More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing...
-
date post
21-Dec-2015 -
Category
Documents
-
view
216 -
download
0
Transcript of More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing...
More on AuthenticationCS-4513 D-term 2008 1
More on Authentication
CS-4513Distributed Computing Systems
(Slides include materials from Operating System Concepts, 7th ed., by Silbershatz, Galvin, & Gagne, Distributed Systems: Principles & Paradigms, 2nd ed. By Tanenbaum and Van Steen, and
Modern Operating Systems, 2nd ed., by Tanenbaum)
More on AuthenticationCS-4513 D-term 2008 2
Authentication and Message Integrity
• Both are necessary
• If Bob knows that Alice sent message m what good is it if m could be compromised?
• Encryption for message integrity
• If Bob receives a securely encrypted message, what good is it if he doesn’t know who from?
• Authentication to establish who is speaking to whom
More on AuthenticationCS-4513 D-term 2008 3
Basic Challenge-Response Protocol
• Assume that Alice and Bob share a key KA,B
More on AuthenticationCS-4513 D-term 2008 4
Authentication using Secure Channels
At this
point,
Bob knows he
is talking w
ith
Alice
More on AuthenticationCS-4513 D-term 2008 5
Authentication using Secure Channels
At this
point,
Bob knows he
is talking w
ith
Alice
Not until this point,
does Alice know she
is talking with Bob
More on AuthenticationCS-4513 D-term 2008 6
What is wrong with this “Optimization”?
More on AuthenticationCS-4513 D-term 2008 7
Subject to “Reflection Attack”
• Attacker cons Bob into encrypting RB for him
• “Reflection” attack
More on AuthenticationCS-4513 D-term 2008 8
Reflection Attack
More on AuthenticationCS-4513 D-term 2008 9
Reflection Attack
Bob sends a crucial
piece of information
without knowing to
whom he is sending
More on AuthenticationCS-4513 D-term 2008 10
Challenge-Response Summary
• Method for two principals to mutually establish who they are talking to
• Essential for building up additional protocols
More on AuthenticationCS-4513 D-term 2008 11
Questions?
More on AuthenticationCS-4513 D-term 2008 12
Review – Authentication in Grapevine
More on AuthenticationCS-4513 D-term 2008 13
Grapevine Authentication (continued)
• Every service must authenticate every user with a Registration service every time!
• Services handle all credentials credentials must be secure from theft!
• Lots of network traffic
• Can we do better?
More on AuthenticationCS-4513 D-term 2008 14
Key Distribution Server
• Alice requests secure channel to Bob
• KDC generates session key KA,B
• KDC sends secure messages to both Alice and Bob containing KA,B
More on AuthenticationCS-4513 D-term 2008 15
Key Distribution Server
• Result
– Bob trusts KDC he knows a message encrypted with
KA,B can only come from Alice
– Alices trusts KDC she knows that only Bob can read
her messages encrypted with KA,B
More on AuthenticationCS-4513 D-term 2008 16
Key Distribution Server
• Inconvenient problem
– Alice cannot begin talking with Bob until KDC has
completed its exchange of information with Bob
• Can we do better?
More on AuthenticationCS-4513 D-term 2008 17
Key Distribution Server (continued)
• Result– Alice trusts KDC she knows only Bob can open
ticket
– Bob trusts KDC he knows only Alice could use KA,B
This is
the ticket
More on AuthenticationCS-4513 D-term 2008 18
Needham-Schroeder Protocol
• Nonce – a random number that is never re-used• E.g., RA1, RA2, and RB
• Prevents intruder from replaying old tickets
More on AuthenticationCS-4513 D-term 2008 19
Kerberos
• Single sign-on system• One login used to generate tickets for authenticating
shared services on distributed system
• No passwords maintained by any client
• Two parts• AS – Authentication Service
• TGS – Ticket Granting Service
• Once authenticated, user may ask TGS for a ticket for a session with any service.
More on AuthenticationCS-4513 D-term 2008 20
Kerberos (continued)
More on AuthenticationCS-4513 D-term 2008 21
Kerberos (continued)
• With ticket, Alice can communicate securely with Bob.
• Alice knows it is Bob because only Bob could descript ticket
• Bob knows that it is Alice because TGS said it was
• Timestamp prevents replaying old sessions
More on AuthenticationCS-4513 D-term 2008 22
Key Distribution
• Many variations– Secret (symmetric) keys– Public (asymmetric) keys
• Always based on trust
• Central part of any distributed system that requires authentication
More on AuthenticationCS-4513 D-term 2008 23
Questions?
More on AuthenticationCS-4513 D-term 2008 24
Message Integrity– Problem
• Alice agrees to an online purchase from Bob for $500
• Alice needs to know that Bob cannot increase the agreed price in Alice’s message
• Bob needs to know that Alice cannot renege on previous commitment
More on AuthenticationCS-4513 D-term 2008 25
Solution – Digital Signatures
• Alice encrypts message in her private key Bob knows it is from Alice
• Alice re-encrypts the result in Bob’s public key no one else can read the message
More on AuthenticationCS-4513 D-term 2008 26
Solution – Digital Signatures (continued)
• Bob receives message, descrypts with his private key
• Bob sees that result is from Alice, descripts with her public key
More on AuthenticationCS-4513 D-term 2008 27
Digital Signature
• Many variations
• Used to authenticate important messages• E.g., software update messages from Microsoft
• Used to protect messages from change
• Message may be in the clear with appended signature
More on AuthenticationCS-4513 D-term 2008 28
Questions