Certificate less public key cryptography is a design
that is secure against key escrow issue and remove loopholes of
ID based cryptography. Lots of work has been done on CL –DS
yet they depend on bilinear pairing that required more time to
perform pairing operations. Bilinear pairing is executed with
super-singular EC group which is tedious. In this paper we
propose a pairing free ID based Certificate Less Digital Signature
(CL-DS) scheme utilizing elliptic curve cryptography, which
maintain a strategic distance from tedious operations required in
bilinear matching. We improve the security of the previously
proposed scheme with less computation time with time stamp.
Certificate less public key cryptography is a design
that is secure against key escrow issue and remove loopholes of
ID based cryptography. Lots of work has been done on CL –DS
yet they depend on bilinear pairing that required more time to
perform pairing operations. Bilinear pairing is executed with
super-singular EC group which is tedious. In this paper we
propose a pairing free ID based Certificate Less Digital Signature
(CL-DS) scheme utilizing elliptic curve cryptography, which
maintain a strategic distance from tedious operations required in
bilinear matching. We improve the security of the previously
proposed scheme with less computation time with time stamp.
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
In every organization, there is a growing need for a strong well-designed public key infrastructure solution and in many of these; Active Directory Certificate Services will be used. This session will guide you through a solution based on best practice, shed some light on common issues encountered and some shortcuts to assist in management with PowerShell.
Kerberos is a Network Protocol that uses Secret - key cryptography to authenticate client - server applications. It provides the difference between the Firewall and kerberos. And also this slides are gives the information about how does the Kerberos works in ticket granting service and in Application server. Kerberos are work Within networks and small sets of networks.
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
Presentation by Scott Rea, DigiCert's Sr. PKI Architect, at AppSec California 2015.
Abstract:
Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is a meter made by ACME or this is a refrigerator made by GE) but its context: This is a refrigerator in the apartment rented by Alice, who buys power from X.
This context information will not necessarily be known until device installation and also may change dynamically. What if Alice sells her fridge on Craigslist or sublets her apartment to Bob? What if repair personnel replace Alice’s meter? This information may also not be particularly simple. What if Alice’s landlord owns many apartment buildings, and changes power vendors to get a better rate?
If our cryptographic infrastructure is going to enable relying parties to make the right judgments about IoT devices (such as the example provided using Smart Grid), this additional contextual information needs to be available. We can try to modify a traditional identity-based PKI to attest to these more dynamic kinds of identities, and we can also try to adapt the largely experimental world of attribute certificates to supplement the identity certificates in the smart-grid PKI. Either of these approaches will break new ground.
Alternatively, we can leave the identity PKI in place and use some other method of maintaining and distributing this additional data; which would require supplementing our scalable PKI with a non-scalable database.
In any of these approaches, we also need to think about who is authorized to make these dynamic updates or who is authoritative for making these types of attestations. Who witnesses that Alice has sold her refrigerator? Thinking about this organizational structure IoT devices also complicates the revocation problem. If we can’t quite figure out who it is that speaks for where a device currently lives, how will we figure out who it is who is authorized to say it has been compromised?
In this presentation, all of these issues and more will be explored and actionable guidelines will be proposed to build a secure and scalable system of IDs and attributes for the complex networked world that awaits us all.
Deeper understanding of how Kerberos works . This understanding will work as platform to understand various attacks on it. It also show cases how symmetric key algorithm is used for confidentiality. Some references are from shaun harris CISSP books, primarily the components slide
X 509 Certificates How And Why In Vb.NetPuneet Arora
Learn Why and How to : X 509 Certificates
A public key certificate, usually just called a digital certificate or certs is a digitally signed document that is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing certification authority (CA) and can be issued for a user, a computer, or a service. This creates a trust relationship between two unknown entities. The CA is the Grand Pooh-bah of Validation in an organization, which everyone trusts, and in some public key environments, no certificate is considered valid unless it has been attested to by a CA. Example of a popular CA�s authority is http://www.verisign.com
Kerberos is a computer network authentication protocol which works on the basis of 'tickets' to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. Its designers aimed it primarily at a client–server model and it provides mutual
authentication—both the user and the server verify each other's identity. Kerberos protocol messages
are protected against eavesdropping and replay attacks.
