Timestamps - Computer and Network Security - Lecture Slides, Slides of Computer Science

These are the Lecture Slides of Computer and Network Security which includes Authorization, Social Security Number, Trouble with Passwords, Cryptographic Keys, Dictionary Attack, Bad Passwords, Password Experiment, Random Characters etc. Key important points are: Timestamps, Authentication Protocols, Security Protocols, Critical Parameter, Public Key Authentication, Sign and Encrypt, Authentication Systems, Trusted Intermediaries, Key Distribution Center

Typology: Slides

2012/2013

Uploaded on 03/22/2013

dhimant
dhimant 🇮🇳

4.3

(8)

128 documents

1 / 23

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Part 3 Protocols 1
Authentication Protocols
Docsity.com
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17

Partial preview of the text

Download Timestamps - Computer and Network Security - Lecture Slides and more Slides Computer Science in PDF only on Docsity!

Part 3  Protocols 1

Authentication Protocols

Part 3  Protocols 2

Timestamps

 A timestamp T is the current time

 Timestamps used in many security protocols

(Kerberos, for example)

 Timestamps reduce number of messages

o Like a nonce that both sides know in advance

 But, use of timestamps implies that time is

a security-critical parameter

 Clocks never exactly the same, so must allow

for clock skew  risk of replay

 How much clock skew is enough?

Part 3  Protocols 4

Public Key Authentication

with Timestamp T

Bob

“I’m Alice”, [{T,K}Bob]Alice

[{T +1,K}Alice]Bob

Alice

 Is this secure?

 Trudy can use Alice’s public key to find

{T,K}Bob and then…

Part 3  Protocols 5

Public Key Authentication

with Timestamp T

Bob

“I’m Trudy”, [{T,K}Bob]Trudy

[{T +1,K}Trudy]Bob

Trudy

 Trudy obtains Alice-Bob session key K

 Note: Trudy must act within clock skew

Part 3  Protocols 7

Public Key Authentication

with Timestamp T

Bob

“I’m Alice”, [{T,K}Bob]Alice

[{T +1}Alice]Bob

Alice

 Is this “encrypt and sign” secure?

 Yes, seems to be

 Does “sign and encrypt” also work here?

Authentication Systems

 Password based

 Network Address based

 Cryptographic

o Trusted Intermediaries

 Key Distribution Center (KDC)  Needham-Schroeder  Otway-Rees

Part 3  Protocols 8

Part 3  Protocols 10

Zero Knowledge Proofs

Part 3  Protocols 11

Zero Knowledge Proof (ZKP)

 Alice wants to prove that she knows a

secret without revealing any info about it

 Bob must verify that Alice knows secret

o Even though he gains no info about the secret

 Process is probabilistic

o Bob can verify that Alice knows the secret to an arbitrarily high probability

 An “interactive proof system”

Part 3  Protocols 13

 Bob: “Alice come out on S side”

 Alice (quietly): “Open sarsparilla”

 If Alice does not know secret…

 If Bob repeats this n times, then Alice (who does not know secret) can only fool Bob with probability 1/2n

 …then Alice could come out from the correct side with probability 1/

P

Q

R S

Bob’s Cave

Part 3  Protocols 14

Fiat-Shamir Protocol

 Cave-based protocols are inconvenient

o Can we achieve same effect without a cave?

 It is known that finding square roots

modulo N is difficult (like factoring)

 Suppose N = pq, where p and q prime

 Alice has a secret S

 N and v = S^2 mod N are public, S is secret

 Alice must convince Bob that she knows S

without revealing any information about S

Part 3  Protocols 16

Fiat-Shamir: e = 1

Public: Modulus N and v = S^2 mod N  Alice selects random r  Suppose Bob chooses e =  Bob must verify that y^2 = xv mod N  Alice must know S in this case

Alice secret S random r

Bob

x = r^2 mod N

e = 1

y = rS mod N

Part 3  Protocols 17

Fiat-Shamir: e = 0

Public: Modulus N and v = S^2 mod N  Alice selects random r  Suppose Bob chooses e = 0  Bob must verify that y^2 = x mod N  Alice does not need to know S in this case!

Alice secret S random r

Bob

x = r^2 mod N

e = 0

y = r mod N

Part 3  Protocols 19

Does Fiat-Shamir Work?

 The math works since

o Public: v = S^2 o Alice to Bob: x = r^2 and y = rSe o Bob verifies y^2 = xve^ mod N

 Can Trudy convince Bob she is Alice?

o If Trudy expects e = 0, she can send x = r^2 in msg 1 and y = r in msg 3 (i.e., follow protocol) o If Trudy expects Bob to send e = 1, she can send x = r^2 v^1 in msg 1 and y = r in msg 3

 If Bob chooses e  {0,1} at random, Trudy

can only fool Bob with probability 1/

Part 3  Protocols 20

Fiat-Shamir Facts

 Trudy can fool Bob with prob 1/2, but…

 …after n iterations, the probability that

Trudy can fool Bob is only 1/2n

 Just like Bob’s cave!

 Bob’s e  {0,1} must be unpredictable

 Alice must use new r each iteration or else

o If e = 0, Alice sends r in message 3 o If e = 1, Alice sends rS in message 3 o Anyone can find S given both r and rS