Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

Security Case Studies: Needham-Schroeder, Kerberos, SSL, and Public Key Encryption, Study notes of Operating Systems

University of Texas - San AntonioOperating Systems

An overview of various security case studies, including the needham-schroeder protocol, kerberos, secure socket layer (ssl), and public key encryption. Secret key encryption, scenarios for secure communication, authenticated communication with a server, and digital signatures. It also discusses popular encryption schemes and their performance.

Typology: Study notes

Pre 2010

Uploaded on 07/30/2009

koofers-user-31m
koofers-user-31m 🇺🇸

10 documents

1 / 12

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
CS 5523 Lecture 25:
Security Case Studies
Review scenarios
Needham-Schroeder
Brief summary of common algorithms
Kerberos
Secure Socket Layer
Simplified overview of secret key encryption:
Encrypted message:
E(K, M) = {M}K
Decrypted message:
D(K, E(K, M)) = D(K, {M}K) = M
It is hard to get M from {M}K without knowing K
pf3
pf4
pf5
pf8
pf9
pfa

Partial preview of the text

Download Security Case Studies: Needham-Schroeder, Kerberos, SSL, and Public Key Encryption and more Study notes Operating Systems in PDF only on Docsity!

CS 5523 Lecture 25:

Security Case Studies

❚ Review scenarios ❚ Needham-Schroeder ❚ Brief summary of common algorithms ❚ Kerberos ❚ Secure Socket Layer

Simplified overview of secret key encryption:

Encrypted message:

E(K, M) = {M}K

Decrypted message:

D(K, E(K, M)) = D(K, {M} (^) K ) = M

It is hard to get M from {M}K without knowing K

Scenario 1.

Secret communication with shared secret key

Alice and Bob share a secret key KAB. Alice wants to send a secret message M to Bob.

  1. Alice uses KAB and an agreed encryption function E(K (^) AB , M) to encrypt and send message M to Bob
  2. Bob reads the encrypted messages using the corresponding decryption function D(K (^) AB , M)

How can Bob and Alice safely get the shared key KAB?

How can Bob know that M wasn’t a replay?

Scenario 2.

Authenticated communication with a server

Alice wants to access Bob’s files on a local file server. Sara is a trusted authentication server that holds passwords and current secret keys.

  1. Alice sends a message to Sara asking for a ticket to access Bob
  2. Sara sends Alice a response encrypted with K (^) A that is a ticket encrypted with KB and a new secret key KAB for communication: {{ticket}KB, KAB } (^) KA
  3. Alice decrypts response with KA
  4. Alice sends ticket, her ID and request R to Bob: {ticket}KB , Alice, R
  5. Bob decrypts ticket using KB (the ticket was {KAB , Alice} (^) KB )

This is the simplified scenario for Kerberos. K (^) AB is the session key.

Scenario 4.

Digital signatures with a secure digest function

Alice wants to sign document M so that any recipient can verify it came from Alice. This assumes that Alice has a private-public key pair. A digest is like a checksum.

  1. Alice computes a fixed-length digest Digest(M).
  2. Alice encrypts Digest(M) with her private key certificate with Bob’s public key and makes {M, {Digest(M)}KA priv }available.
  3. Bob reads {M, {Digest(M)}Kapriv } , extracts M and computes Digest(M).
  4. Bob applies KA pub to {Digest(M)}Kapriv to obtain Digest(M) and compares the value with his computed value.

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. Alice’s bank account certificate

  1. Certificate type : Account number
  2. Name : Alice
  3. Account : 6262626
  4. Certifying authority : Bob’s Bank
  5. Signature : { Digest ( field 2 + field 3 )} K (^) Bpriv

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. Public-key certificate for Bob’s Bank

  1. Certificate type : Public key
  2. Name : Bob’s Bank
  3. Public key : KBpub
  4. Certifying authority : Fred – The Bankers Federation
  5. Signature : { Digest ( field 2 + field 3 )} K (^) Fpriv

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. X509 Certificate format

Subject (^) Distinguished Name, Public Key Issuer Distinguished Name, Signature Period of validity Not Before Date, Not After Date Administrative information Version, Serial Number Extended Information

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. Performance of encryption and secure digest algorithms

Key size/hash size (bits)

Extrapolated speed (kbytes/sec.)

PRB optimized (kbytes/s)

TEA 128 700 - DES 56 350 7746 Triple-DES 112 120 2842 IDEA 128 700 4469 RSA 512 7 - RSA 2048 1 - MD5 128 1740 62425 SHA 160 750 25162

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. The Needham–Schroeder secret-key authentication protocol

Header Message Notes

  1. A->S: (^) A, B, NA A requests S to supply a key for communication with B.
  2. S->A: { NA , B, KAB , { KAB , A } K B } K A

S returns a message encrypted in A’s secret key, containing a newly generated key KAB and a ‘ticket’ encrypted in B’s secret key. The nonce NA demonstrates that the message was sent in response to the preceding one. A believes that S sent the message because only S knows A’s secret key.

  1. A->B: A sends the ‘ticket’ to B.
  2. B->A: B decrypts the ticket and uses the new keyencrypt another nonce N^ KAB to B.
  3. A->B: A demonstrates to B that it was the sender of the previous message by returning an agreed transformation of NB.

{ KAB , A } K (^) B { NB } K (^) AB { NB - 1} K (^) AB

Kerberos:

❚ Follows Needham and Schroeder very closely

❚ Uses time values as nonces

❚ When user logs in, the login program sends user’s name to the kerberos authentication server

❚ If user is known, server replies with a session key and a nonce encrypted in the user’s password and a ticket for TGS

❚ After login program authenticates the information, it can erase the user’s password from memory

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. System architecture of Kerberos

Client Server DoOperation

Authenticationdatabase

Login session setup

grantingTicket- service T

Kerberos Key Distribution Centre

session setupServer

Authen-tication

  1. Request forTGS ticket service A
  2. TGS ticket 3. Request for server ticket
  3. Server ticket
  4. Service request Request encrypted with session key Reply encrypted with session key

functionService

Step B

Step A

Step C

C (^) S

Secure socket layer (SSL) - continued

❚ SSL Record Protocol layer implements a secure channel that encrypts and authenticates message through any connection- oriented protocol

❚ SSL Handshake Layer – has three modules: ❙ SSL handshake protocol ❙ SSL change cipher specification ❙ SSL alert protocol

❚ Implemented as application level libraries

❚ Widely uses as a session-layer protocol

❚ In web servers the https URLs initiate a SSL connection

❚ Provides a practical hybrid security scheme

❚ Requires public-key certificates issued by a recognized authority

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. SSL protocol stack

SSL Handshake protocol

SSL Change Cipher Spec

SSL Alert Protocol

Transport layer (usually TCP)

Network layer (usually IP)

SSL Record Protocol

HTTP Telnet

SSL protocols: Other protocols:

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. SSL handshake protocol

Client Server

ClientHello ServerHello Certificate Certificate Request ServerHelloDone Certificate Certificate Verify Change Cipher Spec Finished Change Cipher Spec Finished

Establish protocol version, session ID, cipher suite, compression method,exchange random values

Optionally send server certificate and request client certificate

S end client certificate response if requested

Change cipher suite and finish handshake

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. SSL handshake configuration options

Component Description Example Key exchange method

the method to be used for exchange of a session key

RSA with public-key certificates Cipher for data transfer

the block or stream cipher to be used for data

IDEA

Message digest function

for creating message authentication codes (MACs)

SHA