Prof. Chintan Patel Information Security
CE Department. Unit - 7
MEFGI , RAJKOT
• Digital Signature
• Authentication Protocols
• Digital Signature standards
• Application Authentication Technique.
 Ker...
• have looked at message authentication
 but does not address issues of lack of trust
• digital signatures provide the ab...
Alice can deny sending a
message M to Bob since
Bob can also produce
MACs for different
messages.
Bob can produce a MAC
fo...
PrivateKey
PublicKey
Bob
Key Generation
AliceBob’s
Fig 13.2 Simplified Depiction of Essential
Elements of Digital Signatur...
• Goldwaser, Micali and Rivest also defined success of breaking a
signature scheme
 Total break:
 Attacker finds the sig...
• must depend on the message signed
• must use information unique to sender
 to prevent both forgery and denial
• must be...
• Direct Digital signature :
 Involves only source and Destination
 Assumes that Destination knows the public key of sen...
• Message transmission in Arbitrated Digital Signature :
 Every signed message from sender X to Receiver Y goes first to ...
• Mutual Authentication Protocol
 Two communicating parties them selves understand about each
other’s identity and authen...
• Simple Replay : copies a message and replays it later.
• Repetition that can be logged : Opponent can replay a timestamp...
• Can we use sequence number to cop with replay attack ??
 Yes but generally not used…………
• Two general approaches
 (1) ...
• Key distribution Technique : Technique of
delivering a key to two parties who wish to
exchange the data.
• Why we need ?...
• 1) A can select a key and physically deliver it to B
• 2) A third party can select the key and physically deliver
it to ...
• Uses Two levels of Key
• 1) Session key : Communication between end
system is encrypted using a temporary key , often
re...
• A wishes to establish logical connection with B. and require one time session
key to protect the data transmission over ...
• Local KDC will communicate with Global KDC , if
very large network is there.
• Life time of session key depends on proto...
• (1) A issues a request to B for session key and includes N1.
• (2) B responds with message encrypted using shared master...
• GATE Que. :
• (1) How many session keys and master keys are needed
in centralized key distribution if there are N entiti...
• Example of One way Application : E-Mail
• Not necessary for sender and receiver to be
online at same time.
• SMTP , need...
• This scheme Requires the sender to issue a request to the intended
recipient, awaits a response that includes session ke...
• Sender should know the recipient’s public key : confidentiality
• Receiver know the sender’s public key : Authentication...
• DSS Makes use of SHA algorithms to present new digital
signature technique called Digital Signature
Algorithms…..
• Prop...
• Two approaches to Digital signature
Authentication Applications:
Kerberos, X.509 and Certificates
Outline
 Introduction to KERBEROS
 How Kerberos works?
 Comparison between version 4 and 5
 Certificates
 X.509 Direc...
Introduction to Kerberos
 An authentication service developed for Project
Athena at MIT
 Provides
– strong security on p...
Why Kerberos is needed ?
Problem: Not trusted workstation to identify
their users correctly in an open distributed environ...
Why Kerberos is needed ? Cont.
Solution:
– Building elaborate authentication protocols
at each server
– A centralized auth...
Requirements for KERBEROS
 Secure:
– An opponent does not find it to be the weak link
 Reliable:
– The system should be ...
Versions of KERBEROS
 Two versions are in common use
– Version 4 is most widely used version
– Version 4 uses of DES
– Ve...
Kerberos Version 4: Dialog 1- Simple
Ticket=Ekv[IDc,ADc,IDv]
kv=Secret Key between AS and
V (Server)
Pc=password of client
More secure Authentication Dialogue
 Target :
– Minimize the number of times user need to enter password.
 For single lo...
Ticket Granting Server(TGS)
 Issues ticket to the user who have been authorized to AS.
 User first request ticket granti...
Kerberos Version 4 : Dialog 2-More Secure
4-TicketV
Once per user
logon session
Once per type of
service
ticketTGS=EKtgs[I...
