Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

CMSC 414 Computer (and Network) Security Lecture 24 Jonathan Katz

advertisement 
CMSC 414
Computer (and Network) Security
Lecture 24
Jonathan Katz
Administrative stuff…
 Please fill out course evaluation
– On line
– Link from course homepage
 Brief remarks on project…
Otway-Rees
 AB: NC, KA(NA, NC, Alice, Bob)
 BKDC: KA(…), KB(NB, NC, Alice, Bob)
– KDC checks that NC is the same…
 KDCB: NC, KA(NA, KAB), KB(NB, KAB)
 BA: KA(…)
 AB: KAB(timestamp)
– Note: KDC already authenticated Bob
Analysis?
 NC should be unpredictable, not just a nonce
– Otherwise, can impersonate B to KDC
• Send first message: (next NC), “garbage”
• B forwards to KDC along with encryption of the
next NC
• Next time A initiates a conversation, replay previous
message from B
More about nonces…
 Important to understand what qualities the
nonce needs to satisfy in order for protocol
to be secure
– Used once? Unpredictable? Random?
– Note that long random nonces have negligible
probability of being re-used
 E.g., challenge-response or reverse
challenge-response
A word about “random”
 Random numbers needed for all of
cryptography
– Difficult to generate “good” random numbers
 Possibilities:
– “Real” (i.e., hardware) RNG
– Cryptographic/non-cryptographic PRNG
• Must use long (random, unpredictable) seed!!
– Generate from user behavior
Authentication tokens
 Authentication may be based on:
– What you know (e.g., passwords)
– What you have (e.g., token)
– What you are (e.g., biometrics)
 Best security practice is to combine two (or
more) of these…
 Using tokens/biometrics alone is useless
without a secure protocol!
Authentication tokens
 Advantages
– Difficult to reproduce
– Can “store” larger secrets
– Psychological barrier to giving out your token
 Disadvantages
– Can be stolen
• Combine with PIN/password
– Can be lost
– Expensive; may require custom hardware
Authentication tokens
 Magnetic stripe card
– Simply records data and later reveals it
– Non-trivial, but not too difficult, to copy
 “Smart card”
– Embedded CPU/memory
– Carries out an interactive protocol
Smart cards
 PIN protected memory card
– Information on card can be read only with
correct PIN
– After many wrong guesses, card “locks” itself
 “Crypto” card
– Card stores key used to perform cryptographic
operations (perhaps only with correct PIN)
– Tamper resistant --- impossible to obtain key or
duplicate card
Smart cards
 Readerless smart card
– Card interacts directly with the user via
keyboard and/or monitor interface
– E.g., secureID
– Does not require special hardware
Biometrics (briefly)
 “What you are…”
 Many possibilities:
– Fingerprints/handprints
– Retinal scans
– Etc.
Notes about biometrics
 Insecure if biometric data sent in the clear!
– Need to use cryptographically-secure protocol
– Not clear how to use biometric data as a
cryptographic key
• Data changes slightly every time it is scanned
• Data is not random, although it has high entropy
Note about biometrics
 Biometric data can be forged!
– E.g., fingerprints…
Review: checklist
 Whether eavesdropping, posing as either
party, or acting as a “man-in-the-middle”,
an attacker should be unable to:
–
–
–
–
Learn the contents of messages
Insert messages
“Hijack” a conversation between two parties
Impersonate either party, or learn information
allowing impersonation in the future
– Perform an off-line dictionary attack (ideally)
Continued…
 In addition, when posing as either party an
attacker should be unable to:
– Trick the other party into “doing something
useful” (e.g., signing an arbitrary message)
Continued…
 If the server’s database is compromised
(and even if further eavesdropping occurs),
an attacker should be unable to:
– Impersonate the user to this server (ideally; not
always the case --- recall that an off-line
dictionary attack is always possible)
– Impersonate the user to other servers
– Decrypt old conversations (forward secrecy)
Final remark
 It is not always necessary to achieve all
these goals
– If shared secret is cryptographically strong, offline password guessing is not a concern
– In some environments, certain attacks may be
less feasible and therefore not a concern
An overview of network security
Network layers
 Application
 Transport
 Network
 Data link
 Physical
Examples
 Application layer: PGP, SSH
 Transport layer: SSL/TLS
 Network layer: IPSec
 Not usually done at the data link level…
 Can’t really be done at the physical level
Security in what layer?
 Depends on the purpose…
– What information needs to be protected?
– What is the attack model?
– Who shares keys in advance?
– Should the user be involved?
 E.g., a network-layer protocol cannot
authenticate two end-users to each other
 Also affects efficiency, ease of deployment
Related documents
Security methods and devices, including biometrics
Security methods and devices, including biometrics
IdentaZone The cloud based Universal Identity Verification Solution
IdentaZone The cloud based Universal Identity Verification Solution
Solution
Solution
Name:______key______________________________ Level Security
Name:______key______________________________ Level Security
Gesture Dynamics with skin conductivity
Gesture Dynamics with skin conductivity
Cryptography Protocols Anita Jones CS451 Information Security Copyright(C) Anita Jones
Cryptography Protocols Anita Jones CS451 Information Security Copyright(C) Anita Jones
session17308 1 (3)
session17308 1 (3)
Download
advertisement