EC PKI Training on-prem and cloud-based PKIParnashreeSaha
This presentation is an overview of the PKI training Encryption Consulting LLC provides.
In this training program, you will learn PKI from scratch including MS PKI and cloud-based PKI options.
Get more details on our website www.encryptionconsulting.com
Infrastructure Saturday 2011 - Understanding PKI and Certificate Serviceskieranjacobsen
In every organization, there is a growing need for a strong well-designed public key infrastructure solution and in many of these; Active Directory Certificate Services will be used. This session will guide you through a solution based on best practice, shed some light on common issues encountered and some shortcuts to assist in management with PowerShell.
Kerberos is a Network Protocol that uses Secret - key cryptography to authenticate client - server applications. It provides the difference between the Firewall and kerberos. And also this slides are gives the information about how does the Kerberos works in ticket granting service and in Application server. Kerberos are work Within networks and small sets of networks.
Scott Rea - IoT: Taking PKI Where No PKI Has Gone BeforeDigiCert, Inc.
Presentation by Scott Rea, DigiCert's Sr. PKI Architect, at AppSec California 2015.
Abstract:
Traditional PKI focuses on binding a public key to the keyholder’s identity, which is implicitly assumed to be a well-defined, relatively static thing (such as individual’s full name or email address, or the hostname of a public webserver). However, in the envisioned smart grid, for example, the relevant properties of the keyholder are not just the device’s identity (i.e. this is a meter made by ACME or this is a refrigerator made by GE) but its context: This is a refrigerator in the apartment rented by Alice, who buys power from X.
This context information will not necessarily be known until device installation and also may change dynamically. What if Alice sells her fridge on Craigslist or sublets her apartment to Bob? What if repair personnel replace Alice’s meter? This information may also not be particularly simple. What if Alice’s landlord owns many apartment buildings, and changes power vendors to get a better rate?
If our cryptographic infrastructure is going to enable relying parties to make the right judgments about IoT devices (such as the example provided using Smart Grid), this additional contextual information needs to be available. We can try to modify a traditional identity-based PKI to attest to these more dynamic kinds of identities, and we can also try to adapt the largely experimental world of attribute certificates to supplement the identity certificates in the smart-grid PKI. Either of these approaches will break new ground.
Alternatively, we can leave the identity PKI in place and use some other method of maintaining and distributing this additional data; which would require supplementing our scalable PKI with a non-scalable database.
In any of these approaches, we also need to think about who is authorized to make these dynamic updates or who is authoritative for making these types of attestations. Who witnesses that Alice has sold her refrigerator? Thinking about this organizational structure IoT devices also complicates the revocation problem. If we can’t quite figure out who it is that speaks for where a device currently lives, how will we figure out who it is who is authorized to say it has been compromised?
In this presentation, all of these issues and more will be explored and actionable guidelines will be proposed to build a secure and scalable system of IDs and attributes for the complex networked world that awaits us all.
Deeper understanding of how Kerberos works . This understanding will work as platform to understand various attacks on it. It also show cases how symmetric key algorithm is used for confidentiality. Some references are from shaun harris CISSP books, primarily the components slide
X 509 Certificates How And Why In Vb.NetPuneet Arora
Learn Why and How to : X 509 Certificates
A public key certificate, usually just called a digital certificate or certs is a digitally signed document that is commonly used for authentication and secure exchange of information on open networks, such as the Internet, extranets, and intranets. A certificate securely binds a public key to the entity that holds the corresponding private key. Certificates are digitally signed by the issuing certification authority (CA) and can be issued for a user, a computer, or a service. This creates a trust relationship between two unknown entities. The CA is the Grand Pooh-bah of Validation in an organization, which everyone trusts, and in some public key environments, no certificate is considered valid unless it has been attested to by a CA. Example of a popular CA�s authority is http://www.verisign.com
Kerberos is a computer network authentication protocol which works on the basis of 'tickets' to allow
nodes communicating over a non-secure network to prove their identity to one another in a secure
manner. Its designers aimed it primarily at a client–server model and it provides mutual
authentication—both the user and the server verify each other's identity. Kerberos protocol messages
are protected against eavesdropping and replay attacks.
