Scribd
Upload
76 views

Computer and Network Security

This document discusses various security protocols for authentication between communication parties. It describes protocols using shared secrets with keys, public key cryptography, and timestamps. The protocols aim to authenticate identities securely while avoiding common attacks like offline password guessing, replay attacks, and man-in-the-middle attacks. The document analyzes the advantages and vulnerabilities of different approaches for one-way and mutual authentication.

Uploaded by

shubhangi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
76 views

Computer and Network Security

This document discusses various security protocols for authentication between communication parties. It describes protocols using shared secrets with keys, public key cryptography, and timestamps. The protocols aim to authenticate identities securely while avoiding common attacks like offline password guessing, replay attacks, and man-in-the-middle attacks. The document analyzes the advantages and vulnerabilities of different approaches for one-way and mutual authentication.

Uploaded by

shubhangi
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPT, PDF, TXT or read online on Scribd
You are on page 1/ 13

Computer and Network Security

Security Handshake Pitfalls

Security Protocol
An agreement between communication parties about the process and the format of security bootstrap, authentication, key establishment, encryption/hashing algorithm and parameter negotiation, etc. Typically include
Authentication handshake Session key negotiation, algorithm/parameter negotiation Data encryption and/or integrity protection

Security Bootstrap
Shared secret
Password (for human users) Preshared key (between firewalls) Ticket by KDC (among a large number of participates)

Public key
Manually configured Certificate by CA

One-way Authentication by Shared Secret (Protocol 1)


Let K be the shared secret. Alice Bob : Im Alice Bob Alice: a challenge R Alice Bob: a response K{R} or hash(R, K) The protocol only allows Bob to authenticate Alice. Issues: off-line password-guessing attack, vulnerable if servers password file is hacked

Protocol 2
Let K be the shared secret. Alice Bob: Im Alice Bob Alice: K{R} Alice Bob: R Issues: same as Protocol 1 If R is a recognizable number (e.g., with a fixed number of tailing zero), then it does mutual authentication, but also makes the off-line password-guessing attack easier. Make R recognizable but with limited lifetime. For instance, timestamp. It however requires clock synchronization.

Protocol 3
Let K be the shared secret. Alice Bob: Im Alice, K{timestamp} Advantage: a) It can be easily added into an existing protocol. b) Bob is stateless. Issues: replay attack, reset-clock attack

Protocol 4
Let K be the shared secret Alice Bob: Im Alice, timestamp, hash(K, timestamp)

One-Way Authentication by Public Key


Alice has her private key. Bob has Alices public key. Protocol 5
Alice Bob: Im Alice Bob Alice: R Alice Bob: [R]Alice

Protocol 6
Alice Bob: Im Alice Bob Alice: {R}Alice Alice Bob: R

Attacks exploiting same-key different-uses

Mutual Authentication by Secret Key (protocol 7)


Alice Bob: Im Alice Bob Alice: R1 Alice Bob: K{R1} or hash(R1, K) Alice Bob: R2 Bob Alice: K{R2} or hash(R2, K)

Protocol 8
Alice Bob: Im Alice, R2 Bob Alice: R1, K{R2} or hash(R2, K) Alice Bob: K{R1} or hash(R1, K) Issues: reflection attack, password guessing Rule: Alice and Bob should not do the same thing.

Protocol 11
Alice Bob: Im Alice Bob Alice: R1 Alice Bob: K{R1}, R2 Bob Alice: K{R2} Less vulnerable to password guessing. The attack has to eavesdrop.

Mutual Authentication by Public Key (Protocol 12)


Alice (Bob) know her (his) own private key and the other partys public key. Protocol 12
Alice Bob: Im Alice, {R2}Bob Bob Alice: R2, {R1}Alice Alice Bob: R1

Variant
Alice Bob: Im Alice, R2 Bob Alice: [R2]Bob, R1 Alice Bob: [R1]Alice

Mutual Authentication by Timestamps (Protocol 13)


Alice Bob: Im Alice, K{timestamp} Bob Alice: K{timestamp + 1} Issue: reflection attack, clock synchronization

You might also like