Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says...
-
Upload
winifred-chandler -
Category
Documents
-
view
219 -
download
1
Transcript of Authentication. Goal: Bob wants Alice to “prove” her identity to him Protocol ap1.0: Alice says...
Authentication
Authentication
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap1.0: Alice says “I am Alice”
Failure scenario??“I am Alice”
Authentication
Goal: Bob wants Alice to “prove” her identity to him
Protocol ap1.0: Alice says “I am Alice”
in a network,Bob can not “see”
Alice, so Trudy simply declares
herself to be Alice“I am Alice”
Authentication: another tryProtocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
Failure scenario??
“I am Alice”Alice’s
IP address
Authentication: another tryProtocol ap2.0: Alice says “I am Alice” in an IP packet
containing her source IP address
Trudy can createa packet
“spoofing”Alice’s address“I am Alice”
Alice’s IP address
Authentication: another tryProtocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
Failure scenario??
“I’m Alice”Alice’s IP addr
Alice’s password
OKAlice’s IP addr
Authentication: another tryProtocol ap3.0: Alice says “I am Alice” and sends her
secret password to “prove” it.
playback attack: Trudy records Alice’s
packetand later
plays it back to Bob
“I’m Alice”Alice’s IP addr
Alice’s password
OKAlice’s IP addr
“I’m Alice”Alice’s IP addr
Alice’s password
Authentication: yet another tryProtocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
Failure scenario??
“I’m Alice”Alice’s IP addr
encrypted password
OKAlice’s IP addr
Authentication: another tryProtocol ap3.1: Alice says “I am Alice” and sends her
encrypted secret password to “prove” it.
recordand
playbackstill works!
“I’m Alice”Alice’s IP addr
encryptedpassword
OKAlice’s IP addr
“I’m Alice”Alice’s IP addr
encryptedpassword
Authentication: yet another tryGoal: avoid playback attack
Failures, drawbacks?
Nonce: number (R) used only once –in-a-lifetime
ap4.0: to prove Alice “live”, Bob sends Alice nonce, R. Alice
must return R, encrypted with shared secret key“I am Alice”
R
K (R)A-B
Alice is live, and only Alice knows key to encrypt
nonce, so it must be Alice!
Authentication: ap5.0ap4.0 requires shared symmetric key • can we authenticate using public key techniques?
ap5.0: use nonce, public key cryptography
“I am Alice”
RBob computes
K (R)A-
“send me your public key”
K A+
(K (R)) = RA
-K A
+
and knows only Alice could have the
private key, that encrypted R such that
(K (R)) = RA-
K A+
ap5.0: security holeMan (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
I am Alice I am Alice
R
TK (R)
-
Send me your public key
TK
+A
K (R)-
Send me your public key
AK
+
TK (m)+
Tm = K (K (m))+
T-
Trudy gets
sends m to Alice encrypted
with Alice’s public key
AK (m)+
Am = K (K (m))+
A-
R
ap5.0: security holeMan (woman) in the middle attack: Trudy poses as
Alice (to Bob) and as Bob (to Alice)
Difficult to detect: Bob receives everything that Alice sends, and vice versa. (so Bob and Alice can meet one week later and recall conversation) problem is that Trudy receives all messages as well!
Chapter3Message Authentication Message Authentication
seriouslyseriously
OUTLINE
• Approaches to Message Authentication
• Secure Hash Functions and HMAC
Authentication
• Requirements - must be able to verify that:1. Message came from apparent
source or author,2. Contents have not been altered,3. Sometimes, it was sent at a certain time or sequence.
• Protection against active attack (falsification of data and transactions)
Approaches to Message Authentication
• Authentication Using Conventional Encryption– Only the sender and receiver should share a key
• Message Authentication without Message Encryption– An authentication tag is generated and appended to
each message
• Message Authentication Code– Calculate the MAC as a function of the message and
the key. MAC = F(K, M)
One-way HASH One-way HASH functionfunction
One-way HASH function
• Secret value is added before the hash and removed before transmission.
Secure HASH Functions• Purpose of the HASH function is to produce a
”fingerprint.• Properties of a HASH function H :
1. H can be applied to a block of data of any size
2. H produces a fixed length output
3. H(x) is easy to compute for any given x.
4. For any given block x, it is computationally infeasible to find x such that H(x) = h
5. For any given block x, it is computationally infeasible to find with H(y) = H(x).
6. It is computationally infeasible to find any pair (x, y) such that H(x) = H(y)
xy
Simple Hash Function
• One-bit circular shift on the hash value after each block is processed would improve
Internet checksum: poor crypto hash function
Internet checksum has some properties of hash function:produces fixed length digest (16-bit sum) of message is many-to-oneBut given message with given hash value, it is easy to
find another message with same hash value:
I O U 10 0 . 99 B O B
49 4F 55 3130 30 2E 3939 42 D2 42
message ASCII format
B2 C1 D2 AC
I O U 90 0 . 19 B O B
49 4F 55 3930 30 2E 3139 42 D2 42
message ASCII format
B2 C1 D2 ACdifferent messagesbut identical checksums!
Message Digest Generation Using SHA-1
SHA-1 Processing of single 512-Bit Block
Other Secure HASH functionsSHA-1 MD5 RIPEMD-
160
Digest length 160 bits 128 bits 160 bits
Basic unit of processing
512 bits 512 bits 512 bits
Number of steps 80 (4 rounds of 20)
64 (4 rounds of 16)
160 (5 paired rounds of 16)
Maximum message size
264-1 bits
HMAC
• Use a MAC derived from a cryptographic hash code, such as SHA-1.
• Motivations:– Cryptographic hash functions executes faster in
software than encryptoin algorithms such as DES
– Library code for cryptographic hash functions is widely available
– No export restrictions from the US
HMAC Design Objectives
• To use available hash functions• To allow for easy replaceability of the embedded
hash function in case faster or more secure are found or required
• To preserve the original performance of the hash function
• To use and handle keys in a simple way• To have a well-understood cryptographic analysis
of the strength of the authentication mechanism
HMAC Structure