SlideShare a Scribd company logo

Key exchange in crypto

Download as PPTX, PDF
T
Tony Nguyen

The document discusses key distribution and authentication using symmetric and asymmetric cryptography. It describes the Kerberos protocol which uses a key distribution center (KDC) to authenticate users and distribute session keys. It also discusses using public key certificates and digital signatures to solve the key distribution problem by having a certificate authority (CA) sign public keys.

Technology
1 of 14
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant  Authenticates participants, generates session (shared) keys for them to talk to each other  Gives the requester a “ticket” – session key, requester’s ID and possibly expiration time, encrypted by the key that the server shares with KDC  Ticket and session key enrypted by the key that the requester shares with KDC  Needham-Schroeder, Kerberos
Third-party authentication service oDistributes session keys for authentication, confidentiality, and integrity KDC 1. C, S, NC 2. KC(NC, KCS, S, KS (KCS, C )) C S 3.KS (KCS, C ) 4.KCS (NS ) 5.KCS (NS-1) Problem: replay attack in step 3 Fix: use timestamps
 Introduce Ticket Granting Server (TGS) o Issues timed keys to resources  Users log on to authentication server (AS)  AS+TGS = KDC  Uses timestamps with a lifetime instead of nonces o Fixes freshness problem from Needham- Schroeder
Third-party authentication service oDistributes session keys for authentication, confidentiality, and integrity TGS 4. KC,TGS(KC,S), TCS 3. TGT, S, KC,TGS(C, t) AS 1.C 2. KC(KC,TGS), TGT C S 5. TCS, KC,S(C,t) KC=hash(pass(C)) TGT=KTGS(C,Tvalid,KC,TGS) TCS=KS(C,Tvalid,KC,S) 6. KC,S(t+1)
 Public key is public but … o How does either side know who and what the key is for?  Does this solve key distribution problem? o No – while confidentiality is not required, integrity is  Still need trusted third party o Digital certificates – certificate authority (CA) signs identity+public key tuple with its private key o Problem is finding a CA that both client and server trust
 Everyone has Trent’s public key  Trent signs both Alice’s and Bob’s public keys – he generates public-key certificate  When they receive keys, verify the signature  Mallory cannot impersonate Alice or Bob because her key is signed as Mallory’s  Certificate usually contains more than the public key oName, network address, organization  Trent is known as Certificate Authority (CA)
Authentication steps oVerifier provides nonce, or a timestamp is used instead. oPrincipal selects session key and sends it to verifier with nonce, encrypted with principal’s private key and verifier’s public key, sends principal’s certificate too oVerifier validates certificate oVerifier checks signature on nonce
 PGP (Pretty Good Privacy) o“Web of Trust” o Source: Wikipedia  “As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.“
 X.509 standard o Hierarchical model o A handful of trusted CAs can issue certificates to others
 SSH o User keys exchanged out of band o Weak assurance of server keys  Is this the same host you spoke with last time?
 Revocation lists (CRL’s) o Long lists o Hard to propagate  Lifetime / Expiration o Short life allows assurance of validity at time of issue but increases cost of key distribution  Real-time validation o Online Certificate Status Protocol (OCSP) o Single source of the compromised key list o Clients check suspicious keys and hash replies
 Group key vs. Individual key o Proves that one belongs to the group vs. proving an individual identity o E.g., used for multicast messages
 Revoking access o Change keys, redistribute  Joining and leaving groups o Does one see old messages on join or is the key changed – backward secrecy o How to revoke access – forward secrecy  Robustness o Coping with network partitioning  Efficiency o Cost of use, verification, exchange
 Centralized o Single entity issues keys o Optimization to reduce traffic for large groups o May utilize application specific knowledge  Decentralized o Employs sub managers  Distributed o Members do key generation o May involve group contributions

Recommended

[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
Worteks
 
kerberos
kerberoskerberos
kerberos
sameer farooq
 
How ssl works
How ssl worksHow ssl works
How ssl works
Saptarshi Basu
 
Ch15
Ch15Ch15
Ch15raja yasodhar
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - Overview
Mohammed Adam
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.Net
Puneet Arora
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
rajakhurram
 

