SlideShare a Scribd company logo

Authentication (Distributed computing)

Download as PPT, PDF
Sri Prasanna
Sri Prasanna
Technology
1 of 56
Authentication Protocols Paul Krzyzanowski [email_address] [email_address] Distributed Systems Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.
Authentication ,[object Object],[object Object]
Authentication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Authentication ,[object Object],[object Object],[object Object],[object Object]
Reusable passwords ,[object Object],[object Object],[object Object],[object Object],[object Object]
Reusable passwords ,[object Object],[object Object],[object Object],[object Object],[object Object]
Reusable passwords ,[object Object],[object Object],[object Object],[object Object],[object Object]
One-time password ,[object Object],[object Object],[object Object],[object Object]
Skey authentication ,[object Object],[object Object],[object Object]
Skey authentication ,[object Object],[object Object],[object Object],[object Object],give this list to Alice
Skey authentication ,[object Object],[object Object],[object Object]
Skey authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]
Two-factor authentication with an authenticator card ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Challenge-Response authentication “ alice” Alice network host look up alice’s key, K generate random challenge number C R ’ = f( K , C ) R = f( K , C ) R = R ’ ? “ alice” C R ’ “ welcome” an eavesdropper does not see K
SecurID card Username: paul Password: 1234 032848 PIN passcode from card + Something you know Something you have ,[object Object],[object Object],[object Object],[object Object],Password: 354982 Passcode changes every 60 seconds
SecurID card ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SecurID ,[object Object],[object Object],[object Object]
SKID2/SKID3 authentication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SKID2/SKID3 authentication Alice chooses a random number (nonce) R A and sends it to Bob R A Bob
SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Bob chooses a random number (nonce): R B. He computes H K (R A , R B ,”bob”) and sends it to Alice with R B Bob shows that he can encrypt Alice’s nonce
SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Alice receives R B and has R A . Computes: H K (R A , R B ,”bob”) compares result to verify that Bob was able to encrypt data with key K . Authentication is complete as far as Alice is concerned (Bob knows the key).
SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Now Alice has to convince Bob ( mutual authentication ) H K (R B , “alice”) Bob Alice demonstrates that she can encrypt Bob’s nonce
SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Bob computes H K (R B , “alice”) and compares Alice’s message. If they match, he trusts Alice’s identity Key point : Each party permutes data generated by the other. Challenge the other party with data that will be different each time. H K (R B , “alice”) Bob
Combined authentication and key exchange
Wide-mouth frog ,[object Object],[object Object],“ alice” , E A (T A ,”bob”, K) Alice Trent session key destination time stamp – prevent replay attacks sender
Wide-mouth frog ,[object Object],[object Object],[object Object],[object Object],[object Object],“ alice” , E A (T A ,”bob”, K) Alice Trent session key destination time stamp – prevent replay attacks sender Trent:
Wide-mouth frog ,[object Object],[object Object],[object Object],[object Object],[object Object],“ alice” , E A (T A ,”bob”, K) Alice Trent session key source time stamp – prevent replay attacks Trent: E B (T T ,”alice”, K) Bob
Wide-mouth frog ,[object Object],[object Object],[object Object],[object Object],“ alice” , E A (T A ,”bob”, K) Alice Trent session key source time stamp – prevent replay attacks Bob: E B (T T ,”alice”, K) Bob
Wide-mouth frog ,[object Object],Alice E K (M) Bob
Kerberos ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Kerberos ,[object Object],[object Object],[object Object],[object Object]
Kerberos ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Authenticate, get permission ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],{“Bob’s server”, S} A Alice Authentication Server (AS) {“Alice”, S} B TICKET sealed envelope
Send key ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],{“Alice”, S} B , T S Alice Bob sealed envelope
Authenticate recipient ,[object Object],[object Object],Alice Bob {“Bob’s Server”, T} S
Kerberos key usage ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Ticket Granting Service (TGS) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Using Kerberos ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],{“TGS”, S} A {“Alice”, S} TGS
Using Kerberos ,[object Object],[object Object],Alice sends session key, S, to TGS Alice receives session key for rlogin service & ticket to pass to rlogin service {“rlogin@somehost”, S’} S {“Alice”, S’} R {“Alice”, S} TGS ,T S rlogin TGS session key for rlogin ticket for rlogin server on somehost
Public key authentication ,[object Object],[object Object],[object Object],[object Object],Like SKID, demonstrate we can encrypt or decrypt a nonce:
Public key authentication ,[object Object],[object Object],[object Object],[object Object],[object Object]
Public key authentication ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
X.509 Certificates ,[object Object],[object Object],[object Object],version serial # algorithm, params issuer validity time distinguished name public key (alg, params, key) signature of CA
X.509 certificates ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Example: Root Certificates in IE As of January 2007 http://support.microsoft.com/kb/931125
Transport Layer Security (TLS) aka Secure Socket Layer (SSL) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Secure Sockets Layer (SSL) client server ,[object Object],hello(version, protocol) hello(version, protocol) certificate (or public key) hello done certificate (or none)
Secure Sockets Layer (SSL) client server ,[object Object],client authenticates server server authenticates client encrypt with server’s private key client nonce E(nonce) client decrypts nonce with server’s public key server nonce E(nonce) server decrypts with client’s public key encrypt with client’s private key
Secure Sockets Layer (SSL) client server 3. Establish session key (for symmetric cryptography) encrypt with server’s public key server decrypts with server’s public key pick a session key E(session key) set cipher mode [optional]
Secure Sockets Layer (SSL) client server E S (data) 4. Exchange data (symmetric encryption) encrypt and decrypt with session key and symmetric algorithm (e.g. RC4)
The end.

