Distribution of Symmetric and Asymmetric Key
Digital Signature: DSA
X.509 Certificate
Man-in-the Middle Attack
Check a digital certificate while accessing a secure website and compare its structure with X.509 standard
User/Entity Authentication
Kerberos
Authentication with Digital Certificate
2. Session 8 objective
CS-7 Revision Previous Session revision
CS -8 Distribution of Symmetric and Asymmetric Key
CS – 8 Digital Signature: DSA
CS -8 X.509 Certificate
CS-8 Man-in-the Middle Attack
CS-8 User/Entity Authentication Kerberos
SUMMARY
3. CS -8 Key Distribution
Key
Management
PK Distribution
Public
Announcement
Public Available
Directory
Public key
Authority
Public key
Certificate
SK distribution
Simple SK
SK with
confidentiality
and
authentication
6. CS -8 Key Distribution
PK Distribution
Time Stamp: When MSG generated
PRaut:Private key authority
N: Nonce Value for unique transaction to avoid
replay attack
Acknowledgement
7. CS -8 Key Distribution
PK Distribution
Every entity register
PK to CA
Certificate authority is
trusted Third party
Certificate authority
generate certificate
The certificate are
exchanged from B to A
and vice versa
10. CS -8 Digital Signature DSA/RSA
Asymmetric Key Cryptography
Used for authentication and non repudiation
Not used Confidentiality
E.g. Post paid bill of mobile
Sender Sends
plain text
message
Encryption by
senders Private
key
CT Network
Decryption by
public key
CT
Receiver gets
Palin text
message
11. CS -8 Digital Signature DSA/RSA
Asymmetric Key Cryptography
Used for authentication and non
repudiation
Not used Confidentiality
E.g. Post paid bill of mobile
15. They are a method for authenticating an end user of a
VPN
They can be used for other things, but we will focus on
VPN usage
They are very similar to the SSL Certificates generated
for websites
They are generated on the NetSentron and Signed by
the NetSentron
The PREFFERED method of connection VPN's – much
more secure
Works for Net to Net and RoadWarrior
CS -8 X.509 Certificates?
18. CS -8 Man-in-the Middle Attack
Live example using parameter tampering burp suit Kali linux
19. CS-8 User/Entity Authentication Kerberos
Computer Network Authentication protocol
Works on tickets
Client Server architecture
Symmetric key model
Requires trusted Third party (KDC) has DB of Secret keys
20. CS-8 User/Entity Authentication Kerberos
Live example using mimicats 2, mimicats 3 to generate golden ticket
1. A sends a request AS for TGT
2. AS gives TGT on authentication provided that A should decrypt it with
password HASH (MD5)
3. A Decrypts the TGT and request TGS for granting Service ticket
4. Since A is authenticated user will get a Service ticket i.e. Session key
5. This session key will be sent to server to have client server session