Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Learning outcomes...

Internet Management & Security 06Dr Alejandra Flores-Mosri

Security applications Learning outcomes

At the end of this session, you should be able to:

– Identify applications of symmetric and public key cryptography

– Describe the operation and uses of Kerberos 4– Explain the operation and uses of X.509– Describe the operation and uses of Pretty-Good-

Privacy (PGP)


Security applications Kerberos Authentication Protocol

Kerberos is a distributed authentication protocol using a key distribution centre (i.e., similar to Needham-Schroeder).

Kerberos is designed for a distributed client-server network where users may access any client PC and demand service from any server.

• For authenticating users to servers• For authenticating servers to users• Heavily uses symmetric encryption (e.g., DES)


Security applicationsWhy KERBEROS

-security concerns

• Among users who wish to access services on servers,

• three threats exist:– User pretends to be someone else– User alters network address of a client– User eavesdrops on exchanges between others

and attack by “replay” later


Security applicationsAbbreviations

– C: Client (workstation, computer, etc)– AS: Authentication Server (knows all the passwords)– V: Server providing services such as email, printing– IDc: ID of user on C– IDv: ID of serVer

– Pc: Password of user on C

– ADc: Network Address of C

– Kv: encryption key shared by AS an V– TS: Time Stamp– ||: Concatenation


Security applications Simple Dialogue

(1) C AS: IDc || Pc || IDv

(2) AS C: Ticket

(3) C V: IDc || Ticket

Ticket = EKv[IDc || ADc || IDv]

Problem: password is sent in plaintext Problem: a ticket is required for each service !

The ticket assures the server that the client has been authenticated by the authentication server (AS).


Security applicationsAbbreviations

– C: Client (workstation, computer, etc)– AS: Authentication Server– TGS: Ticket Granting Server– V: Server providing services such as printing– IDc: ID of user on C– IDv: ID of serVer– IDTGS: ID of Ticket Granting Server– Pc: Password of user on C– ADc: Network Address of C– KC: encryption key shared by AS and C (derived from user’s

password Pc)– Kv: encryption key shared by the TGS an the service server– KTGS: encryption key shared by AS and the TGS server– TS: Time Stamp– LifeTime: validity for the ticket– ||: Concatenation


Security applications

Improved dialogue

Once per user logon session

(1) C AS: IDc || IDtgs

(2) AS C: EKc [Tickettgs]

Tickettgs=EKtgs[IDc || ADc||IDtgs||TS1||Lifetime1]

Once per type of service

(3) C TGS: IDc || IDv || Tickettgs

(4) TGS C : Ticketv

Ticketv=EKv[IDc || ADc||IDv||TS2||Lifetime2]

Once for service session

(5) C V: IDc || Ticketv

(long)

(short)


Security applications Problems

Problems:• Lifetime related to ticket-granting ticket

– Too short user repeatedly asked for password– Too long greater opportunity to replay

• An opponent could steal the tickets and use them before they expire

• Need to authenticate servers


Security applications

Overview of Kerberos

Dialogue I

Dialogue II

Dialogue III


Security applications Kerberos 4 Dialogue (I)

Authentication Service Exhange:

To obtain Ticket-Granting Ticket

(1) C AS: IDc || IDtgs ||TS1

(2) AS C:

EKc [Kc,tgs|| IDtgs || TS2 || Lifetime2 || Tickettgs]

Tickettgs= EKtgs [Kc,tgs|| IDc||ADc||IDtgs||TS2||Lifetime2]

Kc,tgs: a session key between C and TGS


Security applications Kerberos 4 Dialogue (II)

Ticket-Granting Service Echange:

To obtain Service-Granting Ticket

(3) C TGS: IDv ||Tickettgs ||Authenticatorc

(4) TGS C: EKc [Kc,v|| IDv || TS4 || Ticketv]

Tickettgs= EKtgs [Kc,tgs|| IDc||ADc||IDtgs||TS2||Lifetime2]

Ticketv= EKv [Kc,v|| IDc||ADc||IDv||TS4||Lifetime4]

Authenticatorc = Ectgs [IDc||ADc||TS3]

Kc,v: a session key between C and server


Security applications Kerberos 4 Dialogue (III)

Client/Server Authentication Exhange:

To Obtain Service

(5) C V: Ticketv || Authenticatorc

(6) V C: EKc,v[TS5 +1]

Ticketv = EKv [Kc,v|| IDc||ADc||IDv||TS4||Lifetime4]

Authenticatorc=EKc,v [IDc||ADc||TS5]


Security applications Recommended Reading

• William Stallings, “Network Security Essentials”, chapter 4 for Kerberos, chapter 3.4 for Diffie-Hellman Key Exchange Algorithm.

• A. S. Tanenbaum, “Computer Networks”, chapter 8.7 for Authentication Protocols.

• Bryant, W. Designing an Authentication System: A Dialogue in Four Scenes. http://web.mit.edu/kerberos/www/dialogue.html

• Kohl, J.; Neuman, B. “The Evolution of the Kerberos Authentication Service” http://web.mit.edu/kerberos/www/papers.html

• http://www.isi.edu/gost/info/kerberos/


Security applications X.509 Authentication Service

What should be the exact format of a public key certificate?

Who will issue certificates?

