Distribution of Symmetric and Asymmetric Key Digital Signature: DSA X.509 Certificate Man-in-the Middle Attack Check a digital certificate while accessing a secure website and compare its structure with X.509 standard User/Entity Authentication Kerberos Authentication with Digital Certificate

1. Network Security
CS-8(CH15-16)
By: Prof. Ganesh Ingle

2. Session 8 objective
CS-7 Revision Previous Session revision
CS -8 Distribution of Symmetric and Asymmetric Key
CS – 8 Digital Signature: DSA
CS -8 X.509 Certificate
CS-8 Man-in-the Middle Attack
CS-8 User/Entity Authentication Kerberos
SUMMARY

3. CS -8 Key Distribution
Key
Management
PK Distribution
Public
Announcement
Public Available
Directory
Public key
Authority
Public key
Certificate
SK distribution
Simple SK
SK with
confidentiality
and
authentication

4. CS -8 Key Distribution
PK Distribution

5. CS -8 Key Distribution
PK Distribution

6. CS -8 Key Distribution
PK Distribution
Time Stamp: When MSG generated
PRaut:Private key authority
N: Nonce Value for unique transaction to avoid
replay attack
Acknowledgement

7. CS -8 Key Distribution
PK Distribution
Every entity register
PK to CA
Certificate authority is
trusted Third party
Certificate authority
generate certificate
The certificate are
exchanged from B to A
and vice versa

8. CS -8 Key Distribution
SK distribution

9. CS -8 Key Distribution
SK distribution

10. CS -8 Digital Signature DSA/RSA
Asymmetric Key Cryptography
Used for authentication and non repudiation
Not used Confidentiality
E.g. Post paid bill of mobile
Sender Sends
plain text
message
Encryption by
senders Private
key
CT Network
Decryption by
public key
CT
Receiver gets
Palin text
message

11. CS -8 Digital Signature DSA/RSA
Asymmetric Key Cryptography
Used for authentication and non
repudiation
Not used Confidentiality
E.g. Post paid bill of mobile

12. CS -8 Digital Signature DSA/RSA

13. CS -8 Digital Signature Algorithm

14. CS -8 Digital Signature Algorithm

15.  They are a method for authenticating an end user of a
VPN
 They can be used for other things, but we will focus on
VPN usage
 They are very similar to the SSL Certificates generated
for websites
 They are generated on the NetSentron and Signed by
the NetSentron
 The PREFFERED method of connection VPN's – much
more secure
 Works for Net to Net and RoadWarrior
CS -8 X.509 Certificates?

16. CS -8 X.509 Certificates?

17. CS -8 X.509 Certificates?

18. CS -8 Man-in-the Middle Attack
Live example using parameter tampering burp suit Kali linux

19. CS-8 User/Entity Authentication Kerberos
Computer Network Authentication protocol
Works on tickets
Client Server architecture
Symmetric key model
Requires trusted Third party (KDC) has DB of Secret keys

20. CS-8 User/Entity Authentication Kerberos
Live example using mimicats 2, mimicats 3 to generate golden ticket
1. A sends a request AS for TGT
2. AS gives TGT on authentication provided that A should decrypt it with
password HASH (MD5)
3. A Decrypts the TGT and request TGS for granting Service ticket
4. Since A is authenticated user will get a Service ticket i.e. Session key
5. This session key will be sent to server to have client server session

21. Thank you
Image Source
searchenterpriseai.techtarget.com
wikipedia