Recommended

[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies[POSS 2019] TLS for Dummies
[POSS 2019] TLS for Dummies
Worteks
 
kerberos
kerberoskerberos
kerberos
sameer farooq
 
How ssl works
How ssl worksHow ssl works
How ssl works
Saptarshi Basu
 
Ch15
Ch15Ch15
Ch15raja yasodhar
 
Cryptography - Overview
Cryptography - OverviewCryptography - Overview
Cryptography - Overview
Mohammed Adam
 
SSL/TLS
SSL/TLSSSL/TLS
SSL/TLSSirish Kumar
 
X 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.NetX 509 Certificates How And Why In Vb.Net
X 509 Certificates How And Why In Vb.Net
Puneet Arora
 
Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication Lecture 9 key distribution and user authentication
Lecture 9 key distribution and user authentication
rajakhurram
 
Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshell
Frank Kelly
 
Kerberos
KerberosKerberos
Kerberos
Gichelle Amon
 
Lecture17
Lecture17Lecture17
Lecture17Châu Thanh Chương
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)
Ismail Rachdaoui
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
Ssl
SslSsl
Ssl
Anandraj Kulkarni
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network security
babak danyal
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windowsniteshitimpulse
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authentication
Suraj Singh
 
Kerberos
KerberosKerberos
Kerberos
Rahul Pundir
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
Arpit Agarwal
 
Access data connection
Access data connectionAccess data connection
Access data connection
Tony Nguyen
 
Building a-database
Building a-databaseBuilding a-database
Building a-database
Tony Nguyen
 
Sql database object
Sql database objectSql database object
Sql database object
Tony Nguyen
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
Tony Nguyen
 
Basic dns-mod
Basic dns-modBasic dns-mod
Basic dns-mod
Tony Nguyen
 
Database constraints
Database constraintsDatabase constraints
Database constraints
Harry Potter
 
Introduction to prolog
Introduction to prologIntroduction to prolog
Introduction to prolog
Harry Potter
 

More Related Content

What's hot

Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshell
Frank Kelly
 
Kerberos
KerberosKerberos
Kerberos
Gichelle Amon
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4koolkampus
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
JaroslavChmurny
 
Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)
Ismail Rachdaoui
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
Mohammed Adam
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLSkeithrozario
 
Ssl
SslSsl
Ssl
Anandraj Kulkarni
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
Arun Shukla
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network security
babak danyal
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windowsniteshitimpulse
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authentication
Suraj Singh
 
Kerberos
KerberosKerberos
Kerberos
Rahul Pundir
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
Arpit Agarwal
 

What's hot (15)

Ssl in a nutshell
Ssl in a nutshellSsl in a nutshell
Ssl in a nutshell
 
Kerberos
KerberosKerberos
Kerberos
 
Lecture17
Lecture17Lecture17
Lecture17
 
Authentication Application in Network Security NS4
Authentication Application in Network Security NS4Authentication Application in Network Security NS4
Authentication Application in Network Security NS4
 
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark CapturesSSL/TLS Introduction with Practical Examples Including Wireshark Captures
SSL/TLS Introduction with Practical Examples Including Wireshark Captures
 
Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)Building basic public key infrastucture (PKI)
Building basic public key infrastucture (PKI)
 
What is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) ProtocolWhat is SSL ? The Secure Sockets Layer (SSL) Protocol
What is SSL ? The Secure Sockets Layer (SSL) Protocol
 
Introduction to SSL/TLS
Introduction to SSL/TLSIntroduction to SSL/TLS
Introduction to SSL/TLS
 
Ssl
SslSsl
Ssl
 
Transport Layer Security (TLS)
Transport Layer Security (TLS)Transport Layer Security (TLS)
Transport Layer Security (TLS)
 
key distribution in network security
key distribution in network securitykey distribution in network security
key distribution in network security
 
Kerberos Authentication Process In Windows
Kerberos Authentication Process In WindowsKerberos Authentication Process In Windows
Kerberos Authentication Process In Windows
 
Kerberos authentication
Kerberos authenticationKerberos authentication
Kerberos authentication
 
Kerberos
KerberosKerberos
Kerberos
 
SSL/TLS Handshake
SSL/TLS HandshakeSSL/TLS Handshake
SSL/TLS Handshake
 

Viewers also liked

Access data connection
Access data connectionAccess data connection
Access data connection
Tony Nguyen
 