EC PKI Training on-prem and cloud-based PKIParnashreeSaha
This presentation is an overview of the PKI training Encryption Consulting LLC provides.
In this training program, you will learn PKI from scratch including MS PKI and cloud-based PKI options.
Get more details on our website www.encryptionconsulting.com
Network Security: Authentication Applications, Electronic Mail Security, IP Security, Web
Security, System Security: Intruders, Malicious Software, Firewalls
http://www.skyriver.net/ - Skyriver Communications – Fixed Wireless Security. Skyriver is a leading business ISP, specializing in Fixed Wireless. Learn about Skyrivers’ innovative high performance broadband for business visit the site now.
Design an active verification mechanism for certificates revocation in OCSP f...IJECEIAES
No doubt that data security online is crucial. Therefore, great attention has been paid to that aspect by companies and organizations given its economic and social implications. Thus, online certificate status protocol (OCSP) is considered one of the most prominent protocol functioning in this field, which offers a prompt support for certificates online. In this research, a model designed based on field programable gate array (FPGA) using Merkel’s tree has been proposed to overcome the delay that might have occurred in sorting and authentication of certificates. Having adopted this model and with the assistance of Hash function algorithm, more than 50% of certificates have been processed in comparison with standard protocol. Moreover, certificates have been provided with substantial storage space with high throughput. Basically, Hash function algorithm has been designed to arrange and specify a site of verified or denied certificates within time of validity to protect servers from intrusion and clients from using applications with harmful contents.
Security+ Guide to Network Security Fundamentals, 3rd Edition, by Mark Ciampa
Knowledge and skills required for Network Administrators and Information Technology professionals to be aware of security vulnerabilities, to implement security measures, to analyze an existing network environment in consideration of known security threats or risks, to defend against attacks or viruses, and to ensure data privacy and integrity. Terminology and procedures for implementation and configuration of security, including access control, authorization, encryption, packet filters, firewalls, and Virtual Private Networks (VPNs).
CNIT 120: Network Security
http://samsclass.info/120/120_S09.shtml#lecture
Policy: http://samsclass.info/policy_use.htm
Many thanks to Sam Bowne for allowing to publish these presentations.
Mutual query data sharing protocol for public key encryption through chosen-c...IJECEIAES
In this paper, we are proposing a mutual query data sharing protocol (MQDS) to overcome the encryption or decryption time limitations of exiting protocols like Boneh, rivest shamir adleman (RSA), Multi-bit transposed ring learning parity with noise (TRLPN), ring learning parity with noise (Ring-LPN) cryptosystem, key-Ordered decisional learning parity with noise (kO-DLPN), and KD_CS protocol’s. Titled scheme is to provide the security for the authenticated user data among the distributed physical users and devices. The proposed data sharing protocol is designed to resist the chosen-ciphertext attack (CCA) under the hardness solution for the query shared-strong diffie-hellman (SDH) problem. The evaluation of proposed work with the existing data sharing protocols in computational and communication overhead through their response time is evaluated.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
2. Outline
Digital Signatures
Authentication Protocols
Digital Signature Standards
Application AuthenticationTechniques Like Kerberos
Sarthak Patel (www.sarthakpatel.in)2
Application AuthenticationTechniques Like Kerberos
X.509 Directory
Authentication Services
Active Directory Service OfWindows NT/Windows 2000
3. Digital Signatures
Digital signatures provide the ability to:
verify author, date & time of signature
authenticate message contents
be verified by third parties to resolve disputes
Sarthak Patel (www.sarthakpatel.in)3
4. Digital Signature Properties
must depend on the message signed
must use information unique to sender
to prevent both forgery and denial
must be relatively easy to produce
Sarthak Patel (www.sarthakpatel.in)4
must be relatively easy to produce
must be relatively easy to recognize & verify
be computationally infeasible to forge
be practical save digital signature in storage
6. Direct Digital Signatures
involve only sender & receiver
assumed receiver has sender’s public-key
digital signature made by sender signing entire message or
hash with private-key
can encrypt using receivers public-key
Sarthak Patel (www.sarthakpatel.in)6
can encrypt using receivers public-key
important that sign first then encrypt message & signature
security depends on sender’s private-key
8. Weakness of Direct D.S
The validity of the scheme depends on the security of the sender's
private key.