Kerberos Version 4 : Dialog 2
- More Secure Cont.
5- TicketV+ IDc
Once per service session
TicketV=EKv[IDc,ADc,IDv,Ts2,Lif...
Kerberos: The Version 4
Authentication Dialog
1- IDc + IDtgs +TS1
2- EKc [Kc.tgs,IDtgs,Ts2,
Lifetime2,TicketTGS]
KERBEROSO...
Kerberos: The Version 4
Authentication Dialog Cont.
KERBEROS
3- TicketTGS + AuthenticatorC +
IDv
4-EKc.tgs[ Kc.v,IDv,Ts4,T...
Kerberos: The Version 4
Authentication Dialog Cont.
5- TicketV+ AuthenticatorC
Once per service session
TicketV=EKv [Kv.c,...
Tickets:
 Contains information which must be
considered private to the user
 Allows user to use a service or to access T...
Authenticators
 Proves the client’s identity
 Proves that user knows the session key
 Prevents replay attack
 Used onl...
Kerberos Realms
 A single administrative domain includes:
– a Kerberos server
– a number of clients, all registered with ...
Inter-realm Authentication:
 Kerberos server in each realm shares a
secret key with other realms.
 It requires
– Kerbero...
Request for Service in another realm:
5-Request ticket for remote server
6-Ticket for remote server
4-Ticket for remote TG...
KERBEROS Version 5 versus Version4
 Environmental shortcomings of Version 4:
– Encryption system dependence: DES
– Intern...
KERBEROS Version 5 versus Version4
 Technical deficiencies of Version 4:
– Double encryption
– Session Keys
– Password at...
 Realm
– Indicates realm of the user
 Options
 Times
– From: the desired start time for the ticket
– Till: the requeste...
Kerberos Version 5 Message Exchange:1
 To obtain ticket-granting ticket:
(1)C  AS : Options || IDc || Realmc || IDtgs ||...
Kerberos Version 5 Message Exchange:2
 To obtain service-granting ticket :
(3)C  TGS : Options || IDv || Times || Nonce2...
Kerberos Version 5 Message Exchange:3
 To obtain service
(5) C  S : Options || Ticket v|| Authenticator c
(6) S  C : EK...
Kerberos : Strengths
 User's passwords are never sent across the network,
encrypted or in plain text
 Secret keys are on...
 Directory : A server or distributed set of servers that
maintains a database of information about users.
 A mapping fro...
Certificate:
 Electronic counterparts to driver licenses,
passports
 Verifies authenticity of the public key
 Prevents ...
What a certificate includes:
 Version :
– Version 1 : Default
– Version 2 : If unique identifier is present
– Version 3: ...
Certificate Authorities:
 Trusted entity which issue and manage certificates
for a population of public-private key-pair ...
Who are the Certificate Authorities?
VeriSign
GTE CyberTrust
Entrust
IBM
CertCo
USPS / Cylink
Certificate Issuance Process:
 Generate public/private key pair
 Sends public key to CA
 Proves identity to CA - verify...
Types of Digital Certificates
 E-Mail Certificates
 Browser Certificates
 Server (SSL) Certificates
 Software Signing ...
Potential security holes:
 Was the user really identified?
 Security of the private key
 Can the Certificate Authority ...
X.509 Directory Authentication Service
 CCITT recommendation defining a directory
service
 Defines a framework for the a...
X.509 Certificate format
Version
Serial number
Algorithm
Parameters
Issuer
Not before
Not after
Subject
Algorithm
Paramete...
Authentication Procedures:
 Three alternative authentication procedures:
– One-Way Authentication
– Two-Way Authenticatio...
One-Way Authentication:
 1 message ( A->B) used to establish
– the identity of A and that message is from A
– message was...
Two-Way Authentication
 2 messages (A->B, B->A) which also
establishes in addition:
– the identity of B and that reply is...
