Secure Channels - Distributed Operating Systems - Lecture Slides, Slides of Operating Systems

Distributed Operating Systems course is designed to examine the fundamental principles of distributed systems, and provide students hands-on experience in developing distributed protocols. This lecture includes: Secure Channels, Mutual Authentication, Message Integrity, Authentication, Notation for Cryptography, Key Authentication, Optimization, Reflection Attack, Key Distribution Centers, Tickets, Digital Signatures, Message Digest Operation

Typology: Slides

2013/2014

Uploaded on 02/01/2014

sailendra
sailendra 🇮🇳

4.3

(19)

113 documents

1 / 32

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Other Security Problems
Are you who you say you are?
Authentication
How does Bob know that hes really talking to Alice?
How does Alice know the message was sent by Bob?
Mutual authentication
How does Alice know that the message she receives
hasnt been tampered with?
Message Integrity
Are you authorized to do what you want to do?
Authorization
docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20

Partial preview of the text

Download Secure Channels - Distributed Operating Systems - Lecture Slides and more Slides Operating Systems in PDF only on Docsity!

Other Security Problems

  • Are you who you say you are?
    • Authentication
  • How does Bob know that he’s really talking to Alice?
  • How does Alice know the message was sent by Bob?
    • Mutual authentication
  • How does Alice know that the message she receives

hasn’t been tampered with?

  • Message Integrity
  • Are you authorized to do what you want to do?
  • Authorization

Secure Channels

Authentication

  • Can you have authentication without message integrity?
    • I know that Bob sent the message, but someone may have tampered with it.
    • I know that no one tampered with it, but I don’t know whether or not it was really Bob who sent it.
    • Authentication & message integrity cannot do without each other!
      • Set-up phase precedes message exchange
      • Session keys to ensure message integrity

Notation for Cryptography

Notation Description

KA, B Secret key shared by A and B

Public key of A

Private key of A

K A  K A

1. Alice sends her identity to Bob.

2. Bob sends a challenge (random number).

3. Alice must encrypt and return.

4. Alice then sends a challenge to Bob.

5. Bob must encrypt and return.

An Optimization

  • Authentication based on a shared secret key, but using three instead of five messages.

Reflection Attack

  • Lesson : never encrypt anything without knowing who you are encrypting it for.

Key Distribution Centers

  • If there are N parties using shared secret keys, how many keys are needed?
  • Alternative is to use a trusted KDC. It has a shared key with every host.

Tickets

  • Using a ticket and letting Alice set up a connection to Bob.
  • Vulnerable to replay attacks if Chuck gets hold on K B,KDC old

Authentication using KDC (Needham-Schroeder Protocol)

 Relate messages 1 and 2: use challenge response mechanism

 RA1, RA2, RB: nonces

  • Nonce : random number used only once to relate two messages Alice^ Bob
1 RA1,A,B
KDC
2 KA,KDC(RA1,B,KA,B, KB,KDC(A,KA,B))
3 KA,B(RA2), KB,KDC(A, KA,B)
4 KA,B(RA2-1, RB)
5 K
A,B(RB-1)

Authentication using KDC (Needham-Schroeder Protocol)

 Why do we need to include B in message 2?

Alice^ Bob

1 RA1,A,B
KDC
2 KA,KDC(RA1,B,KA,B, KB,KDC(A,KA,B))
3 KA,B(RA2), KB,KDC(A, KA,B)
4 KA,B(RA2-1, RB)
5 K
A,B(RB-1)

What if B is Missing from Message 2?

 Assume Chuck intercepts message 1

Alice Bob (K B,KDC

1 RA1,A,B
KDC
2 KA,KDC(RA1,KA,C, KC,KDC(A,KA,C))
3 KA,C(RA2), KC,KDC(A, KA,C)
4 KA,C(RA2-1, RB)
5 KA,C(RB-1)

Chuck

RA1,A,C

Here Chuck gets KA,C!

What if Chuck gets K A,B ?

 Assume Chuck intercepted

  • KA,B(RA2), KB,KDC,(A,KA,B)
  • Knows KA,B Alice^ Bob
1 RA1,A,B
2 KA,KDC(RA1,B,KA,B, KB,KDC(A,KA,B))^ KDC
3 KA,B(RA2), KB,KDC(A, KA,B)
4 KA,B(RA2-1, RB)
5 K
A,B(RB-1)

(replayed message) Chuck (K A,B

Defend Against leaking of K A,B

 Message 5 (former 3) contains an encrypted nonce (KB,KDC(RB1)) provided

by Bob.

 Chuck can no longer simply replay message 5 (former 3) to fool Bob,

cause message 5 is now related to message 2 by including nonce RB1.

Alice^ Bob

3 RA1,A,B, KB,KDC(RB1)
KDC
4 KA,KDC(RA1,B,KA,B, KB,KDC(A,KA,B,RB1))
5 KA,B(RA2), KB,KDC(A, KA,B,RB1)
6 KA,B(RA2-1, RB2)
7 K
A,B(RB2-1)
1 A
2 K
B,KDC(RB1)