If a sender later wishes to deny sending a particular message, the
sender can claim that the private key was lost or stolen and that
someone else forged his or her signature.
Sarthak Patel (www.sarthakpatel.in)8
One example is to require every signed message to include a
timestamp (date and time) and to require prompt reporting of
compromised keys to a central authority.
9. Arbitrated Digital Signatures
involves use of arbiterA
validates any signed message
then dated and sent to recipient
requires suitable level of trust in arbiter
can be implemented with either private or public-key
Sarthak Patel (www.sarthakpatel.in)9
can be implemented with either private or public-key
algorithms
arbiter may or may not be able to see message
10. Authentication Protocols
used to convince parties of each others identity and to
exchange session keys
may be One-way or Mutual
key issues are
confidentiality – to protect session keys
Sarthak Patel (www.sarthakpatel.in)10
confidentiality – to protect session keys
timeliness – to prevent replay attacks
published protocols are often found to have flaws and need to
be modified
11. (Mutual Authentication) Replay
Attacks
where a valid signed message is copied and later resent
Simple replay: The opponent simply copies a message and replays it later.
Repetition that can be logged: An opponent can replay a
timestamped message within the valid time window
Repetition that cannot be detected: This situation could arise
Sarthak Patel (www.sarthakpatel.in)11
Repetition that cannot be detected: This situation could arise
because the original message could have been suppressed and thus did not arrive
at its destination; only the replay message arrives
Backward replay without modification: This is a replay back to
the message sender.
12. Countermeasures to avoid Replay
Attack
Timestamps (needs synchronized clocks)
Party A accepts a message as fresh only if the message contains a
timestamp that, in A's judgment, is close enough to A's
knowledge of current time. This approach requires that clocks
among the various participants be synchronized.
Sarthak Patel (www.sarthakpatel.in)12
Challenge/response (using unique nonce)
Party A, expecting a fresh message from B, first sends B a nonce
(challenge) and requires that the subsequent message (response)
received from B contain the correct nonce value.