Building a-database
Building a-databaseBuilding a-database
Building a-database
Tony Nguyen
 
Sql database object
Sql database objectSql database object
Sql database object
Tony Nguyen
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
Tony Nguyen
 
Basic dns-mod
Basic dns-modBasic dns-mod
Basic dns-mod
Tony Nguyen
 
Database constraints
Database constraintsDatabase constraints
Database constraints
Harry Potter
 
Introduction to prolog
Introduction to prologIntroduction to prolog
Introduction to prolog
Harry Potter
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
Harry Potter
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
Tony Nguyen
 
Prolog resume
Prolog resumeProlog resume
Prolog resume
Tony Nguyen
 
Decision tree
Decision treeDecision tree
Decision tree
Tony Nguyen
 
Datamining with nb
Datamining with nbDatamining with nb
Datamining with nb
Tony Nguyen
 
Computer security
Computer security Computer security
Computer security
Tony Nguyen
 
Prolog programming
Prolog programmingProlog programming
Prolog programming
Tony Nguyen
 
Xml stylus studio
Xml stylus studioXml stylus studio
Xml stylus studio
Tony Nguyen
 
Cryptography
CryptographyCryptography
Cryptography
Tony Nguyen
 
Crypto theory to practice
Crypto theory to practiceCrypto theory to practice
Crypto theory to practice
Tony Nguyen
 
Overview prolog
Overview prologOverview prolog
Overview prolog
Tony Nguyen
 
Database constraints
Database constraintsDatabase constraints
Database constraints
Tony Nguyen
 
Nlp naive bayes
Nlp naive bayesNlp naive bayes
Nlp naive bayes
Tony Nguyen
 

Viewers also liked (20)

Access data connection
Access data connectionAccess data connection
Access data connection
 
Building a-database
Building a-databaseBuilding a-database
Building a-database
 
Sql database object
Sql database objectSql database object
Sql database object
 
Crypto passport authentication
Crypto passport authenticationCrypto passport authentication
Crypto passport authentication
 
Basic dns-mod
Basic dns-modBasic dns-mod
Basic dns-mod
 
Database constraints
Database constraintsDatabase constraints
Database constraints
 
Introduction to prolog
Introduction to prologIntroduction to prolog
Introduction to prolog
 
Hash crypto
Hash cryptoHash crypto
Hash crypto
 
Introduction to security_and_crypto
Introduction to security_and_cryptoIntroduction to security_and_crypto
Introduction to security_and_crypto
 
Prolog resume
Prolog resumeProlog resume
Prolog resume
 
Decision tree
Decision treeDecision tree
Decision tree
 
Datamining with nb
Datamining with nbDatamining with nb
Datamining with nb
 
Computer security
Computer security Computer security
Computer security
 
Prolog programming
Prolog programmingProlog programming
Prolog programming
 
Xml stylus studio
Xml stylus studioXml stylus studio
Xml stylus studio
 
Cryptography
CryptographyCryptography
Cryptography
 
Crypto theory to practice
Crypto theory to practiceCrypto theory to practice
Crypto theory to practice
 
Overview prolog
Overview prologOverview prolog
Overview prolog
 
Database constraints
Database constraintsDatabase constraints
Database constraints
 
Nlp naive bayes
Nlp naive bayesNlp naive bayes
Nlp naive bayes
 

Similar to Key exchange in crypto

Jerad Bates - Public Key Infrastructure.ppt
Jerad Bates - Public Key Infrastructure.pptJerad Bates - Public Key Infrastructure.ppt
Jerad Bates - Public Key Infrastructure.ppt
SmeetaJavalagi
 
Jerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).pptJerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).ppt
MehediHasanShaon1
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
Information Security Awareness Group
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
Kathirvel Ayyaswamy
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
Nitin Ramesh
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
Deepak John
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and ApplicationsSvetlin Nakov
 
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docxDescribe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
earleanp
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
Shumon Huque
 
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsCertificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
David Ochel
 
Https
HttpsHttps
Https
Billa Kota Sriram
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
Arash Ramez
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
Olle E Johansson
 
