protocols ii
play

Protocols II Computer Security Lecture 12 David Aspinall School of - PowerPoint PPT Presentation

Mar 13, 2024 •251 likes •989 views

Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011 Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined

  1. Protocols II Computer Security Lecture 12 David Aspinall School of Informatics University of Edinburgh 17th February 2011

  2. Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined key exchange and authentication Summary

  3. Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined key exchange and authentication Summary

  4. Introduction ◮ Previous lecture examined some simple protocols:

  5. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys

  6. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys

  7. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces

  8. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts:

  9. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication

  10. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication ◮ Challenge response with public keys

  11. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication ◮ Challenge response with public keys ◮ Authentication and key establishment

  12. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication ◮ Challenge response with public keys ◮ Authentication and key establishment ◮ Digital certificates

  13. Introduction ◮ Previous lecture examined some simple protocols: ◮ Simple authentication using passwords, shared keys ◮ Challenge response with shared keys ◮ Use of nonces ◮ This lecture expands and extends these concepts: ◮ Mutual authentication ◮ Challenge response with public keys ◮ Authentication and key establishment ◮ Digital certificates ◮ More fun with nonces

  14. Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined key exchange and authentication Summary

  15. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as

  16. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as ◮ Minimal protocol using timestamps ; the “challenge” is implicit: Message 1. A → S : { T a , S } K as

  17. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as ◮ Minimal protocol using timestamps ; the “challenge” is implicit: Message 1. A → S : { T a , S } K as ◮ Nonces prevent replay of old messages

  18. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as ◮ Minimal protocol using timestamps ; the “challenge” is implicit: Message 1. A → S : { T a , S } K as ◮ Nonces prevent replay of old messages ◮ S is included inside the encrypted package to foil a reflection attack (impersonation of S to A).

  19. Reminder: shared-key unilateral authentication ◮ Minimal protocol using a random number : Message 1. S → A : N s Message 2. A → S : { N s , S } K as ◮ Minimal protocol using timestamps ; the “challenge” is implicit: Message 1. A → S : { T a , S } K as ◮ Nonces prevent replay of old messages ◮ S is included inside the encrypted package to foil a reflection attack (impersonation of S to A). ◮ Also, encrypting random strings can be risky: to prevent a chosen-text attack on the encryption scheme in the first case, A may include another random number in the encrypted package.

  20. Shared-key mutual authentication ◮ This protocol achieves mutual authentication using shared keys and nonces: Message 1. S → A : N s Message 2. A → S : { N s , N a , S } K as Message 3. S → A : { N a , N s } K as

  21. Shared-key mutual authentication ◮ This protocol achieves mutual authentication using shared keys and nonces: Message 1. S → A : N s Message 2. A → S : { N s , N a , S } K as Message 3. S → A : { N a , N s } K as ◮ The second nonce N a in message 2 serves both as a challenge for message 3 and to prevent chosen-text attacks. On receiving message 2, S checks N s was the nonce he issued in message 1, and that his name S is included in the encrypted package. He also recovers N a to send in message 3.

  22. Shared-key mutual authentication ◮ This protocol achieves mutual authentication using shared keys and nonces: Message 1. S → A : N s Message 2. A → S : { N s , N a , S } K as Message 3. S → A : { N a , N s } K as ◮ The second nonce N a in message 2 serves both as a challenge for message 3 and to prevent chosen-text attacks. On receiving message 2, S checks N s was the nonce he issued in message 1, and that his name S is included in the encrypted package. He also recovers N a to send in message 3. ◮ Mutual authentication may be obtained by running unilateral authentication twice, but that achieves something slightly weaker: the two authentications are not logically linked by the protocol (TOCTOU).

  23. Outline Introduction Shared-key Authentication Asymmetric authentication protocols Key exchange protocols Combined key exchange and authentication Summary

  24. Challenge-response with PK decryption ◮ Designing public-key based protocols is also subtle. For example, it’s important not to use a key-pair used for authentication for other purposes, since combining usages can compromise security. ◮ First PK approach: Alice demonstrates knowledge of a private key by decrypting a challenge . Message 1. S → A : h ( N s ) , S, { N s , S } K a Message 2. A → S : N s

  25. Challenge-response with PK decryption ◮ Designing public-key based protocols is also subtle. For example, it’s important not to use a key-pair used for authentication for other purposes, since combining usages can compromise security. ◮ First PK approach: Alice demonstrates knowledge of a private key by decrypting a challenge . Message 1. S → A : h ( N s ) , S, { N s , S } K a Message 2. A → S : N s ◮ Server Sam invents a nonce N s , and challenges Alice to discover it.