13. Using Symmetric Encryption
as discussed previously, we can use a two-level hierarchy of
keys
usually with a trusted Key Distribution Center (KDC)
each party shares own master key with KDC
KDC generates session keys used for connections between
Sarthak Patel (www.sarthakpatel.in)13
KDC generates session keys used for connections between
parties
master keys used to distribute these to them
14. Needham-Schroeder Protocol
original third-party key distribution protocol
for session betweenA B mediated by KDC
protocol overview is:
1. A->KDC: IDA || IDB || N1
Sarthak Patel (www.sarthakpatel.in)14
1. A->KDC: IDA || IDB || N1
2. KDC ->A: EKa[Ks || IDB || N1 || EKb[Ks||IDA] ]
3. A -> B: EKb[Ks||IDA]
4. B ->A: EKs[N2]
5. A -> B: EKs[f(N2)]
15. Needham-Schroeder Protocol
used to securely distribute a new session key for
communications betweenA & B
but is vulnerable to a replay attack if an old session key has
been compromised
Sarthak Patel (www.sarthakpatel.in)15
16. Using Public-Key Encryption
have a range of approaches based on the use of public-key
encryption
need to ensure have correct public keys for other parties
using a central Authentication Server (AS)
various protocols exist using timestamps or nonces
Sarthak Patel (www.sarthakpatel.in)16
various protocols exist using timestamps or nonces
17. Denning AS Protocol
Denning 81 presented the following:
Sarthak Patel (www.sarthakpatel.in)17
note session key is chosen byA, henceAS need not be
trusted to protect it
timestamps prevent replay but require synchronized
clocks
18. One-Way Authentication
required when sender & receiver are not in communications
at same time (e.g., email)
have header in clear so can be delivered by email system
Sarthak Patel (www.sarthakpatel.in)18
19. Using Symmetric Encryption
can refine use of KDC but can’t have final exchange of
nonces:
1. A->KDC: IDA || IDB || N1
2. KDC ->A: EKa[Ks || IDB || N1 || EKb[Ks||IDA] ]
3. A -> B: EKb[Ks||IDA] || EKs[M]
Sarthak Patel (www.sarthakpatel.in)19
3. A -> B: EKb[Ks||IDA] || EKs[M]
does not protect against replays
could rely on timestamp in message, though email delays make
this problematic
20. Public-Key Approaches
have seen some public-key approaches
if confidentiality is major concern, can use:
A->B: EPUb[Ks] || EKs[M]
has encrypted session key, encrypted message
if authentication needed, use a digital signature with a digital
Sarthak Patel (www.sarthakpatel.in)20
if authentication needed, use a digital signature with a digital
certificate:
A->B: M || EPRa[H(M)] || EPRas[T||IDA||PUa]
with message, signature, certificate
21. Digital Signature Standard (DSS)
US Govt approved signature scheme
designed by NIST & NSA in early 90's
published as FIPS-186 in 1991
revised in 1993, 1996 & then 2000
uses the SHA hash algorithm
Sarthak Patel (www.sarthakpatel.in)21
uses the SHA hash algorithm
DSS is the standard, DSA is the algorithm
FIPS 186-2 (2000) includes alternative RSA & elliptic
curve signature variants
22. Digital Signature Algorithm (DSA)
creates a 320 bit signature
with 512-1024 bit security
smaller and faster than RSA
a digital signature scheme only
security depends on difficulty of computing discrete
Sarthak Patel (www.sarthakpatel.in)22
security depends on difficulty of computing discrete
logarithms
24. DSA Signature Creation
to sign a message M the sender:
generates a random signature key k, k<q
k must be random, be destroyed after use, and never be reused
then compute signature pair:
r = (gk(mod p))(mod q)
Sarthak Patel (www.sarthakpatel.in)24
r = (gk(mod p))(mod q)
s = (k-1.H(M)+ x.r)(mod q)
sends signature (r,s) with message M
25. Authentication Applications
developed to support application-level authentication &
digital signatures
will discuss Kerberos – a private-key authentication service
discuss X.509 - a public-key directory authentication service
Sarthak Patel (www.sarthakpatel.in)25
26. Kerberos
Authentication service developed as a part of MIT’sAthena
project
provides centralized private-key third-party authentication in
a distributed network
allows users access to services distributed through network
without needing to trust all workstations
Sarthak Patel (www.sarthakpatel.in)26
without needing to trust all workstations
rather all trust a central authentication server
two versions in use: 4 & 5
27. Why Kerberos is needed ?
Problem: Not trusted workstation to identify
their users correctly in an open distributed environment
3Threats:
Pretending to be another user from the workstation
Sending request from the impersonated workstation
Sarthak Patel (www.sarthakpatel.in)27
Sending request from the impersonated workstation
Replay attack to gain service or disrupt operations
28. Why Kerberos is needed ? Cont.
Solution:
Building elaborate authentication protocols at each
server
A centralized authentication server (Kerberos)
Sarthak Patel (www.sarthakpatel.in)28
29. Requirements for KERBEROS
Secure:
An opponent does not find it to be the weak link
Reliable:
The system should be able to back up another
Transparent:
Sarthak Patel (www.sarthakpatel.in)29
Transparent:
An user should not be aware of authentication
Scalable:
The system supports large number of clients and severs
30. Versions of KERBEROS
Two versions are in common use
Version 4 is most widely used version
Version 4 uses of DES
Version 5 corrects some of the security deficiencies of
Version 4
Sarthak Patel (www.sarthakpatel.in)30
Version 4
Version 5 has been issued as a draft Internet Standard
(RFC 1510)
31. Kerberos v4 Overview
a basic third-party authentication scheme
have an Authentication Server (AS)
users initially negotiate with AS to identify self
AS provides a non-corruptible authentication credential (ticket
granting ticketTGT)
Sarthak Patel (www.sarthakpatel.in)31
granting ticketTGT)
have aTicket Granting server (TGS)
users subsequently request access to other services fromTGS on
basis of usersTGT
32. Kerberos v4 Dialogue
1. obtain ticket granting ticket from AS
• once per session
2. obtain service granting ticket fromTGT
• for each distinct service required
3. client/server exchange to obtain service
Sarthak Patel (www.sarthakpatel.in)32
3. client/server exchange to obtain service
• on every service request
33. Kerberos Version 4: Dialog 1- Simple
Pc=password of client
Sarthak Patel (www.sarthakpatel.in)33
Ticket=Ekv[IDc,ADc,IDv]
kv=Secret Key between
AS and V (Server)
34. where
C= client
AS= authentication server
V=server
ID = identifier of user on C
Sarthak Patel (www.sarthakpatel.in)34
IDC= identifier of user on C
IDV= identifier ofV
PC= password of user on C
ADC= network address of C
Kv= secret encryption key shared byAS andV
35. Kerberos Version 4 : Dialog 2-More Secure
Once per user
logon session
ticketTGS=EKtgs[IDc,ADc,
IDtgs,TS1,LifeTime1 ]
Sarthak Patel (www.sarthakpatel.in)35
4-TicketV
Once per type of
service
36. Kerberos Version 4 : Dialog 2
- More Secure Cont.
Once per service session
Sarthak Patel (www.sarthakpatel.in)36
5- TicketV+ IDc
TicketV=EKv[IDc,ADc,IDv,Ts2,Lifetime2]
37. Kerberos: The Version 4 Authentication
Dialog
KERBEROSOnce per user logon session
ticketTGS=EKtgs [Kc.tgs,
IDc,ADc,IDtgs,TS2,
Sarthak Patel (www.sarthakpatel.in)37
1- IDc + IDtgs +TS1
2- EKc [Kc.tgs,IDtgs,Ts2,
Lifetime2,TicketTGS]
IDc,ADc,IDtgs,TS2,
LifeTime2 ]
38. Kerberos: The Version 4 Authentication
Dialog Cont.
KERBEROS
Once per type of service
ticketTGS=EKtgs [Kc.tgs,IDc,ADc,IDtgs,
TS2, LifeTime2 ]
Sarthak Patel (www.sarthakpatel.in)38
3- TicketTGS + AuthenticatorC +
IDv
4-EKc.tgs[ Kc.v,IDv,Ts4,Ticketv]
AuthenticatorC=EKc.tgs[IDc,ADc,TS3]
ticketV=EKV[Kc.v,IDc,ADc,IDv, TS4,
LifeTime4 ]
39. Kerberos: The Version 4 Authentication
Dialog Cont.