Recommended

Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
Web security
Web securityWeb security
Web securityPadam Banthia
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 

Recommended

Introduction to Secure Sockets Layer
Introduction to Secure Sockets LayerIntroduction to Secure Sockets Layer
Introduction to Secure Sockets LayerNascenia IT
 
Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1RAMESHBABU311293
 
X.509 Certificates
X.509 CertificatesX.509 Certificates
X.509 CertificatesSou Jana
 
Web security
Web securityWeb security
Web securityPadam Banthia
 
Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Authentication(pswrd,token,certificate,biometric)
Authentication(pswrd,token,certificate,biometric)Ali Raw
 
Intrusion detection
Intrusion detectionIntrusion detection
Intrusion detectionCAS
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Web Security
Web SecurityWeb Security
Web SecurityBharath Manoharan
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxAjayKumar73315
 
Web servers – features, installation and configuration
Web servers – features, installation and configurationWeb servers – features, installation and configuration
Web servers – features, installation and configurationwebhostingguy
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
Port Scanning
Port ScanningPort Scanning
Port Scanningamiable_indian
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explainedDotan Patrich
 
System hacking
System hackingSystem hacking
System hackingCAS
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
PHP Security
PHP SecurityPHP Security
PHP SecurityMindfire Solutions
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
Web security
Web securityWeb security
Web securitykareem zock
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket LayerAbhishek Gupta
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Information Security (Digital Signatures)
Information Security (Digital Signatures)Information Security (Digital Signatures)
Information Security (Digital Signatures)Zara Nawaz
 
Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Sri Prasanna
 
Key Exchange
Key ExchangeKey Exchange
Key Exchangephanleson
 

More Related Content

What's hot

Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxAjayKumar73315
 
Web servers – features, installation and configuration
Web servers – features, installation and configurationWeb servers – features, installation and configuration
Web servers – features, installation and configurationwebhostingguy
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificatesStephane Potier
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication ModelsRaj Chanchal
 
System hacking
System hackingSystem hacking
System hackingCAS
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
Protection and security
Protection and securityProtection and security
Protection and securitymbadhi
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development SecuritySam Bowne
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication CodesDarshanPatil82
 
Message authentication
Message authenticationMessage authentication
Message authenticationCAS
 
Information Security (Digital Signatures)
Information Security (Digital Signatures)Information Security (Digital Signatures)
Information Security (Digital Signatures)Zara Nawaz
 

What's hot (20)