  26. Challenge-response with PK decryption ◮ Designing public-key based protocols is also subtle. For example, it’s important not to use a key-pair used for authentication for other purposes, since combining usages can compromise security. ◮ First PK approach: Alice demonstrates knowledge of a private key by decrypting a challenge . Message 1. S → A : h ( N s ) , S, { N s , S } K a Message 2. A → S : N s ◮ Server Sam invents a nonce N s , and challenges Alice to discover it. ◮ He sends a packet containing the nonce encrypted with her public key K a and a witness h ( N s ) , where h is a one-way hash function, which prevents chosen-text attacks.

  27. Challenge-response with PK decryption ◮ Designing public-key based protocols is also subtle. For example, it’s important not to use a key-pair used for authentication for other purposes, since combining usages can compromise security. ◮ First PK approach: Alice demonstrates knowledge of a private key by decrypting a challenge . Message 1. S → A : h ( N s ) , S, { N s , S } K a Message 2. A → S : N s ◮ Server Sam invents a nonce N s , and challenges Alice to discover it. ◮ He sends a packet containing the nonce encrypted with her public key K a and a witness h ( N s ) , where h is a one-way hash function, which prevents chosen-text attacks. ◮ Alice decrypts, and responds with N s only if the hash and name both match. When Sam sees his nonce N s returned, Alice is authenticated.

  28. Challenge-response with digital signatures ◮ Alice demonstrates knowledge of her signature private key by signing a challenge . Message 1. S → A : N s Message 2. A → S : N a , S, S A ( N a , N s , S ) ◮ Server Sam sends a nonce N s . Alice replies with a message containing her own nonce N a , the name S , and the signature for a message with both nonces and the name. She constructs the signature using her private signing function S A .

Recommend

Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

Application-Layer Protocols: The World-Wide Web (HTTP) Reliable file transfer (FTP) The

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport network Example client/server systems and link their application-level protocols: physical Application-Layer Protocols:

432 views • 10 slides
Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

Application-Layer Protocols The World-Wide Web (HTTP) Reliable file transfer (FTP)

COMP 431 Application-Layer Protocols Internet Services & Protocols Outline application application transport Example client/server systems and network their application-level protocols: link physical Application-Layer Protocols

281 views • 13 slides
Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI

Communication Chapter 2 Layered Protocols (1) 2-1 Layers, interfaces, and protocols in the OSI model. 1 Layered Protocols (2) 2-2 A typical message as it appears on the network. Data Link Layer 2-3 Discussion between a receiver and a

577 views • 23 slides
4 Application Layer Protocols Device Management Protocols Application layer protocols offering

4 Application Layer Protocols Device Management Protocols Application layer protocols offering

EPFL, Spring 2017 4 Application Layer Protocols Device Management Protocols Application layer protocols offering remote services for large networks of devices: - Monitoring (health of devices and network, get current state) - Management

1.31k views • 93 slides
Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL?

The 1 st World Congress on Controversies in Hematology (COHEM) Rome, September, 2-5, 2010 Session 4. Acute Lymphoblastic Leukemia Is the efficacy of the pediatric-like protocols for ALL superior to the protocols for adult ALL? No No JM

990 views • 44 slides
Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over

Security Protocols Q: Why security protocols? Bob Alice A: To allow reliable communication over an untrusted channel (eg. Internet) 2 Security Protocols are out there Authentication Confidentiality Example: HTTPS (HTTP + TLS)

669 views • 42 slides
1 Pitfalls of Lock-Based Protocols (Cont.) The Two-Phase Locking Protocol The potential for

1 Pitfalls of Lock-Based Protocols (Cont.) The Two-Phase Locking Protocol The potential for

Concurrency Control Lock-Based Protocols Timestamp-Based Protocols Lecture 9 Concurrency Control Validation-Based Protocols Multiple Granularity Multiversion Schemes Deadlock Handling Chapter 16 Insert and Delete

780 views • 8 slides
Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction

Cryptographic protocols Cryptographic protocols small programs designed to secure Introduction to cryptographic protocols communication (various security goals) Bruno Blanchet use cryptographic primitives (e.g. encryption, hash function,

451 views • 14 slides
AW Central Lab - UCMR 3 Sampling Protocols Sampling Protocols Presenter: Cody Cruse Rev

AW Central Lab - UCMR 3 Sampling Protocols Sampling Protocols Presenter: Cody Cruse Rev

AW Central Lab - UCMR 3 Sampling Protocols Sampling Protocols Presenter: Cody Cruse Rev 01-22-13 Rpt Ver: andy 1/22/2013 2:23:35 PM 1 of 17 Agenda Review UCMR 3 Test Groups Sampling Protocols Storage and Transportation 2 Rpt