Network security cs8
Network security cs8Network security cs8
Network security cs8
Infinity Tech Solutions
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
JUSTSTYLISH3B2MOHALI
 
ch17.ppt
ch17.pptch17.ppt
ch17.ppt
SomuPatil8
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
Information Technology
 
SSL
SSLSSL
SSL
theekuchi
 
ok_mary_pki1234public_key_encryption.ppt
ok_mary_pki1234public_key_encryption.pptok_mary_pki1234public_key_encryption.ppt
ok_mary_pki1234public_key_encryption.ppt
SmeetaJavalagi
 
The last picks
The last picksThe last picks
The last picks
Nafiur Rahman Tuhin
 

Similar to Key exchange in crypto (20)

Jerad Bates - Public Key Infrastructure.ppt
Jerad Bates - Public Key Infrastructure.pptJerad Bates - Public Key Infrastructure.ppt
Jerad Bates - Public Key Infrastructure.ppt
 
Jerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).pptJerad Bates - Public Key Infrastructure (1).ppt
Jerad Bates - Public Key Infrastructure (1).ppt
 
Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...Introduction to distributed security concepts and public key infrastructure m...
Introduction to distributed security concepts and public key infrastructure m...
 
18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security18CS2005 Cryptography and Network Security
18CS2005 Cryptography and Network Security
 
TLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured CommunicationsTLS/SSL - Study of Secured Communications
TLS/SSL - Study of Secured Communications
 
Computer security module 4
Computer security module 4Computer security module 4
Computer security module 4
 
PKI and Applications
PKI and ApplicationsPKI and Applications
PKI and Applications
 
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docxDescribe- in your own words- the mechanism for establishing a HTTPS co.docx
Describe- in your own words- the mechanism for establishing a HTTPS co.docx
 
An Introduction to Kerberos
An Introduction to KerberosAn Introduction to Kerberos
An Introduction to Kerberos
 
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operatorsCertificates, PKI, and SSL/TLS for infrastructure builders and operators
Certificates, PKI, and SSL/TLS for infrastructure builders and operators
 
Https
HttpsHttps
Https
 
Certificate pinning in android applications
Certificate pinning in android applicationsCertificate pinning in android applications
Certificate pinning in android applications
 
#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS#MoreCrypto : Introduction to TLS
#MoreCrypto : Introduction to TLS
 
Network security cs8
Network security cs8Network security cs8
Network security cs8
 
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdfI would appreciate help with these 4 questions. Thank You.1) Expla.pdf
I would appreciate help with these 4 questions. Thank You.1) Expla.pdf
 
ch17.ppt
ch17.pptch17.ppt
ch17.ppt
 
Ch12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key InfrastructureCh12 Cryptographic Protocols and Public Key Infrastructure
Ch12 Cryptographic Protocols and Public Key Infrastructure
 
SSL
SSLSSL
SSL
 
ok_mary_pki1234public_key_encryption.ppt
ok_mary_pki1234public_key_encryption.pptok_mary_pki1234public_key_encryption.ppt
ok_mary_pki1234public_key_encryption.ppt
 
The last picks
The last picksThe last picks
The last picks
 

More from Tony Nguyen

Object oriented analysis
Object oriented analysisObject oriented analysis
Object oriented analysis
Tony Nguyen
 
Directory based cache coherence
Directory based cache coherenceDirectory based cache coherence
Directory based cache coherence
Tony Nguyen
 
Business analytics and data mining
Business analytics and data miningBusiness analytics and data mining
Business analytics and data mining
Tony Nguyen
 
Big picture of data mining
Big picture of data miningBig picture of data mining
Big picture of data mining
Tony Nguyen
 
Data mining and knowledge discovery
Data mining and knowledge discoveryData mining and knowledge discovery
Data mining and knowledge discovery
Tony Nguyen
 
How analysis services caching works
How analysis services caching worksHow analysis services caching works
How analysis services caching works
Tony Nguyen
 
Hardware managed cache
Hardware managed cacheHardware managed cache
Hardware managed cache
Tony Nguyen
 
Abstract data types
Abstract data typesAbstract data types
Abstract data types
Tony Nguyen
 