Network security
Network securityNetwork security
Network security
 
Web Security
Web SecurityWeb Security
Web Security
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
Web servers – features, installation and configuration
Web servers – features, installation and configurationWeb servers – features, installation and configuration
Web servers – features, installation and configuration
 
cyber security notes
cyber security notescyber security notes
cyber security notes
 
Port Scanning
Port ScanningPort Scanning
Port Scanning
 
An introduction to X.509 certificates
An introduction to X.509 certificatesAn introduction to X.509 certificates
An introduction to X.509 certificates
 
Authentication Models
Authentication ModelsAuthentication Models
Authentication Models
 
Kerberos explained
Kerberos explainedKerberos explained
Kerberos explained
 
System hacking
System hackingSystem hacking
System hacking
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
PHP Security
PHP SecurityPHP Security
PHP Security
 
Protection and security
Protection and securityProtection and security
Protection and security
 
Web security
Web securityWeb security
Web security
 
Secure Socket Layer
Secure Socket LayerSecure Socket Layer
Secure Socket Layer
 
8. Software Development Security
8. Software Development Security8. Software Development Security
8. Software Development Security
 
MAC-Message Authentication Codes
MAC-Message Authentication CodesMAC-Message Authentication Codes
MAC-Message Authentication Codes
 
Message authentication
Message authenticationMessage authentication
Message authentication
 
Information Security (Digital Signatures)
Information Security (Digital Signatures)Information Security (Digital Signatures)
Information Security (Digital Signatures)
 

Similar to Authentication (Distributed computing)

Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Sri Prasanna
 
Key Exchange
Key ExchangeKey Exchange
Key Exchangephanleson
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptographydrewz lin
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Martin Kobetic
 
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuCryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuHasin Hayder
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.pptMIBrand
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.pptShounakDas16
 
Key Digital Signatures
Key Digital SignaturesKey Digital Signatures
Key Digital Signaturesphanleson
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptographyPriyamvada Singh
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security PrimerVenkatesh Iyer
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortalsM A Hossain Tonu
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)neonaveen
 

Similar to Authentication (Distributed computing) (20)

Secure Communication (Distributed computing)
Secure Communication (Distributed computing)Secure Communication (Distributed computing)
Secure Communication (Distributed computing)
 
Key Exchange
Key ExchangeKey Exchange
Key Exchange
 
13
1313
13
 
13 asymmetric key cryptography
13 asymmetric key cryptography13 asymmetric key cryptography
13 asymmetric key cryptography
 
1329 n 9460
1329 n 94601329 n 9460
1329 n 9460
 
network security
network security network security
network security
 
Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003Cryptography and SSL in Smalltalk - StS 2003
Cryptography and SSL in Smalltalk - StS 2003
 
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and TonuCryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
Cryptography for the mere mortals - for phpXperts Seminar 2011 by Hasin and Tonu
 
Crypto2
Crypto2Crypto2
Crypto2
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.ppt
 
CS283-PublicKey.ppt
CS283-PublicKey.pptCS283-PublicKey.ppt
CS283-PublicKey.ppt
 
Key Digital Signatures
Key Digital SignaturesKey Digital Signatures
Key Digital Signatures
 
introduction to cryptography
introduction to cryptographyintroduction to cryptography
introduction to cryptography
 
Network Security Primer
Network Security PrimerNetwork Security Primer
Network Security Primer
 
Cryptography for the mere mortals
Cryptography for the mere mortalsCryptography for the mere mortals
Cryptography for the mere mortals
 
Django cryptography
Django cryptographyDjango cryptography
Django cryptography
 
crypto1.ppt
crypto1.pptcrypto1.ppt
crypto1.ppt
 
introduction to cryptography (basics of it)
introduction to cryptography (basics of it)introduction to cryptography (basics of it)
introduction to cryptography (basics of it)
 
crypto.ppt
crypto.pptcrypto.ppt
crypto.ppt
 
needed.ppt
needed.pptneeded.ppt
needed.ppt
 

More from Sri Prasanna

Qr codes para tech radar
Qr codes para tech radarQr codes para tech radar
Qr codes para tech radarSri Prasanna
 