712 views • 17 slides
Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief

Analysis of Security Protocols 01 Analysis of Security Protocols Gavin Lowe Analysis of Security Protocols 02 Overview Brief introduction to security protocols; Model checking of security protocols, particularly using the process

1.28k views • 110 slides
Consistency Protocols Description describe an implementation of a specific

Consistency Protocols Description describe an implementation of a specific

Consistency Protocols Description describe an implementation of a specific consistency model Classification Distributed Systems (ICE 601) primary-based protocols remote-write protocols Replication & Consistency

425 views • 4 slides
HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest

HOST PUF-Based Authentication Protocols ECE 525 PUF-Based Authentication Protocols The simplest mechanisms called challenge-response entity authentication exchange cleartext bitstrings directly, i.e., no cryptographic primitives are used A PUF

1.08k views • 38 slides
Developing - Implementing - Enforcing New Protocols in a Health Club Environment DEVELOPING

Developing - Implementing - Enforcing New Protocols in a Health Club Environment DEVELOPING

Developing - Implementing - Enforcing New Protocols in a Health Club Environment DEVELOPING COVID-19 PROTOCOLS & GUIDELINES PROTOCOL RESEARCH + CREATION Wellness Partners + Hospital Network Patient room protocols for cleaning

751 views • 37 slides
Applications Lecture goal: Overview: conceptual + implementation specific protocols:

Applications Lecture goal: Overview: conceptual + implementation specific protocols:

Applications Lecture goal: Overview: conceptual + implementation specific protocols: aspects of network o http --- Web application protocols o ftp --- File transfer learn about protocols by examining popular o smtp --- Mail

419 views • 17 slides
Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering

Security Protocols Security protocols are the intellectual core of security engineering They are where cryptography and system mechanisms meet They allow trust to be taken from where it exists to where it s needed But they are

941 views • 67 slides
Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols

Secure Multi-Party Computation Lecture 17 GMW & BGW Protocols MPC Protocols MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against passive adversaries MPC Protocols Yao s Garbled Circuit : 2-Party SFE secure against

2.07k views • 85 slides
Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to

Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to

Outline Cryptographic protocols, pt. 1 Key distribution and PKI CSci 5271 Introduction to Computer Security Announcements intermission Day 17: Crypto protocols and S protocols SSH Stephen McCamant University of Minnesota, Computer

338 views • 7 slides
2CL Protocols: Interaction Patterns Specification in Commitment Protocols Elisa Marengo

2CL Protocols: Interaction Patterns Specification in Commitment Protocols Elisa Marengo

2CL Protocols: Interaction Patterns Specification in Commitment Protocols Elisa Marengo Universit` a degli Studi di Torino Scuola di Dottorato in Scienze ed Alta Tecnologia Dottorato in Informatica Ph.D. Thesis Defence - Torino, October 19,

694 views • 68 slides
Transport Protocols End-to-End Protocols Convert host-to-host packet delivery service into a

Transport Protocols End-to-End Protocols Convert host-to-host packet delivery service into a

Transport Protocols End-to-End Protocols Convert host-to-host packet delivery service into a process-to-process communication channel Demultiplexing: Multiple applications can share the Kameswari Chebrolu network Dept. of Electrical

211 views • 7 slides
Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017

Complexity of automatic verification of cryptographic protocols Clermont Ferrand 02/02/2017 Vincent Cheval Equipe Pesto, INRIA, Nancy 1 Cryptographic protocols Communication on public network Cryptographic protocols: Concurrent programs

946 views • 69 slides
Protocols and Policies Addressing the Needs of Students at Risk for Suicide SAMHSA Contract

Protocols and Policies Addressing the Needs of Students at Risk for Suicide SAMHSA Contract

Protocols and Policies Addressing the Needs of Students at Risk for Suicide SAMHSA Contract 283-07-0705 to IFC Macro DG 1/25/11 1 Suicide Prevention Protocols Protocols or procedures are needed to address the needs of young people

552 views • 19 slides
Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA),

Formal verification of privacy (for RFID protocols) Stphanie Delaune quipe EMSEC (IRISA), CNRS, France Tuesday, September 13th, 2016 Security protocols everywhere ! Cryptographic protocols small programs designed to secure

923 views • 56 slides
Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS,

Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS,

Symbolic verification of distance bounding protocols Stphanie Delaune Univ Rennes, CNRS, IRISA, France joint work with Alexandre Debant and Cyrille Wiedling 1/29 Security protocols everywhere ! Cryptographic protocols small

1.04k views • 56 slides
Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval,

Exploiting symmetries when proving equivalence properties for security protocols Vincent Cheval, Steve Kremer, Itsaka Rakotonirina Inria Nancy Grand-Est Security protocols TLS Wifi @ PASS E-voting E-passport 2 24 Security protocols

830 views • 69 slides

More recommend