Three-Way Authentication
 3 messages (A->B, B->A, A->B) which
enables above authentication without
synchronized clocks
A ...
 One way : Ex., One-Way SSL Authentication,
S/MIME or PGP Message Authentication.
 Two way : Two-Way SSL Authentication,...
Conclusion
 Kerberos is an authentication service using
convention encryption
 Certificates is the proof of the identity...
THANKS AND Have a Nice
Day!!!
Unit 7
Unit 7
Unit 7
Unit 7
Unit 7
Unit 7
Unit 7
Unit 7
Unit 7
Unit 7
Unit 7
Unit 7
Upcoming SlideShare
Loading in...5
×

Unit 7

341

Published on

Digital signature , key distribution center , authentication services , kerberos , X509

Published in: Engineering, Technology, Education
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
341
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
7
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Unit 7

  1. 1. Prof. Chintan Patel Information Security CE Department. Unit - 7 MEFGI , RAJKOT
  2. 2. • Digital Signature • Authentication Protocols • Digital Signature standards • Application Authentication Technique.  Kerberos  X 509 Directory • Authentication Services • Active Directory services
  3. 3. • have looked at message authentication  but does not address issues of lack of trust • digital signatures provide the ability to:  verify author, date & time of signature  authenticate message contents  be verified by third parties to resolve disputes • hence digital signatures include authentication function with additional capabilities
  4. 4. Alice can deny sending a message M to Bob since Bob can also produce MACs for different messages. Bob can produce a MAC for another message M’ and can claim that it came from Alice.
  5. 5. PrivateKey PublicKey Bob Key Generation AliceBob’s Fig 13.2 Simplified Depiction of Essential Elements of Digital Signature Process
  6. 6. • Goldwaser, Micali and Rivest also defined success of breaking a signature scheme  Total break:  Attacker finds the signer’s private key  Universal forgery:  Attacker finds an efficient signing algorithm that provides an equivalent way of constructing signatures on arbitrary messages.  Selective forgery:  Attacker forges a signature for a particular message chosen by him.  Existential forgery:  Attacker can forge a signature for at least one message. However he does not have control over the message (so can not harm much the signer).
  7. 7. • must depend on the message signed • must use information unique to sender  to prevent both forgery and denial • must be relatively easy to produce • must be relatively easy to recognize & verify • be computationally infeasible to forge  with new message for existing digital signature  with fraudulent digital signature for given message • be practical save digital signature in storage
  8. 8. • Direct Digital signature :  Involves only source and Destination  Assumes that Destination knows the public key of sender  Generated by  Encrypting entire message using sender’s private key.  Encrypting Generated Hash code using Sender’s private key.  Weakness : Sender can later deny of sending particular message by claiming that private key was lost or stolen and some one else forged his signature.
  9. 9. • Message transmission in Arbitrated Digital Signature :  Every signed message from sender X to Receiver Y goes first to an arbiter A.  A will validate the signed message  Put Date and sent to Y with indication that it has been verified to the satisfaction of the arbiter.  Solves problem of Direct digital signature of source repudiation. • Need : All parties must have great deal of trust that the arbitration mechanism is working properly.
  10. 10. • Mutual Authentication Protocol  Two communicating parties them selves understand about each other’s identity and authenticate key exchange protocol. • Problems in Authenticated Key exchange :  (1) confidentiality (2) Timeliness • Confidentiality : Information must communicated in encrypted format which requires prior existence of secret or public key. • Timeliness : Important because of threat of message replays.
  11. 11. • Simple Replay : copies a message and replays it later. • Repetition that can be logged : Opponent can replay a timestamp message with the valid time window. • Repetition that can not be detected : Original message does not arrive at destination , only replay arrives. • Backward replay without modification : replay back to message sender. Possible when symmetric key encryption is used.