Qr codes para tech radar 2
Qr codes para tech radar 2Qr codes para tech radar 2
Qr codes para tech radar 2Sri Prasanna
 
Network and distributed systems
Network and distributed systemsNetwork and distributed systems
Network and distributed systemsSri Prasanna
 
Introduction & Parellelization on large scale clusters
Introduction & Parellelization on large scale clustersIntroduction & Parellelization on large scale clusters
Introduction & Parellelization on large scale clustersSri Prasanna
 
Mapreduce: Theory and implementation
Mapreduce: Theory and implementationMapreduce: Theory and implementation
Mapreduce: Theory and implementationSri Prasanna
 
Other distributed systems
Other distributed systemsOther distributed systems
Other distributed systemsSri Prasanna
 

More from Sri Prasanna (20)

Qr codes para tech radar
Qr codes para tech radarQr codes para tech radar
Qr codes para tech radar
 
Qr codes para tech radar 2
Qr codes para tech radar 2Qr codes para tech radar 2
Qr codes para tech radar 2
 
Test
TestTest
Test
 
Test
TestTest
Test
 
assds
assdsassds
assds
 
assds
assdsassds
assds
 
asdsa
asdsaasdsa
asdsa
 
dsd
dsddsd
dsd
 
About stacks
About stacksAbout stacks
About stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
About Stacks
About StacksAbout Stacks
About Stacks
 
Network and distributed systems
Network and distributed systemsNetwork and distributed systems
Network and distributed systems
 
Introduction & Parellelization on large scale clusters
Introduction & Parellelization on large scale clustersIntroduction & Parellelization on large scale clusters
Introduction & Parellelization on large scale clusters
 
Mapreduce: Theory and implementation
Mapreduce: Theory and implementationMapreduce: Theory and implementation
Mapreduce: Theory and implementation
 
Other distributed systems
Other distributed systemsOther distributed systems
Other distributed systems
 

Recently uploaded

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 

Recently uploaded (20)

Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 

Authentication (Distributed computing)

  • 1. Authentication Protocols Paul Krzyzanowski [email_address] [email_address] Distributed Systems Except as otherwise noted, the content of this presentation is licensed under the Creative Commons Attribution 2.5 License.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14. Challenge-Response authentication “ alice” Alice network host look up alice’s key, K generate random challenge number C R ’ = f( K , C ) R = f( K , C ) R = R ’ ? “ alice” C R ’ “ welcome” an eavesdropper does not see K
  • 15.
  • 16.
  • 17.
  • 18.
  • 19. SKID2/SKID3 authentication Alice chooses a random number (nonce) R A and sends it to Bob R A Bob
  • 20. SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Bob chooses a random number (nonce): R B. He computes H K (R A , R B ,”bob”) and sends it to Alice with R B Bob shows that he can encrypt Alice’s nonce
  • 21. SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Alice receives R B and has R A . Computes: H K (R A , R B ,”bob”) compares result to verify that Bob was able to encrypt data with key K . Authentication is complete as far as Alice is concerned (Bob knows the key).
  • 22. SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Now Alice has to convince Bob ( mutual authentication ) H K (R B , “alice”) Bob Alice demonstrates that she can encrypt Bob’s nonce
  • 23. SKID2/SKID3 authentication R A Bob R B , H K (R A , R B ,”bob”) Alice Bob computes H K (R B , “alice”) and compares Alice’s message. If they match, he trusts Alice’s identity Key point : Each party permutes data generated by the other. Challenge the other party with data that will be different each time. H K (R B , “alice”) Bob
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45.
  • 46.
  • 47.
  • 48.
  • 49.
  • 50.
  • 51.
  • 52.
  • 53.
  • 54. Secure Sockets Layer (SSL) client server 3. Establish session key (for symmetric cryptography) encrypt with server’s public key server decrypts with server’s public key pick a session key E(session key) set cipher mode [optional]
  • 55. Secure Sockets Layer (SSL) client server E S (data) 4. Exchange data (symmetric encryption) encrypt and decrypt with session key and symmetric algorithm (e.g. RC4)