Authentication Protocols - Computer and Network Security - Lecture Slides, Slides of Computer Science

These are the Lecture Slides of Computer and Network Security which includes Authorization, Social Security Number, Trouble with Passwords, Cryptographic Keys, Dictionary Attack, Bad Passwords, Password Experiment, Random Characters etc. Key important points are: Authentication Protocols, Human Protocols, Networking Protocols, Security Protocol, Protocol Flaws, Find Implementation Errors, Ideal Security Protocol, Atm Machine Protocol, Mutual Authentication

Typology: Slides

2012/2013

Uploaded on 03/22/2013

dhimant
dhimant 🇮🇳

4.3

(8)

128 documents

1 / 44

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Part 3 Protocols 1
Authentication Protocols
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22
pf23
pf24
pf25
pf26
pf27
pf28
pf29
pf2a
pf2b
pf2c

Partial preview of the text

Download Authentication Protocols - Computer and Network Security - Lecture Slides and more Slides Computer Science in PDF only on Docsity!

Part 3  Protocols 1

Authentication Protocols

Part 3  Protocols 2

Protocol

 Human protocols  the rules followed in

human interactions

o Example: Asking a question in class

 Networking protocols  rules followed in

networked communication systems

o Examples: HTTP, FTP, etc.

 Security protocol  the (communication)

rules followed in a security application

o Examples: SSL, IPSec, Kerberos, etc.

Part 3  Protocols 4

Ideal Security Protocol

 Satisfies security requirements

o Requirements must be precise

 Efficient

o Minimize computational requirement  in

particular, costly public key operations

o Minimize delays/bandwidth

 Not fragile

o Must work when attacker tries to break it

o Works even if environment changes

 Easy to use and implement, flexible, etc.

 Very difficult to satisfy all of these!

Part 3  Protocols 5

Simple Security Protocols

Part 3  Protocols 7

ATM Machine Protocol

1. Insert ATM card

2. Enter PIN

3. Correct PIN?

Yes? Conduct your transaction(s)

No? Machine eats card

Part 3  Protocols 8

Identify Friend or Foe (IFF)

Namibia

Angola

1. N

SAAF^ 2.^ E(N,K)

Impala

Russian

MIG

Part 3  Protocols 10

Authentication Protocols

Part 3  Protocols 11

Authentication

 Alice must prove her identity to Bob

o Alice and Bob can be humans or computers

 May also require Bob to prove he’s Bob

(mutual authentication)

 May also need to establish a session key

 May have other requirements, such as

o Use only public keys

o Use only symmetric keys

o Use only a hash function

o Anonymity, plausible deniability, etc., etc.

Part 3  Protocols 13

Simple Authentication

Alice Bob

“I’m Alice”

Prove it

My password is “frank”

 Simple and may be OK for standalone system

 But insecure for networked system

o Subject to a replay attack (next 2 slides)

o Bob must know Alice’s password

Part 3  Protocols 14

Authentication Attack

Alice Bob

“I’m Alice”

Prove it

My password is “frank”

Trudy

Part 3  Protocols 16

Simple Authentication

Alice Bob

I’m Alice, My password is “frank”

 More efficient…

 But same problem as previous version

Part 3  Protocols 17

Better Authentication

Alice Bob

“I’m Alice”

Prove it

h(Alice’s password)

 Better since it hides Alice’s password

o From both Bob and attackers

 But still subject to replay

Part 3  Protocols 19

Challenge-Response

Bob

“I’m Alice”

Nonce

h(Alice’s password, Nonce)

 Nonce is the challenge

 The hash is the response

 Nonce prevents replay, insures freshness

 Password is something Alice knows

 Note that Bob must know Alice’s password

Alice

Part 3  Protocols 20

Challenge-Response

Bob

“I’m Alice”

Nonce

Something that could only be

Alice from Alice (and Bob can verify)

 What can we use to achieve this?

 Hashed pwd works, crypto might be better