encryption algorithm E K is replaced by a MAC algorithm h K , i.e., a keyed hash function The receiver also computes the MAC and compares it with the received MAC ECE UNM 8 (2/7/18)

  9. HOST Authentication Overview ECE 525 Entity Authentication: Challenge-Response using Keyed One-Way Functions These protocols require an additional cleartext field r A to be transmitted A ← B : rB (B generates nonce r B ) B : rA hK rA rB B (A generates nonce r A ) A → , ( , , ) A ← B : hK rB rA A ( , , ) A. J. Menezes, et al. text B confirms that the hash value received, designated as h k ( r A , r B , B ), is equal to the value he/she computes locally using the same hash function and shared secret K A performs a similar validation using the transmitted hash h K ( r B , r A , A ) from B The computational infeasibility of finding a second input to h K that produces the same hash provides the security guarantee in this mutual authentication protocol Challenge-Response by Public-Key In this case, the prover decrypts a challenge using its secret key component of the public-private pair, which is encrypted by the verifier under its public key P A Alternatively, the prover can digitally sign a challenge ECE UNM 9 (2/7/18)

  10. HOST Authentication Overview ECE 525 Entity Authentication: Challenge-Response by Public-Key B chooses nonce r , computes the witness x = h(r) ( h is a OWF) A ← B : h r ( ) B PA r B , , ( , ) A B : r → A. J. Menezes, et al. text Here, x demonstrates knowledge of r without disclosing it B computes challenge e = P A (r, B) A decrypts e to recover r’ and B’ , computes x’ = h(r’) and rejects if x’ does not equal x or if B’ does not equal B Otherwise A sends r = r’ to B B succeeds with unilateral entity authentication of A upon verifying the received r agrees with his r The witness prevents chosen-text attacks ECE UNM 10 (2/7/18)

Recommend

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been

HOST PUF-Based Authentication ECE 525 PUF-Based Authentication PUF-based protocols have been proposed for applications including: Encryption and authentication For detecting malicious alterations of design components For

645 views • 15 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is

SECURITY TOPICS PART 2 AUTHENTICATION AUTHENTICATION Authentication is the process by which you decide that someone is who they say they are and therefore permitted to access the requested resources: getting entrance to a computer lab

833 views • 44 slides
The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch

The Authentication Jungle An overview of all sorts of authentication technologies Karol Babioch Security Engineer kbabioch@suse.de New authentication standards ... 2 Some authentication technologies ... 3 - Authentication theory -

1.28k views • 88 slides
Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a

Authentication Most technical security safeguards have Authentication authentication as a precondition How to authenticate: Something you know Password, Secrets Something you have Smart Card, Token Something you are Biometrie

607 views • 4 slides
1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

1 Password-Based Authentication Node A has a secret ( password ): e.g., lisa To

Authentication Protocols Guevara Noubir College of Computer and Information Science Northeastern University noubir@ccs.neu.edu Outline Overview of Authentication Systems [Chapter 9] Authentication of People [Chapter 10]

396 views • 17 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

1.66k views • 27 slides
Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication

Cryptography Authentication and Data Integrity Aims of Authentication Authentication and Data Integrity Authentication with Symmetric Key Encryption Authentication with Hash Cryptography Functions Authentication with MACs School of

613 views • 27 slides
THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication

THE STATE OF AUTHENTICATION Chad Spensky Allthenticate OUTLINE Who am I? Authentication overview Current state of Authentication The future of authentication MY JOURNEY 2012-2015 2004-2011 2015-Present 1998-2004 Staff at MIT

453 views • 34 slides
A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization,

A2: Broken Authentication and Session Management But first Authentication, Authorization, Sessions Authentication Determining user identity Multiple ways What you know (password) What you have (phone, RSA SecureID, Yubikey)

1.57k views • 28 slides
Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password

Web Authentication Thierry Sans Several Methods Local authentication with login and password Token-based authentication Third party authentication Local Authentication How to store and verify password? Clear Data can be hacked

615 views • 14 slides
Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239

Outline Introduction Authentication Basic authentication mechanisms CS 239 Authentication on a single machine Computer Security Authentication across a network February 21, 2007 Lecture 9 Lecture 9 Page 1 Page 2 CS 236,

302 views • 8 slides
Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR

Django User Authentication OVERVIEW OF USER AUTHENTICATION Anthony Alampi OWNER, X FACTOR CONSULTANTS www.XFactorConsultants.com User Authentication (Auth) The methods by which a web app verifies the identity of a user and limits their

334 views • 8 slides
I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform

I know who you are, but you can't come in Authentication and single sign-on in the SAS platform Agenda Authentication Inbound authentication Outbound authentication Single Sign-on Definitions Stage Process Method Physical

781 views • 48 slides
User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication

User Authentication Passport Jason Situ Passport What is it? Passport is authentication middleware for Node. It is designed to serve a singular purpose: authenticate requests. Supports a comprehensive set of authentication mechanisms called

808 views • 16 slides
Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and

Authentication, vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder Authentication in general Bishop: Authentication is the binding of an identity to a principal. Network-based authentication mechanisms

1.6k views • 43 slides
Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II 2016-01-29 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background Authentication eID

683 views • 44 slides
Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II

Information Security Identification and authentication Advanced User Authentication II 2019-02-08 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for lecture I within this part of the course Background Authentication eID

1.19k views • 102 slides
e-authentication Practices: A road to global implementation of e-authentication for

e-authentication Practices: A road to global implementation of e-authentication for

Market-driven e-authentication Practices: A road to global implementation of e-authentication for cross-bordered trade document Mr. Wanawit Ahkuputra Deputy Executive Director of ETDA Thailand HOD and AFACT chair. Building Soft

533 views • 13 slides
IT350 Web and Internet Programming SlideSet #18: HTTP Authentication

IT350 Web and Internet Programming SlideSet #18: HTTP Authentication

IT350 Web and Internet Programming SlideSet #18: HTTP Authentication http://www.httpwatch.com/httpgallery/authentication/ http://httpd.apache.org/docs/2.2/howto/auth.html Outline HTTP Basic Authentication HTTP Digest Authentication 1

349 views • 8 slides
Message Authentication MAC and Hash SMU CSE 5349/49 Message Authentication Verify that

Message Authentication MAC and Hash SMU CSE 5349/49 Message Authentication Verify that

Message Authentication MAC and Hash SMU CSE 5349/49 Message Authentication Verify that messages come from the alleged source, unaltered SMU CSE 5349/7349 Authentication Functions Message encryption Ciphertext itself serves as

1.16k views • 69 slides
Authentication Authentication Overview Registration User sends username and password

Authentication Authentication Overview Registration User sends username and password

Authentication Authentication Overview Registration User sends username and password Validate password strength Store salted hash of the password Authentication User sends username/password Retrieve the stored salted

359 views • 20 slides
Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy

Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy

Authentication Frequency (and Continuous Authentication) Mike Just Interactive and Trustworthy Technologies Group Glasgow Caledonian University SOUPS 2014 WAY Workshop 9 July 2014 Outline Authentication frequency Continuous

502 views • 12 slides
Information Security Identification and authentication Advanced User Authentication I 2018-02-02

Information Security Identification and authentication Advanced User Authentication I 2018-02-02

Information Security Identification and authentication Advanced User Authentication I 2018-02-02 Amund Hunstad Guest Lecturer, amund@foi.se Agenda for this part of the course Background Statistics in user authentication Biometric systems

568 views • 41 slides

More recommend