Public Key Cryptography & Password ProtocolsOutlineUser Authentication MethodsPassword AuthenticationCracking a password is easyPassword MechanismsPassword Mechanisms – Contd.Additional functionalitiesAttacks on Password Based ProtocolsTerminology usedEncrypted Password TransmissionEncrypted Password Transmission Contd.Generic Encrypted Challenge Response ProtocolContd.Resistance to server compromiseMutual Authentication and key exchangeSlide 17Mutual Authentication & Diffie Hellman exchangeSlide 19Public PasswordsRepresentation and identification of public passwordsNeed of public-key toolsPublic Key CryptographyPublic Key Cryptography&&Password Protocols Password Protocols -Rashmi Kukanur-Rashmi KukanurOutlineOutline►Study of protocols in assymetric Study of protocols in assymetric scenariosscenarios►Present and analyze password Present and analyze password protocolsprotocols►Provide authentication and security Provide authentication and security featuresfeatures►Public passwordsPublic passwordsUser Authentication MethodsUser Authentication Methods►Based onBased onSomething user knows (password)Something user knows (password)Something user has (smartcard)Something user has (smartcard)Something user is (fingerprint, speech Something user is (fingerprint, speech recognition)recognition)►Password Password Popular user authentication system Popular user authentication system Used in asymmetric scenarios Used in asymmetric scenariosPassword AuthenticationPassword Authentication►Remote user accessRemote user access►Goal Goal strong strong authentication authentication without requiring the without requiring the user to user to carry/remember carry/remember except a password except a password VPN traffic(authenticated using password) FirewallCracking a password is easyCracking a password is easy►Weak : “low entropy” “easily guessed” Weak : “low entropy” “easily guessed” drawn from a small spacedrawn from a small space►Dictionary Attack Dictionary Attack Simply guess the password and verify the Simply guess the password and verify the guessed value using publicly guessed value using publicly available infoavailable info(example : one way function (example : one way function a=h(password) a=h(password)Password MechanismsPassword Mechanisms►Password Transmission – ftp, telnetPassword Transmission – ftp, telnet►Vulnerable to eavesdroppingVulnerable to eavesdropping►Hashing password does not helpHashing password does not helppwdClient ServerPassword Mechanisms – Password Mechanisms – Contd.Contd.►Challenge ResponseChallenge Response ►Vulnerable to dictionary attack on Vulnerable to dictionary attack on H(challenge, pwd)H(challenge, pwd)►One Time PasswordsOne Time PasswordsUser uses a different password every timeUser uses a different password every timeInconvenient to the user Inconvenient to the user Still vulnerable to MIM , password guessing attacksStill vulnerable to MIM , password guessing attacksClientH (challenge, pwd)challengeServerAdditional functionalities Additional functionalities ►Mutual Authentication Mutual Authentication ►Authenticated key-exchangeAuthenticated key-exchangeprevents session hijacking ,data forgery prevents session hijacking ,data forgery data exposure data exposure►User identity protectionUser identity protectionremote authentication of mobile users remote authentication of mobile usersAttacks on Password Attacks on Password Based ProtocolsBased Protocols►Eavesdropping Eavesdropping ►Replay Replay ►Man-in-the-middle Man-in-the-middle ►Password Guessing AttacksPassword Guessing AttacksOff-line AttackOff-line AttackOn-line AttackOn-line Attack►Insider-assisted attacksInsider-assisted attacks►Exposure of secretsExposure of secretsTerminology usedTerminology used►User - U , Server –SUser - U , Server –SS <-m <- U – message m from U to SS <-m <- U – message m from U to S►User secret password – spwdUser secret password – spwd►Server public key – pkServer public key – pk►User public password – ppwdUser public password – ppwd►MD – collision resistant hash functionMD – collision resistant hash function►ENCENCpkpk – Encryption function – Encryption functionEncrypted Password Encrypted Password TransmissionTransmission Set-up: ppwd:= MD(pk)Set-up: ppwd:= MD(pk)Server (S) User (U)Server (S) User (U) n,pk Check n,pk Check ppwd=MD(pk)ppwd=MD(pk)Decrypt & U,n,ENCDecrypt & U,n,ENCpkpk(spwd;U,S,n)(spwd;U,S,n)VerifyVerifyEncrypted Password Encrypted Password TransmissionTransmissionContd.Contd.►The public password ppwd authenticates The public password ppwd authenticates server’s public key server’s public key ►Does not rely on the password as a Does not rely on the password as a cryptographic keycryptographic key►Encryption scheme is randomizedEncryption scheme is randomized►Should be infeasible to obtain ENCShould be infeasible to obtain ENCpkpk (n1,spwd) from ENC(n1,spwd) from ENCpkpk(n,spwd) for some n1!(n,spwd) for some n1!=n without knowing spwd=n without knowing spwd►One-time pad encryption and ElGamal One-time pad encryption and ElGamal encryption vulnerable to attackencryption vulnerable to attackGeneric Encrypted Challenge Generic Encrypted Challenge Response ProtocolResponse Protocol Set-up: ppwd:= MD(pk)Set-up: ppwd:= MD(pk)Server (S) User (U)Server (S) User (U) n,pk Check ppwd n,pk Check ppwd =MD(pk)=MD(pk)Decrypt & U,n,ENCDecrypt & U,n,ENCpkpk(f(spwd;U,S,n))(f(spwd;U,S,n))VerifyVerifyContd.Contd.►With the use of weak human With the use of weak human passwords as keys to cryptographic passwords as keys to cryptographic functions the security is questionable functions the security is questionable Solution - Use passwords under Solution - Use passwords under functionsfunctions►These functions require to be one-to-These functions require to be one-to-one oneResistance to server Resistance to server compromisecompromise►The Encrypted password transmission protocolThe Encrypted password transmission protocoltotally insecure if the server’s private key is compromisedtotally insecure if the server’s private key is compromised►Common heuristics for the f definition to protect Common heuristics for the f definition to
View Full Document
Unlocking...