Authentication Advanced Software Engineering (CSE870) Instructor: Dr. B. Cheng Contact info: chengb...
-
date post
21-Dec-2015 -
Category
Documents
-
view
214 -
download
0
Transcript of Authentication Advanced Software Engineering (CSE870) Instructor: Dr. B. Cheng Contact info: chengb...
Authentication Advanced Software Engineering (CSE870)
Instructor: Dr. B. ChengContact info: chengb at cse dot msu dot edu
Authentication Advanced Software Engineering (CSE870)
Instructor: Dr. B. ChengContact info: chengb at cse dot msu dot edu
Eduardo Diaz
Dan Fiedler
Andres Ramirez
Eduardo Diaz
Dan Fiedler
Andres Ramirez
Road MapRoad Map
Introduction to Authentication Needham-Schroeder, Otway-Rees, Kerberos
Commonalities Additional Requirements Class Diagrams State Diagrams Conclusions
Introduction to Authentication Needham-Schroeder, Otway-Rees, Kerberos
Commonalities Additional Requirements Class Diagrams State Diagrams Conclusions
AuthenticationAuthentication
Purpose Key exchange.
Allow Alice to secretly communicate with Bob using a shared cryptographic key.
Methods Private keys, shared keys, public keys…
Potential Problems Trustworthy? Safe handling of private keys?
Purpose Key exchange.
Allow Alice to secretly communicate with Bob using a shared cryptographic key.
Methods Private keys, shared keys, public keys…
Potential Problems Trustworthy? Safe handling of private keys?
Needham-SchroederNeedham-Schroeder
1. Alice Cathy: {Alice || Bob || rand1}
2. Cathy Alice: {Alice || Bob || rand1}Ksess
|| {Alice || Ksess}kbob}kalice
3. Alice Bob: {Alice || ksess}kbob
4. Bob Alice: {rand2}ksess
5. Alice Bob: {rand2 - 1}ksess
1. Alice Cathy: {Alice || Bob || rand1}
2. Cathy Alice: {Alice || Bob || rand1}Ksess
|| {Alice || Ksess}kbob}kalice
3. Alice Bob: {Alice || ksess}kbob
4. Bob Alice: {rand2}ksess
5. Alice Bob: {rand2 - 1}ksess
Needham SchroederNeedham Schroeder
Motive? Prevent replay attacks
A valid data transmission is retransmitted maliciously.
Nonces Randomly generated numbers to identify
exchanges. Key idea: Cathy is trusted by Alice and
Bob.
Motive? Prevent replay attacks
A valid data transmission is retransmitted maliciously.
Nonces Randomly generated numbers to identify
exchanges. Key idea: Cathy is trusted by Alice and
Bob.
Otway-ReesOtway-Rees
1. Alice Bob: num || Alice || Bob || { rand1 || num || Alice|| Bob}kalice
2. Bob Cathy: num || Alice || Bob ||
{rand1 || num || Alice || Bob}kalice || {rand2 || num || Alice || Bob}kbob
3. Cathy Bob: num || {rand1 || ksess}kalice || {rand2 || ksess}kbob
4. Bob Alice: num || {rand1 || ksess}kalice
1. Alice Bob: num || Alice || Bob || { rand1 || num || Alice|| Bob}kalice
2. Bob Cathy: num || Alice || Bob ||
{rand1 || num || Alice || Bob}kalice || {rand2 || num || Alice || Bob}kbob
3. Cathy Bob: num || {rand1 || ksess}kalice || {rand2 || ksess}kbob
4. Bob Alice: num || {rand1 || ksess}kalice
Otway-ReesOtway-Rees
Motivation Needham-Schroeder assumes all cryptographic
keys are secure… in practice generated pseudorandomly… but it can be predicted.
Num Verify that num agrees through the exchanges.
Key Idea Cathy is again the trustworthy element.
Motivation Needham-Schroeder assumes all cryptographic
keys are secure… in practice generated pseudorandomly… but it can be predicted.
Num Verify that num agrees through the exchanges.
Key Idea Cathy is again the trustworthy element.
KerberosKerberos
1. Alice Cerberus: Alice || Barnum
2. Cerberus Alice: {kalice,barnum}kalice || Talice,barnum
3. Alice Barnum: Guttenberg || Aalice,barnum ||
Talice,barnum
1. Barnum Alice: Alice || {kalice,guttenberg}kalicebarnum
|| Talice,guttenberg
1. Alice Guttenberg: Aalice,guttenberg ||
Talice,guttenberg
6. Guttenberg Alice: {t+1}kalice,guttenberg
1. Alice Cerberus: Alice || Barnum
2. Cerberus Alice: {kalice,barnum}kalice || Talice,barnum
3. Alice Barnum: Guttenberg || Aalice,barnum ||
Talice,barnum
1. Barnum Alice: Alice || {kalice,guttenberg}kalicebarnum
|| Talice,guttenberg
1. Alice Guttenberg: Aalice,guttenberg ||
Talice,guttenberg
6. Guttenberg Alice: {t+1}kalice,guttenberg
KerberosKerberos
What is T? Talice,barnum = Barnum || {Alice || Alice Address ||
valid time || kalice,barnum}kbarnum
What is A? {Alice || generation time || kt}kalice,barnum
Kt… not used.
What is T? Talice,barnum = Barnum || {Alice || Alice Address ||
valid time || kalice,barnum}kbarnum
What is A? {Alice || generation time || kt}kalice,barnum
Kt… not used.
KerberosKerberos
Motivation Separate authentication of the user to ticket granting
server and resource being requested.
2 Servers Authenticate first Obtain ticket second
Key Idea: Time windows Separation of trusted parties
Motivation Separate authentication of the user to ticket granting
server and resource being requested.
2 Servers Authenticate first Obtain ticket second
Key Idea: Time windows Separation of trusted parties
CommonalitiesCommonalities
Message Passing Authentication Requests Encryption / Decryption Key Passing … other than that, not much!
Each protocol has slight variants.
Message Passing Authentication Requests Encryption / Decryption Key Passing … other than that, not much!
Each protocol has slight variants.
Additional RequirementsAdditional Requirements
Same as other groups plus: Incorporate 2 design patterns
1 must be a security design pattern Strategy Design Pattern (encryption algorithms) Single Access Point (entry and logging)
Instantiate the framework at MISys At the whitebox level
Same as other groups plus: Incorporate 2 design patterns
1 must be a security design pattern Strategy Design Pattern (encryption algorithms) Single Access Point (entry and logging)
Instantiate the framework at MISys At the whitebox level