Optimizing shared caches in chip multiprocessors
Optimizing shared caches in chip multiprocessorsOptimizing shared caches in chip multiprocessors
Optimizing shared caches in chip multiprocessors
Tony Nguyen
 
Abstract class
Abstract classAbstract class
Abstract class
Tony Nguyen
 
Abstraction file
Abstraction fileAbstraction file
Abstraction file
Tony Nguyen
 
Concurrency with java
Concurrency with javaConcurrency with java
Concurrency with java
Tony Nguyen
 
Data structures and algorithms
Data structures and algorithmsData structures and algorithms
Data structures and algorithms
Tony Nguyen
 
Object oriented programming-with_java
Object oriented programming-with_javaObject oriented programming-with_java
Object oriented programming-with_java
Tony Nguyen
 
Cobol, lisp, and python
Cobol, lisp, and pythonCobol, lisp, and python
Cobol, lisp, and python
Tony Nguyen
 
Extending burp with python
Extending burp with pythonExtending burp with python
Extending burp with python
Tony Nguyen
 

More from Tony Nguyen (20)

Object oriented analysis
Object oriented analysisObject oriented analysis
Object oriented analysis
 
Directory based cache coherence
Directory based cache coherenceDirectory based cache coherence
Directory based cache coherence
 
Business analytics and data mining
Business analytics and data miningBusiness analytics and data mining
Business analytics and data mining
 
Big picture of data mining
Big picture of data miningBig picture of data mining
Big picture of data mining
 
Data mining and knowledge discovery
Data mining and knowledge discoveryData mining and knowledge discovery
Data mining and knowledge discovery
 
Cache recap
Cache recapCache recap
Cache recap
 
How analysis services caching works
How analysis services caching worksHow analysis services caching works
How analysis services caching works
 
Hardware managed cache
Hardware managed cacheHardware managed cache
Hardware managed cache
 
Abstract data types
Abstract data typesAbstract data types
Abstract data types
 
Optimizing shared caches in chip multiprocessors
Optimizing shared caches in chip multiprocessorsOptimizing shared caches in chip multiprocessors
Optimizing shared caches in chip multiprocessors
 
Abstract class
Abstract classAbstract class
Abstract class
 
Abstraction file
Abstraction fileAbstraction file
Abstraction file
 
Object model
Object modelObject model
Object model
 
Concurrency with java
Concurrency with javaConcurrency with java
Concurrency with java
 
Data structures and algorithms
Data structures and algorithmsData structures and algorithms
Data structures and algorithms
 
Inheritance
InheritanceInheritance
Inheritance
 
Object oriented programming-with_java
Object oriented programming-with_javaObject oriented programming-with_java
Object oriented programming-with_java
 
Cobol, lisp, and python
Cobol, lisp, and pythonCobol, lisp, and python
Cobol, lisp, and python
 
Extending burp with python
Extending burp with pythonExtending burp with python
Extending burp with python
 
Api crash
Api crashApi crash
Api crash
 

Recently uploaded

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
BookNet Canada
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
DianaGray10
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
Peter Spielvogel
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
ThomasParaiso2
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
Matthew Sinclair
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
Ralf Eggert
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
sonjaschweigert1
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
Laura Byrne
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
mikeeftimakis1
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
Uni Systems S.M.S.A.
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 

Recently uploaded (20)

Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...Transcript: Selling digital books in 2024: Insights from industry leaders - T...
Transcript: Selling digital books in 2024: Insights from industry leaders - T...
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfSAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...GridMate - End to end testing is a critical piece to ensure quality and avoid...
GridMate - End to end testing is a critical piece to ensure quality and avoid...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
FIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdfFIDO Alliance Osaka Seminar: Overview.pdf
FIDO Alliance Osaka Seminar: Overview.pdf
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
20240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 202420240607 QFM018 Elixir Reading List May 2024
20240607 QFM018 Elixir Reading List May 2024
 
PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)PHP Frameworks: I want to break free (IPC Berlin 2024)
PHP Frameworks: I want to break free (IPC Berlin 2024)
 
A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...A tale of scale & speed: How the US Navy is enabling software delivery from l...
A tale of scale & speed: How the US Navy is enabling software delivery from l...
 
The Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and SalesThe Art of the Pitch: WordPress Relationships and Sales
The Art of the Pitch: WordPress Relationships and Sales
 
Introduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - CybersecurityIntroduction to CHERI technology - Cybersecurity
Introduction to CHERI technology - Cybersecurity
 
Microsoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdfMicrosoft - Power Platform_G.Aspiotis.pdf
Microsoft - Power Platform_G.Aspiotis.pdf
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 

Key exchange in crypto

  • 1.  Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant  Authenticates participants, generates session (shared) keys for them to talk to each other  Gives the requester a “ticket” – session key, requester’s ID and possibly expiration time, encrypted by the key that the server shares with KDC  Ticket and session key enrypted by the key that the requester shares with KDC  Needham-Schroeder, Kerberos
  • 2. Third-party authentication service oDistributes session keys for authentication, confidentiality, and integrity KDC 1. C, S, NC 2. KC(NC, KCS, S, KS (KCS, C )) C S 3.KS (KCS, C ) 4.KCS (NS ) 5.KCS (NS-1) Problem: replay attack in step 3 Fix: use timestamps
  • 3.  Introduce Ticket Granting Server (TGS) o Issues timed keys to resources  Users log on to authentication server (AS)  AS+TGS = KDC  Uses timestamps with a lifetime instead of nonces o Fixes freshness problem from Needham- Schroeder
  • 4. Third-party authentication service oDistributes session keys for authentication, confidentiality, and integrity TGS 4. KC,TGS(KC,S), TCS 3. TGT, S, KC,TGS(C, t) AS 1.C 2. KC(KC,TGS), TGT C S 5. TCS, KC,S(C,t) KC=hash(pass(C)) TGT=KTGS(C,Tvalid,KC,TGS) TCS=KS(C,Tvalid,KC,S) 6. KC,S(t+1)
  • 5.  Public key is public but … o How does either side know who and what the key is for?  Does this solve key distribution problem? o No – while confidentiality is not required, integrity is  Still need trusted third party o Digital certificates – certificate authority (CA) signs identity+public key tuple with its private key o Problem is finding a CA that both client and server trust
  • 6.  Everyone has Trent’s public key  Trent signs both Alice’s and Bob’s public keys – he generates public-key certificate  When they receive keys, verify the signature  Mallory cannot impersonate Alice or Bob because her key is signed as Mallory’s  Certificate usually contains more than the public key oName, network address, organization  Trent is known as Certificate Authority (CA)
  • 7. Authentication steps oVerifier provides nonce, or a timestamp is used instead. oPrincipal selects session key and sends it to verifier with nonce, encrypted with principal’s private key and verifier’s public key, sends principal’s certificate too oVerifier validates certificate oVerifier checks signature on nonce
  • 8.  PGP (Pretty Good Privacy) o“Web of Trust” o Source: Wikipedia  “As time goes on, you will accumulate keys from other people that you may want to designate as trusted introducers. Everyone else will each choose their own trusted introducers. And everyone will gradually accumulate and distribute with their key a collection of certifying signatures from other people, with the expectation that anyone receiving it will trust at least one or two of the signatures. This will cause the emergence of a decentralized fault-tolerant web of confidence for all public keys.“
  • 9.  X.509 standard o Hierarchical model o A handful of trusted CAs can issue certificates to others
  • 10.  SSH o User keys exchanged out of band o Weak assurance of server keys  Is this the same host you spoke with last time?
  • 11.  Revocation lists (CRL’s) o Long lists o Hard to propagate  Lifetime / Expiration o Short life allows assurance of validity at time of issue but increases cost of key distribution  Real-time validation o Online Certificate Status Protocol (OCSP) o Single source of the compromised key list o Clients check suspicious keys and hash replies
  • 12.  Group key vs. Individual key o Proves that one belongs to the group vs. proving an individual identity o E.g., used for multicast messages
  • 13.  Revoking access o Change keys, redistribute  Joining and leaving groups o Does one see old messages on join or is the key changed – backward secrecy o How to revoke access – forward secrecy  Robustness o Coping with network partitioning  Efficiency o Cost of use, verification, exchange
  • 14.  Centralized o Single entity issues keys o Optimization to reduce traffic for large groups o May utilize application specific knowledge  Decentralized o Employs sub managers  Distributed o Members do key generation o May involve group contributions