Once per service session
Sarthak Patel (www.sarthakpatel.in)39
5- TicketV+ AuthenticatorC
TicketV=EKv [Kv.c, IDc, ADc, IDv, TS4, Lifetime4]
AuthenticatorC=EKc.v [IDc,ADc,TS5]
6- EKc.v[TS5+1]
45. Tickets:
Contains information which must be considered private to
the user
Allows user to use a service or to accessTGS
Reusable for a period of particular time
Sarthak Patel (www.sarthakpatel.in)45
Reusable for a period of particular time
Used for distribution of keys securely
46. Authenticators
Proves the client’s identity
Proves that user knows the session key
Prevents replay attack
Used only once and has a very short life time
One authenticator is typically built per session of use of a
Sarthak Patel (www.sarthakpatel.in)46
One authenticator is typically built per session of use of a
service
47. Kerberos Realms
A single administrative domain includes:
a Kerberos server
a number of clients, all registered with server
application servers, sharing keys with server
What will happen when users in one realm need access to
Sarthak Patel (www.sarthakpatel.in)47
What will happen when users in one realm need access to
service from other realms?:
Kerberos provide inter-realm authentication
48. Inter-realm Authentication:
Kerberos server in each realm shares a secret key with other
realms.
It requires
Kerberos server in one realm should trust the one in other
realm to authenticate its users
Sarthak Patel (www.sarthakpatel.in)48
realm to authenticate its users
The second also trusts the Kerberos server in the first realm
Problem: N*(N-1)/2 secure key exchange
49. Request for Service in another realm:
Sarthak Patel (www.sarthakpatel.in)4
9
50. KERBEROS Version 5 versus Version4
Environmental shortcomings ofVersion 4:
Encryption system dependence: DES
Internet protocol dependence
Ticket lifetime
Authentication forwarding
Sarthak Patel (www.sarthakpatel.in)50
Authentication forwarding
Inter-realm authentication
52. Realm
Indicates realm of the user
Options
Times
From: the desired start time for the ticket
Till: the requested expiration time
New Elements in Kerberos Version 5
Sarthak Patel (www.sarthakpatel.in)52
Till: the requested expiration time
Rtime: requested renew-till time
Nonce
A random value to assure the response is fresh
54. Kerberos Version 5 Message Exchange:2
To obtain service-granting ticket :
(3)C TGS : Options || IDv ||Times || Nonce2 ||Ticket tgs ║
Authenticator c
(4)TGS C : Realmc || IDc ||Ticket v || EK c,tgs [ Kc,v ║Times||
Nonce2 || IDv ║ Realm v]
Sarthak Patel (www.sarthakpatel.in)54
Nonce2 || IDv Realm v]
Ticket tgs= EKtgs [ Flags || Kc,tgs || Realm c || IDc ||ADc ||
Times]
Ticket v : EK v [Kc,,v ║ Realmc || IDc ║ADc ║Times ]
Authenticator c : EK c,tgs [IDc ║ Realmc ║TS1]
55. Kerberos Version 5 Message Exchange:3
To obtain service
(5) C S : Options ||Ticket v||Authenticator c
(6) S C : EK c,v [TS2|| Subkey || Seq# ]
Ticket v : EK v [Flags || Kc,v || Realmc ||
Sarthak Patel (www.sarthakpatel.in)55
Ticket v : EK v [Flags || Kc,v || Realmc ||
IDc ||ADc ||Times ]
Authenticator c : EK c,v [IDc || Realmc ||
TS2 || Subkey|| Seq# ]
56. Kerberos : Strengths
User's passwords are never sent across the network, encrypted or
in plain text
Secret keys are only passed across the network in encrypted form
Client and server systems mutually authenticate
It limits the duration of their users' authentication.
Authentications are reusable and durable
Sarthak Patel (www.sarthakpatel.in)56
Authentications are reusable and durable
Kerberos has been scrutinized by many of the top programmers,
cryptologists and security experts in the industry
57. Certificate:
Electronic counterparts to driver licenses, passports
Verifies authenticity of the public key
Prevents impersonation
Enables individuals and organizations to secure business and
personal transactions
Sarthak Patel (www.sarthakpatel.in)57
personal transactions
58. What a certificate includes:
Name of Entity being Certified
Public Key
Name of CertificateAuthority
Serial Number
Expiration Date
Sarthak Patel (www.sarthakpatel.in)58
Expiration Date
Digital signature of the issuer
Other information (optional)
59. Certificate Authorities:
Trusted entity which issue and manage certificates for a population
of public-private key-pair holders.