  12. 12. • Can we use sequence number to cop with replay attack ??  Yes but generally not used………… • Two general approaches  (1) Time stamp  Synchronized clock requires  Can not work with connection oriented protocol  Fault tolerant clock synchronization protocol requires.  Temporary loss of synchronization leads to successful attack  (2) Challenge and Response  A sends challenge or nonce to B. B will response to nonce.  Unsuitable for connection less protocol.  Overload of hand shaking will be increased.
  13. 13. • Key distribution Technique : Technique of delivering a key to two parties who wish to exchange the data. • Why we need ??  Frequent key exchange is needed to limit the amount of data loss………. CHAPTER NO 7 WILLIAM STALLING 4 TH EDITION
  14. 14. • 1) A can select a key and physically deliver it to B • 2) A third party can select the key and physically deliver it to A and B  1 and 2 is difficult in distributed wide area network. • 3) If A and B have previously and recently used keys. One party can transmit the new key to others , encrypted using old key.  One success of and attacker will release all further keys • 4) if A and B each has an encrypted connection to a third party C. C can deliver a key on the encrypted links to A and B  KDC is responsible for distributing keys to pair of users based on need.
  15. 15. • Uses Two levels of Key • 1) Session key : Communication between end system is encrypted using a temporary key , often referred as session key.  For particular duration of time period or logical connection. • 2) Mater key : Session keys are transmitted in encrypted form using Master keys.shared by KDC and end user.
  16. 16. • A wishes to establish logical connection with B. and require one time session key to protect the data transmission over the connection. • A has a master key, Ka , known only to itself and KDC same with B. • (1) A request to KDC for session key with message including identity of A and B and Unique identifier N1 for this transaction. Can be any random number. Must be differ in each request • (2) KDC Responds with message encrypted using Ka. Message includes:  One time session key Ks.  Original message with N1,to enable A to match response with its request.  Message encrypted using Kb which has Ks and Identifier of A. • (3) A stores Ks for use in upcoming session and forward to B.  A sends Ks and ID of A encrypted with Kb to B.  With ID of A , B will know that other party is A. and this information is originated from KDC because KDC only know Kb except itself. • (4) B sends N2 encrypted with Ks. • (5) A responds f(N2) encrypted with Ks TO STOP REPLAY
  17. 17. • Local KDC will communicate with Global KDC , if very large network is there. • Life time of session key depends on protocol used. Either connection oriented or connection less
  18. 18. • (1) A issues a request to B for session key and includes N1. • (2) B responds with message encrypted using shared master key which includes session key Selected by B and identifier of B , the f(N1),N2 • (3) Using new session key , A returns f(N2) to B
  19. 19. • GATE Que. : • (1) How many session keys and master keys are needed in centralized key distribution if there are N entities?  Answer : N master keys and [N(N-1)]/2 Session keys at any one time. • (2)How many master keys are used in Decentralized key distribution ? • Answer : N-1 Master keys at any one time.
  20. 20. • Example of One way Application : E-Mail • Not necessary for sender and receiver to be online at same time. • SMTP , need not access of plain text. • Authentication : Recipient wants come assurance that the message is from alleged sender. • (1) Symmetric Approach • (2) Public key encryption Approach
  21. 21. • This scheme Requires the sender to issue a request to the intended recipient, awaits a response that includes session key. • No need to worry about Replay 1 A KDC : IDa||IDb||N1 2 KDCA : E(Ka,[Ks||IDb||N1||E(Kb,[Ks||IDa])]) 3 AB : E(Kb,[Ks||IDa])||E(Ks,M) 3 Potential Delay in E mail Process , Timess stemp is not that muchuseful.
  22. 22. • Sender should know the recipient’s public key : confidentiality • Receiver know the sender’s public key : Authentication • If confidentiality is important :  AB : E(PUb,Ks) || E(Ks,M) • If Authentication is important :  AB : M||E(PRa,H(M)) • Message confidentiality plus Signature  A B : E(PUb,[M||E(PRa,H(M))])
  23. 23. • DSS Makes use of SHA algorithms to present new digital signature technique called Digital Signature Algorithms….. • Proposed in 1991 revised in 1993 and after that in 1996. • DSS uses an algorithms that is designed to provide only the digital signature function.  Unlike RSA , which is used for encryption as well as key – exchange.
