Submitted By: Vibha Nehra 10203020 M.Tech I yr Department of Computer Science & Engg. National institute of technology, Ja...
Introduction; <ul><li>A trusted third party mediated the authentication process; called the Key Distribution Center (KDC)....
Establishing Session Key: <ul><li>Problem (besides others): </li></ul><ul><li>Bob will not know how to decrypt a message f...
Establishing Session Key (variant):   09/06/11 <ul><li>Problems: </li></ul><ul><li>No Authentication between Alice and Bob...
Needham-Schroeder Protocol: 09/06/11
Needham-Schroeder Protocol <ul><li>N1 is  </li></ul><ul><li>-for KDC authentication </li></ul><ul><li>-to ensure freshness...
Needham-Schroeder: Reflection Attacks <ul><li>If message integrity is vulnerable, reflection attack is possible </li></ul>...
Expanded Needham Schroeder: <ul><li>In Standard N-S, Bob doesn’t have freshness guarantee for KAB  (i.e. can’t detect repl...
Nonce Types: <ul><li>Nonce: a quantity which any given user of a protocol uses only once ( a quantity which is guaranteed ...
Thanks for your kind Cooperation  &  Patience. 09/06/11
References: <ul><li>Network security by Kauffman </li></ul><ul><li>Lecture 10 from www.deneb.cs.kent.edu  </li></ul>09/06/11
Upcoming SlideShare
Loading in …5
×

Mediated+authentication

786 views
591 views

Published on

introduction to mediated authentication.

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
786
On SlideShare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
6
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Mediated+authentication

  1. 1. Submitted By: Vibha Nehra 10203020 M.Tech I yr Department of Computer Science & Engg. National institute of technology, Jalandhar. Mediated Authentication 09/06/11
  2. 2. Introduction; <ul><li>A trusted third party mediated the authentication process; called the Key Distribution Center (KDC). </li></ul><ul><li>Each user & service shares a secret key with KDC. </li></ul><ul><li>KDC generates a session key, and securely distributes it to communicating parties. </li></ul><ul><li>Communicating parties prove to each other that they know the session key </li></ul>09/06/11
  3. 3. Establishing Session Key: <ul><li>Problem (besides others): </li></ul><ul><li>Bob will not know how to decrypt a message from Alice if the message from KDC is late. </li></ul><ul><li>Establishing connection KDC <-> Bob is (somewhat) expensive. </li></ul>09/06/11
  4. 4. Establishing Session Key (variant): 09/06/11 <ul><li>Problems: </li></ul><ul><li>No Authentication between Alice and Bob </li></ul><ul><li>No Freshness Guarantee for K AB (what if Alice reuses </li></ul><ul><li>the ticket….???) </li></ul>
  5. 5. Needham-Schroeder Protocol: 09/06/11
  6. 6. Needham-Schroeder Protocol <ul><li>N1 is </li></ul><ul><li>-for KDC authentication </li></ul><ul><li>-to ensure freshness of K AB </li></ul><ul><li> -attack (without nonce) : Trudy stole K AB from BOB & records old KDC’s reply to Alice; Trudy waits for a new request to KDC from Alice to talk to Bob and plays back old KDC’s reply impersonating KDC </li></ul><ul><li>Reply from KDC </li></ul><ul><li>-strings “Bob” and “Alice” disallows Trudy tampering with </li></ul><ul><li>messages and hijacking the conversation </li></ul><ul><li>N2, N3: For Key confirmation and mutual authentication. </li></ul><ul><li>(minor) issue: </li></ul><ul><li>- ticket is unnecessarily doubly encrypted in message from KDC </li></ul>09/06/11
  7. 7. Needham-Schroeder: Reflection Attacks <ul><li>If message integrity is vulnerable, reflection attack is possible </li></ul>09/06/11
  8. 8. Expanded Needham Schroeder: <ul><li>In Standard N-S, Bob doesn’t have freshness guarantee for KAB (i.e. can’t detect replays) </li></ul><ul><li>To fix- get a nonce form Bob </li></ul>09/06/11
  9. 9. Nonce Types: <ul><li>Nonce: a quantity which any given user of a protocol uses only once ( a quantity which is guaranteed fresh) </li></ul><ul><li>Nonce Types: </li></ul><ul><li>- sequenced numbers </li></ul><ul><li>-need to keep state, what if trudy can induce crashes (DOS attacks?) </li></ul><ul><li>-timestamps </li></ul><ul><li>-need synchronized clocks </li></ul><ul><li>-random numbers </li></ul><ul><li>-freshness guarantee is only probabilistic but if </li></ul><ul><li> number is large it is good enough </li></ul><ul><li>- unpredictable </li></ul>09/06/11
  10. 10. Thanks for your kind Cooperation & Patience. 09/06/11
  11. 11. References: <ul><li>Network security by Kauffman </li></ul><ul><li>Lecture 10 from www.deneb.cs.kent.edu </li></ul>09/06/11

×