A digital certificate is issued by a CA and is signed with CA’s
private key.
Sarthak Patel (www.sarthakpatel.in)59
60. Who are the Certificate Authorities?
VeriSign
GTE CyberTrust
Entrust
IBM
CertCo
Sarthak Patel (www.sarthakpatel.in)60
CertCo
USPS / Cylink
61. Certificate Issuance Process:
Generate public/private key pair
Sends public key to CA
Proves identity to CA - verify
CA signs and issues certificate
CA e-mails certificate or Requestor retrieves certificate from
Sarthak Patel (www.sarthakpatel.in)61
CA e-mails certificate or Requestor retrieves certificate from
secure websites
Requestor uses certificate to demonstrate legitimacy of their
public key
62. Types of Digital Certificates
E-Mail Certificates
Browser Certificates
Server (SSL) Certificates
Software Signing Certificates
Sarthak Patel (www.sarthakpatel.in)62
Software Signing Certificates
63. Potential security holes:
Was the user really identified?
Security of the private key
Can the Certificate Authority be trusted?
Names are not unique
Sarthak Patel (www.sarthakpatel.in)63
Names are not unique
64. X.509 Directory Authentication Service
Defines a framework for the authentication services
The X.509 directory serving as a repository of public-key
certificates
Defines alternative authentication protocols
Sarthak Patel (www.sarthakpatel.in)64
65. X.509 Certificate format
Version
Serial number
Algorithm
Algorithm
Notation to define a certificate:
CA<<A>>=CA{V,SN,AI,CA,Ta,A,Ap}Algorithm
Parameters
Issuer
Not before
Not after
Subject
Algorithm
Parameter
Key
Signature
Sarthak Patel
(www.sarthakpatel.in)
65
Algorithm
identifier
Period of
validity
Subject’s
public key
CA<<A>>=CA{V,SN,AI,CA,Ta,A,Ap}
where
Y<<X>>= the certificate of user X
issued by certification authority Y
Y{I}=the signing of I by Y. It consists of
I with an enciphered hash code
appended.
66. Securely Obtain a Public Key
Scenario:
A has obtain a certificate from the CA X1
B has obtain a certificate from the CA X2
A can read the B’s certificate but cannot verify it.
Solution: X1<<X2> X2<<B>>
Sarthak Patel (www.sarthakpatel.in)66
A obtain the certificate of X2 signed by X1 from directory. obtain X2’s
public key
A goes back to directory and obtain the certificate of B signed by X2.
obtain B’s public key securely
68. Authentication Procedures:
Three alternative authentication procedures:
One-WayAuthentication
Two-WayAuthentication
Three-WayAuthentication
Sarthak Patel (www.sarthakpatel.in)68
Three-WayAuthentication
All use public-key signatures
69. One-Way Authentication:
1 message ( A->B) used to establish
the identity ofA and that message is fromA
message was intended for B
integrity & originality of message
Sarthak Patel (www.sarthakpatel.in)69
A B1-A {ta,ra,B,sgnData,PUb[Kab]}
Ta-timestamp A=nonce B =identity
sgnData=signed with A’s private key
70. Two-Way Authentication
2 messages (A->B, B->A) which also establishes in addition:
the identity of B and that reply is from B
that reply is intended forA
integrity & originality of reply
Sarthak Patel (www.sarthakpatel.in)70
A B
1-A {ta,ra,B,sgnData,KUb[Kab]}
2-B {tb,rb,A,sgnData,KUa[Kab]}
71. Three-Way Authentication
3 messages (A->B, B->A,A->B) which enables above
authentication without synchronized clocks
Sarthak Patel (www.sarthakpatel.in)71
A B
1- A {ta,ra,B,sgnData,KUb[Kab]}
2 -B {tb,rb,A,sgnData,KUa[Kab]}
3- A{rb}