Lecture Network security: Chapter 24 - Dr. Munam Ali Shah.pptx (Incorporating security)

Network Security Lecture 24 Presented by: Dr. Munam Ali Shah Part – 2 (e): Incorporating security in other parts of the network Summary of the Previous Lecture  In previous lecture we explored problems in message authentication  We studied how digital signatures could be used to address message authentication problem.  We talked about Direct Digital Signature and Arbitrated Digital signature.  We also explored an example of message authentication protocol, i.e., Needham-Schroeder Protocol Outlines of today’s lecture  We will continue our discussion on Needham-Schroeder Protocol and will see how does it work  Digital Signature Standard (DSS) and Digital Signature Algorithm (DSA) will be discussed  We will talk about authentication applications  And will study Kerberos which is an authentication service developed at MIT Objectives  You would be able to present an understanding of the higher level message authentication mechanism.  You would be able demonstrate knowledge about different applications used for message authentication Recall the problem in message authentication  Message authentication protect two parties from third party, will it protect two parties from each ??  Alice sends authenticated message to Bob (msg+MAC)  Bob may forge a different message and claims that it comes from Alice  Alice can deny sending the message to Bob later on  hence include authentication function with additional capabilities  The solution is Digital Signature and Authentication Protocols Authentication Protocols  Used to convince parties of each other's identity and to exchange session keys  May be one-way or mutual  key issues of authenticated key exchange are  confidentiality – to prevent masquerading and to protect session keys (secret or public key are used)  timeliness – to prevent replay attacks Needham-Schroeder Protocol  The term Needham–Schroeder protocol can refer to one of the two protocols intended for use over an insecure network, both proposed by Roger Needham and Michael Schroeder. These are:  The Needham–Schroeder Symmetric Key Protocol is based on a symmetric encryption algorithm. It forms the basis for the Kerberos protocol. This protocol aims to establish a session key between two parties on a network, typically to protect further communication.  The Needham–Schroeder Public-Key Protocol, based on public-key cryptography. This protocol is intended to provide mutual authentication between two parties communicating on a network, but in its proposed form is insecure. Needham-Schroeder Protocol  Here, Alice (A) initiates the communication to Bob (B). S is a server trusted by both parties. In the communication:  A and B are identities of Alice and Bob respectively  KAS is a symmetric key known only to A and S  KBS is a symmetric key known only to B and S  NA and NB are nonces generated by A and B respectively  KAB is a symmetric, generated key, which will be the session key of the session between A and B Needham-Schroeder Protocol The protocol can be specified as follows in security protocol notation: Alice sends a message to the server identifying herself and Bob, telling the server she wants to communicate with Bob. The server generates and sends back to Alice a copy encrypted under for Alice to forward to Bob and also a copy for Alice. Since Alice may be requesting keys for several different people, the nonce assures Alice that the message is fresh and that the server is replying to that particular message and the inclusion of Bob's name tells Alice who she is to share this key with. Alice forwards the key to Bob who can decrypt it with the key he shares with the server, thus authenticating the data. Bob sends Alice a nonce encrypted under he has the key. to show that Alice performs a simple operation on the nonce, re-encrypts it and sends it back verifying that she is still alive and that she holds the key. Needham-Schroeder Protocol  Used to securely distribute a new session key for communications between A & B  It is vulnerable to a replay attack if an old session key has been compromised  Modifications to address this require:  timestamps (Denning 81)  using an extra nonce (Neuman 93) (Both are improved protocols) Public key encryption Approches  Have a range of approaches based on the use of public- key encryption  Need to ensure have correct public keys for other parties  Using a central authentication server (AS)  Various protocols exist using timestamps or nonces Denning Protocol  In Denning 81, session key is chosen by A,  AS just provide public key certificate  timestamps prevent replay but require synchronized clocks One way authentication  Required when sender & receiver are not in communications at same time (e.g., email)  Have header in clear so can be delivered by email system  Email system has two requirements:  Protected body contents: Email messages should be encrypted and mail-handling system should not be in possession of decrypting key  Sender authenticated: recipient wants some assurance that message is from alleged sender Digital Signature Standard (DSS)  US Govt approved signature scheme  Designed by NIST & NSA in early 90's  Published as FIPS-186 in 1991  Revised in 1993, 1996 & then 2000  Uses the SHA hash algorithm  DSS is the standard, DSA is the algorithm  FIPS 186-2 (2000) includes alternative RSA & elliptic curve signature variants DSS Approach vs. RSA Approach Digital Signature Algorithm (DSA)  Global public key  q: A 160 bit prime number is chosen  p: is selected with length between 512 and 1024 bits such that q divides (p-1)  g: = h(p-1)q mod p, h is integer between 1 to (p-1) and g > 1  Each user generate a private and public key with these numbers  Private key is x: randomly chosen number from 1 to (p-1)  Public key is y: y = gx mod p DSA Signature Creation  To sign a message M the sender:  generates a random signature key k, k

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Lecture Network security: Chapter 24 - Dr. Munam Ali Shah

Nội dung