  24. 24. • Two approaches to Digital signature
  25. 25. Authentication Applications: Kerberos, X.509 and Certificates
  26. 26. Outline  Introduction to KERBEROS  How Kerberos works?  Comparison between version 4 and 5  Certificates  X.509 Directory Authentication Service  Conclusion
  27. 27. Introduction to Kerberos  An authentication service developed for Project Athena at MIT  Provides – strong security on physically insecure network – a centralized authentication server which authenticates  Users to servers  Servers to users  Relies on conventional encryption rather than public- key encryption
  28. 28. Why Kerberos is needed ? Problem: Not trusted workstation to identify their users correctly in an open distributed environment 3 Threats: – Pretending to be another user from the workstation – Sending request from the impersonated workstation – Replay attack to gain service or disrupt operations
  29. 29. Why Kerberos is needed ? Cont. Solution: – Building elaborate authentication protocols at each server – A centralized authentication server (Kerberos)
  30. 30. Requirements for KERBEROS  Secure: – An opponent does not find it to be the weak link  Reliable: – The system should be able to back up another  Transparent: – An user should not be aware of authentication  Scalable: – The system supports large number of clients and severs
  31. 31. Versions of KERBEROS  Two versions are in common use – Version 4 is most widely used version – Version 4 uses of DES – Version 5 corrects some of the security deficiencies of Version 4 – Version 5 has been issued as a draft Internet Standard (RFC 1510)
  32. 32. Kerberos Version 4: Dialog 1- Simple Ticket=Ekv[IDc,ADc,IDv] kv=Secret Key between AS and V (Server) Pc=password of client
  33. 33. More secure Authentication Dialogue  Target : – Minimize the number of times user need to enter password.  For single logon session , the workstation can store the mail server ticket after its received and use it on behalf of the user for multiple accesses to mail server. – User would need a new ticket for every different service. – “TICKET GRANTING SERVER”  “In plain text transmission of message[1] , an opponent can capture the password and use any service accessible to victim”
  34. 34. Ticket Granting Server(TGS)  Issues ticket to the user who have been authorized to AS.  User first request ticket granting ticket(Tickettgs) From the AS. Client saves the ticket.  Each time for every new service from same server, client will apply that ticket. TGS than give ticket for particular service  Client saves ticket for each particular service for next time use.
  35. 35. Kerberos Version 4 : Dialog 2-More Secure 4-TicketV Once per user logon session Once per type of service ticketTGS=EKtgs[IDc,ADc, IDtgs,TS1,LifeTime1 ]
  36. 36. Kerberos Version 4 : Dialog 2 - More Secure Cont. 5- TicketV+ IDc Once per service session TicketV=EKv[IDc,ADc,IDv,Ts2,Lifetime2]
  37. 37. Kerberos: The Version 4 Authentication Dialog 1- IDc + IDtgs +TS1 2- EKc [Kc.tgs,IDtgs,Ts2, Lifetime2,TicketTGS] KERBEROSOnce per user logon session ticketTGS=EKtgs [Kc.tgs, IDc,ADc,IDtgs,TS2, LifeTime2 ]
  38. 38. Kerberos: The Version 4 Authentication Dialog Cont. KERBEROS 3- TicketTGS + AuthenticatorC + IDv 4-EKc.tgs[ Kc.v,IDv,Ts4,Ticketv] Once per type of service ticketTGS=EKtgs [Kc.tgs,IDc,ADc,IDtgs, TS2, LifeTime2 ] AuthenticatorC=EKc.tgs[IDc,ADc,TS3] ticketV=EKV[Kc.v,IDc,ADc,IDv, TS4, LifeTime4 ]
  39. 39. Kerberos: The Version 4 Authentication Dialog Cont. 5- TicketV+ AuthenticatorC Once per service session TicketV=EKv [Kv.c, IDc, ADc, IDv, TS4, Lifetime4] AuthenticatorC=EKc.v [IDc,ADc,TS5] 6- EKc.v[TS5+1]
  40. 40. Tickets:  Contains information which must be considered private to the user  Allows user to use a service or to access TGS  Reusable for a period of particular time  Used for distribution of keys securely
