GT CS 4803 - CS 4803 LECTURE NOTES
School name Georgia Tech
Pages 6

Unformatted text preview:

CS 4803 Computer and Network SecurityAlexandra (Sasha) BoldyrevaAuthentication1Authentication•Verifying the identity of another entity•Computer authenticating to another computer•Person authenticating to a local computer•Person authenticating to a remote computer•Two issues:•How authentication information is stored (at both ends) •Authentication protocol itself2Overview•Authentication may be based on•What you know•What you have•What you are•Examples?•Mutual authentication vs. unidirectional authentication3Attack taxonomy•Passive attacks•Active attacks•Impersonation•Man-in-the-middle•Server compromise•Different attacks may be easier/more difficult in different settings4Address-based authentication•Is sometimes used (e.g., unix)•This is generally not very secure•Relatively easy to forge source addresses of network packets5Password-based protocols•Password-based authentication•Any system based on low-entropy shared secret (note: different from book definitions!)6Password selection•User selection of passwords is typically very weak•Lower entropy password makes dictionary attacks easier•Typical passwords:•Derived from account names or usernames•Dictionary words, reversed dictionary words, or small modifications of dictionary words•Etc.7Better password selection•Non-alphanumeric characters•Longer phrases•Can try to enforce good password selection…•…but these types of passwords are difficult for people to memorize and type!8From passwords to keys?•Can potentially use passwords to derive symmetric or public keys•What is the entropy of the resulting key?•Often allows off-line dictionary attacks on the password9Password-based protocols•Any password-based protocol is vulnerable to an “on-line” dictionary attack•On-line attacks can be detected and limited•How?•Any password-based protocol is vulnerable to off-line attack if server is compromised10Password-based protocols•Best: Use a password-based protocol which is secure against off-line attacks when server is not compromised•Unfortunately, this has not been the case in practice (e.g., telnet, cell phones, etc.)•This is a difficult problem!11Password storage•In the clear…•Hash of password (done correctly)•Doesn’t always achieve anything!•Makes adversary’s job harder•Potentially protects users who choose good passwords•“Salt”-ed hash of password•Makes bulk dictionary attacks harder, but no harder to attack a particular password•Centralized server stores password•Threshold password storage12Centralized password storage•Authentication storage node•Central server stores password; servers request the password to authenticate user•Auth. facilitator node•Central server stores password; servers send information from user to be authenticated by the central server•Note that central server must be authenticated!13Basic authentication protocols…•Server stores H(pw); user sends pw•“Secure” against server compromise, but not eavesdropping (or replay attacks)•Server stores pw, sends R; user sends H(pw,R)•Secure against eavesdropping, but not server compromise (or dictionary attack)•What if the user sends R also…?•Can we achieve security against both?14Other techniques for human auth.•Tokens•Magnetic stripe cards•Smartcards•“Standalone” tokens:•Still need a secure auth. protocol!15Biometrics•Various possibilities…•Drawbacks•Entropy?•Are biometric data secret?•Revocation?•Difficult to use securely!•Non-uniform•Errors•Still need a secure protocol…16Public-key protocols•Server stores pk; user stores sk•Server sends R; user signs R•Using a secure signature scheme…•Is this secure?•Potential weaknesses•What if we had used encryption instead?•Can we achieve security against server compromise and eavesdropping without using public-key crypto?17Lamport’s hashing protocol•Server stores Hn(pw); user sends Hn-1(pw)•Server updates user’s entry…•Can also add “salt” to hash•Can use same password on different sites•Protects against off-line attacks•Can use same password (but different salt) when password “expires”18Some attacks…•Secret expires…•No mutual authentication•“Small n” attack19Session key establishment•There are very few applications for which authentication alone is sufficient!•What do you do once you are authenticated?•Generally, need to establish a session key•Efficiency advantages to using symmetric-key techniques if public-key auth. is used•Advantages even if a symmetric key is already shared…20Session keys•Reduces effectiveness of cryptanalysis•If a key is compromised, only one conversation is affected•Prevents replay of messages from other conversations•Better security from un-trusted host21KDCs•Key Distribution Centers•Advantages of symmetric-key crypto, without O(n2) keys•But requires a trusted intermediary•Single point of failure/attack22Multiple intermediaries•Can use multiple KDCs…•Can have all pairs of KDCs share a key•More likely, there will be a hierarchy of KDCs23Basic key exchange•Public-key based…•Diffie-Hellman key exchange•Not authenticated


View Full Document

GT CS 4803 - CS 4803 LECTURE NOTES

Download CS 4803 LECTURE NOTES
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view CS 4803 LECTURE NOTES and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view CS 4803 LECTURE NOTES 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?