X.509 answers these questions. X.509 is a standard

that defines

the certificate format, and

the hierarchical structure to distribute certificates.


Security applications X.509 Certificate Format


Security applications X.509 Certificate Format

The basic fields of an X.509 certificate.


Security applicationsX.509 Certificate

Revocation

•Certificates can be revoked

(cancelled) by the CA.

•Certificate Revocation Lists

(CRLs) are disseminated in the

network periodically by the CA.


Security applications X.509 Hierarchy

Who is the Certificate Authority anyway ???

Imagine we have one CA for whole world.

It doesn’t work. The CA servers would collapse under the global load.

Imagine we have many CAs that are run by the same organisation, with the same private and public key.

It doesn’t work. If one set of private key is used by all CAs all around the world, eventually someone will leak the private key out. Besides who will be that central organisation that runs all CAs?



Regional Authority

•Many CAs exist, each with its own private & public keys and registered users.

•Each CAs is certified by a Regional Authority.

•Each Regional Authorithy is certified by Root.

•The overall hierarchy including users, certificates, CAs and directories is also called Public Key Infrastructure (PKI).



•PKI is an evolving idea and a current research field. The terms

Root and Regional Authority are not standard.

•Today there is no one Root. And that’s normal. Noone wants to

trust one root.

•Each browser comes with public keys for about 100 roots, such as

VeriSign, GTE, GlobalSign etc.


Security applications X.509 Authentication Procedures

Notation:

Y{I}: the signing of I by Y. This indicates a packet that consists of I with an encrypted hash code appended by Y.

It is assumed that the two parties, A and B, know each other’s

public key, either by obtaining each other’s certificates from the

directory or because the certificate is included in the initial message

from each side.



One-Way Authentication:

One-way authentication to establish1) A’s ID and message’s authenticity2) Message’s intended destination3) Message’s integrity & originality



Two-Way Authentication:

Two-way authentication establish1) + 2) + 3) +4) B’s ID and reply’s authenticity5) Intended recipient of reply6) Reply’s integrity and originality



Three-Way Authentication:

Three-way authentication establish1) + 2) + 3) + 4) + 5) + 6) + 7) Signed nonce if without synchronised clocks


Security applications Pretty Good Privacy

• Philip R. Zimmerman is the creator of

PGP.

• PGP provides a confidentiality and

authentication service that can be used

for electronic mail and file storage

applications.


Security applications Why Is PGP Popular?

• It is availiable free on a variety of platforms.

• Based on well known algorithms.

• Wide range of applicability.

• Not developed or controlled by governmental

or standards organisations.


Security applications Operational Description

• Consist of five services:– Authentication– Confidentiality– Compression– E-mail compatibility– Segmentation


Security applications Abbreviations

Ks: session key used in symmetric encryption

KRa: private key of user A, used in public-key encryption

KUa: public key of user A, used in public-key encryption

EP: public-key encryption

DP: public-key decryption

EC: symmetric encryption

DC: symmetric decryption

H: Hash function

||: concatenation

Z: compression using ZIP algorithm

R64: conversion to radix 64 ASCII format


Security applications PGP-Authentication Only


Security applications PGP-Confidentiality Only

Source A Destination B


Security applications PGP-Authentication and Confidentiality

Source A Destination B


Security applications Compression

• PGP compresses the message after applying

the signature but before encryption

• The placement of the compression algorithm

is critical.

• The compression algorithm used is ZIP


Security applications E-mail Compatibility

• The scheme used is radix-64.

• The use of radix-64 expands the message by 33%.


Security applications Segmentation and Reassembly

• Email systems are often restricted to a maximum message length of 50,000 octets.

• Longer messages must be broken up into segments.

• PGP automatically subdivides a message that is too large.

• Segmentation is done after all other processing, including Radix 64 conversion.

• The receiver strip of all e-mail headers and reassemble the block.


Security applications PGP Generic Operation

K←DKRb[EKUb[Ks]]; X←DK[X]


Security applications Format of PGP Message


Security applications PGP Operation and Key Rings


Security applications PGP Operation and Key Rings


Security applications PGP Public Key Management

1. Alice and Bob can physically exchange public keys.

2. Alice and Bob may rely on a phone conversation, if they can

recognise each other’s voices, to exchange public keys.

3. Alice and Bob may both trust David, and David can send

Alice and Bob each other’s public keys.

4. Alice and Bob may rely on trusted Certification Authorities.

PGP supports all four options. More specifically, PGP is recognises X.509 certificates (i.e., option 4) and it recognises certificates signed by trusted individuals (i.e., option 3).

PGP supports all four options. More specifically, PGP is recognises X.509 certificates (i.e., option 4) and it recognises certificates signed by trusted individuals (i.e., option 3).


Security applications Recommended Reading

• William Stallings, “Network Security Essentials”• www.pgp.com• http://www.rubin.ch/pgp/weboftrust.en.html• https://digitalid.verisign.com/client/help/

tutorial.htm• RFC 822, 2045, 2046, 2630, 2632, and 2633

Date post:	21-Dec-2015
Category:	Documents
View:	227 times
Download:	0 times

Dr Alejandra Flores-Mosri Security applications Internet Management & Security 06 Learning outcomes...

Documents