  41. 41. Authenticators  Proves the client’s identity  Proves that user knows the session key  Prevents replay attack  Used only once and has a very short life time  One authenticator is typically built per session of use of a service
  42. 42. Kerberos Realms  A single administrative domain includes: – a Kerberos server – a number of clients, all registered with server – application servers, sharing keys with server  What will happen when users in one realm need access to service from other realms?: – Kerberos provide inter-realm authentication
  43. 43. Inter-realm Authentication:  Kerberos server in each realm shares a secret key with other realms.  It requires – Kerberos server in one realm should trust the one in other realm to authenticate its users – The second also trusts the Kerberos server in the first realm  Problem: N*(N-1)/2 secure key exchange
  44. 44. Request for Service in another realm: 5-Request ticket for remote server 6-Ticket for remote server 4-Ticket for remote TGS 7-request for remote service
  45. 45. KERBEROS Version 5 versus Version4  Environmental shortcomings of Version 4: – Encryption system dependence: DES – Internet protocol dependence(IP Protocol) – Ticket lifetime(Maximum = 21 hours) – Authentication forwarding – No fix byte ordering – Inter-realm authentication(More kerberos- to kerberos relation ship)
  46. 46. KERBEROS Version 5 versus Version4  Technical deficiencies of Version 4: – Double encryption – Session Keys – Password attack(Trial and Error) – Version 5 provides pre authentication mechanism to protect password some how.
  47. 47.  Realm – Indicates realm of the user  Options  Times – From: the desired start time for the ticket – Till: the requested expiration time – Rtime: requested renew-till time  Nonce – A random value to assure the response is fresh New Elements in Kerberos Version 5
  48. 48. Kerberos Version 5 Message Exchange:1  To obtain ticket-granting ticket: (1)C  AS : Options || IDc || Realmc || IDtgs ||Times || Nonce1 (2) AS  C : Realmc || IDc || Ticket tgs || EKc [ Kc,tgs || IDtgs || Times || Nonce1 ||| Realm tgs ] Ticket tgs= EKtgs [ Flags || Kc,tgs || Realm c || IDc || ADc || Times]
  49. 49. Kerberos Version 5 Message Exchange:2  To obtain service-granting ticket : (3)C  TGS : Options || IDv || Times || Nonce2 || Ticket tgs ║ Authenticator c (4)TGS  C : Realmc || IDc || Ticket v || EK c,tgs [ Kc,v ║Times|| Nonce2 || IDv ║ Realm v] Ticket tgs= EKtgs [ Flags || Kc,tgs || Realm c || IDc || ADc || Times] Ticket v : EK v [Kc,,v ║ Realmc || IDc ║ ADc ║ Times ] Authenticator c : EK c,tgs [IDc ║ Realmc ║ TS1]
  50. 50. Kerberos Version 5 Message Exchange:3  To obtain service (5) C  S : Options || Ticket v|| Authenticator c (6) S  C : EK c,v [TS2|| Subkey || Seq# ]  Ticket v : EK v [Flags || Kc,v || Realmc || IDc || ADc || Times ]  Authenticator c : EK c,v [IDc || Realmc || TS2 || Subkey|| Seq# ]
  51. 51. Kerberos : Strengths  User's passwords are never sent across the network, encrypted or in plain text  Secret keys are only passed across the network in encrypted form  Client and server systems mutually authenticate  It limits the duration of their users' authentication.  Authentications are reusable and durable  Kerberos has been examined carefully for accuracy by many of the top programmers, cryptologists and security experts in the industry
  52. 52.  Directory : A server or distributed set of servers that maintains a database of information about users.  A mapping from username to network address  X.509 is based on use of public-key cryptography and digital signatures.  Heart of X.509 IS scheme is the public key certificate associated with each user.  Certificates created by CA(Certification authority)and putted in to directory.
