Docsity
Log inSign up
Docsity
Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity

Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan

Guidelines and tips
Guidelines and tips
Sell on Docsity
Sell on Docsity
Docsity AI
Docsity AI
Log inSign up

Prepare for your exams

Study with the several resources on Docsity

Find documents

Prepare for your exams with the study notes shared by other students like you on Docsity

Search for your university

Find the specific documents for your university's exams

Docsity AINEW

Summarize your documents, ask them questions, convert them into quizzes and concept maps

Explore questions

Clear up your doubts by reading the answers to questions asked by your fellow students

Earn points to download

Earn points by helping other students or get them with a premium plan

Share documents
download point icon20 Points

For each uploaded document

Answer questions
download point icon5 Points

For each given answer (max 1 per day)

All the ways to get free points
Get points immediately

Choose a premium plan with all the points you need

Study Opportunities

Choose your next study program

Get in touch with the best universities in the world. Search through thousands of universities and official partners

Community

Ask the community

Ask the community for help and clear up your study doubts

Free resources

Our save-the-student-ebooks!

Download our free guides on studying techniques, anxiety management strategies, and thesis advice from Docsity tutors

Security Protocols and Encryption: Case Studies and Scenarios, Study notes of Operating Systems

University of Texas - San AntonioOperating Systems

An overview of various security scenarios and encryption techniques, including secret key encryption, kerberos, public key encryption, and digital signatures. It includes examples of alice and bob's secure communication, authenticated communication with a server, and authenticated communication with public keys. The document also discusses the use of certificates and popular encryption schemes.

Typology: Study notes

Pre 2010

Uploaded on 07/31/2009

koofers-user-7od
koofers-user-7od 🇺🇸

9 documents

1 / 9

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
CS 5523 Lecture 20:
Security Case Studies
]Questions on laboratory 3
]Continue scenarios
]Needham-Schroeder
]Brief summary of common algorithms
]Kerberos
Simplified overview of secret key encryption:
Encrypted message:
E(K, M) = {M}K
Decrypted message:
D(K, E(K, M)) = D(K, {M}K) = M
It is hard to get M from {M}K without knowing K
pf3
pf4
pf5
pf8
pf9

Partial preview of the text

Download Security Protocols and Encryption: Case Studies and Scenarios and more Study notes Operating Systems in PDF only on Docsity!

CS 5523 Lecture 20:

Security Case Studies

] Questions on laboratory 3 ] Continue scenarios ] Needham-Schroeder ] Brief summary of common algorithms ] Kerberos

Simplified overview of secret key encryption:

Encrypted message: E(K, M) = {M}K

Decrypted message: D(K, E(K, M)) = D(K, {M}K ) = M

It is hard to get M from {M}K without knowing K

Scenario 1.

Secret communication with shared secret key

Alice and Bob share a secret key KAB. Alice wants to send a secret message M to Bob****.

1. Alice uses KAB and an agreed encryption function E(KAB , M) to encrypt and send message M to Bob. 2. Bob reads the encrypted messages using the corresponding decryption function D(KAB , M).

How can Bob and Alice safely get the shared key KAB?

How can Bob know that M wasn’t a replay_?_

Scenario 2.

Authenticated communication with a server

Alice wants to access Bob’s files on a local file server. Sara is a trusted authentication server that holds passwords and current secret keys.

1. Alice sends a message to Sara asking for a ticket to access Bob 2. Sara sends Alice a response encrypted with KA that is a ticket encrypted with KB and a new secret key KAB for communication:

{{ticket}KB , KAB } (^) KA

3. Alice decrypts response with KA 4. Alice sends ticket, her ID and request R to Bob: {ticket}KB, Alice, R 5. Bob decrypts ticket using KB (the ticket was {KAB, Alice} (^) KB )

This is the simplified scenario for Kerberos. KAB is the session key.

Scenario 4.

Digital signatures with a secure digest function

Alice wants to sign document M so that any recipient can verify it came from Alice. This assumes that Alice has a private-public key pair. A digest is like a checksum.

1. Alice computes a fixed-length digest Digest(M).

  1. Alice encrypts Digest(M) with her private key certificate with Bob’s public key and makes {M, {Digest(M)}KApriv } available.
  2. Bob reads {M, {Digest(M)}Kapriv } , extracts M and computes Digest(M).
  3. Bob applies KApub to {Digest(M)}Kapriv to obtain Digest(M) and compares the value with his computed value.

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. Alice’s bank account certificate

  1. Certificate type : Account number
  2. Name : Alice
  3. Account : 6262626
  4. Certifying authority : Bob’s Bank
  5. Signature : { Digest ( field 2 + field 3 )} K (^) Bpriv

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. Public-key certificate for Bob’s Bank

  1. Certificate type : Public key
  2. Name : Bob’s Bank
  3. Public key : KBpub
  4. Certifying authority : Fred – The Bankers Federation
  5. Signature : { Digest ( field 2 + field 3 )} K (^) Fpriv

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. X509 Certificate format

Subject (^) Distinguished Name, Public Key Issuer Distinguished Name, Signature Period of validity Not Before Date, Not After Date Administrative information Version, Serial Number Extended Information

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. Performance of encryption and secure digest algorithms

Key size/hash size (bits)

Extrapolated speed (kbytes/sec.)

PRB optimized (kbytes/s)

TEA 128 700 - DES 56 350 7746 Triple-DES 112 120 2842 IDEA 128 700 4469 RSA 512 7 - RSA 2048 1 - MD5 128 1740 62425 SHA 160 750 25162

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. The Needham–Schroeder secret-key authentication protocol

Header Message Notes

  1. A->S: (^) A, B, NA A requests S to supply a key for communication with B.
  2. S->A: { NA , B, KAB, { KAB, A } K B } K A

S returns a message encrypted in A’s secret key, containing a newly generated key KAB and a ‘ticket’ encrypted in B’s secret key. The nonce NA demonstrates that the message was sent in response to the preceding one. A believes that S sent the message because only S knows A’s secret key.

  1. A->B: A sends the ‘ticket’ to B.
  2. B->A: B decrypts the ticket and uses the new keyencrypt another nonce N^ KAB to B.
  3. A->B: A demonstrates to B that it was the sender of theprevious message by returning an agreed transformation of NB.

{ KAB, A } K B { NB } K (^) AB { NB - 1} K AB

Kerberos:

] Follows Needham and Schroeder very closely

] Uses time values as nonces

] When user logs in, the login program sends user’s name to the kerberos authentication server

] If user is known, server replies with a session key and a nonce encrypted in the user’s password and a ticket for TGS

] After login program authenticates the information, it can erase the user’s password from memory

Instructor’s Guide for Coulouris, Dollimore and Kindberg© Addison-Wesley Publishers 2000 Distributed Systems: Concepts and Design Edn. 3

Figure 7. System architecture of Kerberos

Client Server DoOperation

Authenticationdatabase

Login session setup

grantingTicket- service T

Kerberos Key Distribution Centre

session setupServer

Authen-tication

  1. Request forTGS ticket service A
  2. TGSticket
    1. Request for server ticket
  3. Server ticket
  4. Service request Request encrypted with session key Reply encrypted with session key

functionService

Step B

Step A

Step C

C (^) S