  53. 53. Certificate:  Electronic counterparts to driver licenses, passports  Verifies authenticity of the public key  Prevents impersonation  Enables individuals and organizations to secure business and personal transactions
  54. 54. What a certificate includes:  Version : – Version 1 : Default – Version 2 : If unique identifier is present – Version 3: more than one extension.  Unique Serial Number  Signature Algorithm Identifier  Issuer name: X.500 name of CA that created and signed.  Period of validity: – First and last date on which the certification is valid  Subject name :Name of user to whom this certificate refers  Subject’s public key information : Public key + algorithm + parameter  Issuer Unique identifier  Subject unique identifier  Extension : extra fields  Signature : Hash code encrypted with private key of CA.
  55. 55. Certificate Authorities:  Trusted entity which issue and manage certificates for a population of public-private key-pair holders.  A digital certificate is issued by a CA and is signed with CA’s private key.
  56. 56. Who are the Certificate Authorities? VeriSign GTE CyberTrust Entrust IBM CertCo USPS / Cylink
  57. 57. Certificate Issuance Process:  Generate public/private key pair  Sends public key to CA  Proves identity to CA - verify  CA signs and issues certificate  CA e-mails certificate or Requestor retrieves certificate from secure websites  Requestor uses certificate to demonstrate legitimacy of their public key
  58. 58. Types of Digital Certificates  E-Mail Certificates  Browser Certificates  Server (SSL) Certificates  Software Signing Certificates
  59. 59. Potential security holes:  Was the user really identified?  Security of the private key  Can the Certificate Authority be trusted?  Names are not unique
  60. 60. X.509 Directory Authentication Service  CCITT recommendation defining a directory service  Defines a framework for the authentication services  The X.500 directory serving as a repository of public-key certificates  Defines alternative authentication protocols
  61. 61. X.509 Certificate format Version Serial number Algorithm Parameters Issuer Not before Not after Subject Algorithm Parameter Key Signature Algorithm identifier Period of validity Subject’s public key
  62. 62. Authentication Procedures:  Three alternative authentication procedures: – One-Way Authentication – Two-Way Authentication – Three-Way Authentication  All use public-key signatures
  63. 63. One-Way Authentication:  1 message ( A->B) used to establish – the identity of A and that message is from A – message was intended for B – integrity & originality of message A B1-A {ta,ra,B,sgnData,KUb[Kab]} Ta-timestamp rA=nonce B =identity sgnData=signed with A’s private key
  64. 64. Two-Way Authentication  2 messages (A->B, B->A) which also establishes in addition: – the identity of B and that reply is from B – that reply is intended for A – integrity & originality of reply A B 1-A {ta,ra,B,sgnData,KUb[Kab]} 2-B {tb,rb,A,sgnData,KUa[Kab]}
  65. 65. Three-Way Authentication  3 messages (A->B, B->A, A->B) which enables above authentication without synchronized clocks A B 1- A {ta,ra,B,sgnData,KUb[Kab]} 2 -B {tb,rb,A,sgnData,KUa[Kab]} 3- A{rb}
  66. 66.  One way : Ex., One-Way SSL Authentication, S/MIME or PGP Message Authentication.  Two way : Two-Way SSL Authentication, SET Protocol.  Three way :Way SSL Authentication and Key-Session Generation and Agreement
  67. 67. Conclusion  Kerberos is an authentication service using convention encryption  Certificates is the proof of the identity  X.509 defines alternative authentication protocols
  68. 68. THANKS AND Have a Nice Day!!!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×