By: Kirti Chawla
advertisement
By: Kirti Chawla • Introduction • Needs & Necessity • Standard Protocols • An Example • Looking Back Set of rules that ensure that source, transit and destination exchanges and retains information in secure way. • Introduction • Needs & Necessity • Standard Protocols • An Example • Looking Back 1. 2. 3. Information is not confined We need to exchange information Standard means of exchanging information • Introduction • Needs & Necessity • Standard Protocols Categories Examples Secret sharing Key exchange protocols Identity Authentication protocols Presence of Secret Zero-knowledge proofs Channel Subliminal channel Group Secrets Secure multiparty computation • An Example • Looking Back Key exchange protocols • Introduction • Needs & Necessity • Standard Protocols • An Example • Looking Back Sender 1. 2. 3. A key that should be kept secret It is required to be shared Should be valid for a session only Receiver Authentication protocols • Introduction • Needs & Necessity • Standard Protocols • An Example • Looking Back Home 1. 2. 3. Mobile You need to access resource that are displaced You need to prove your identity without physical relocation Should be time-bound access to resources Zero knowledge proofs • Introduction • Needs & Necessity • Standard Protocols • An Example A • Looking Back Q User 1. 2. 3. Challenger/System Prove possession of secret but don’t divulge it A basic element called trust is there, although however minimum Access to resource based upon this proof Subliminal channel • Introduction • Needs & Necessity • Standard Protocols • An Example • Looking Back Scrutinizer Sender 1. 2. 3. Receiver Secret has to go under the eyes of Scrutinizer The message should appear “innocuous” to Scrutinizer Sender and receiver know the scheme to get secret Secure multiparty computation • Introduction • Needs & Necessity • Standard Protocols • An Example • Looking Back Sender 1. 2. 3. Receiver Each member has secret that should not be shared All know the combined result No member can stop or delay any information that’s circulating • Introduction Security Protocols • Needs & Necessity • Standard Protocols Kerberos • An Example • Looking Back IPSec SSL/HTTPS IPSec • Introduction • Needs & Necessity • Standard Protocols A set of rules for protecting data at IP layer. It supports both authentication and security of data-packets originating from IP based network. • An Example • Looking Back Transport IP-Header Payload Tunnel IP-Header IP-Header Payload Authentication • Introduction • Needs & Necessity • Standard Protocols IPSec supports authentication by non-repudiation of payload and/or complete packet. The header is called AH or Authentication Header. • An Example • Looking Back Transport with AH header IP-header AH-header Payload Tunnel with AH header IP-Header AH-header IP-header Payload Security • Introduction • Needs & Necessity • Standard Protocols IPSec supports security by encrypting of payload and/or complete packet. The header is called ESP or Encapsulated Security Payload. • An Example • Looking Back Transport with ESP header IP-header ESP-header Payload Tunnel with ESP header IP-Header ESP-header IP-header Payload Security Associations • Introduction • Needs & Necessity • Standard Protocols • An Example Security Association is collection of facts that allows two parties to maintain a secure session. All security associations contain certain parameters and destination address. • Looking Back Authentication & security algorithms used Keys used for both algorithms Security Association Database Lifetime of key Lifetime of SA Sensitivity level Structure of SA How it works ? • Introduction Authentication • Needs & Necessity • Standard Protocols • An Example • Looking Back Public Network Security Public Network Kerberos • Introduction • Needs & Necessity • Standard Protocols • An Example • Looking Back It’s authentication protocol, which allows controlled and legitimate usage of resources by it’s users. Components • Introduction • Needs & Necessity A User who wishes to use some resources on network • Standard Protocols • An Example • Looking Back A Key Distribution Center that gives user a session key, when he logs in. An Authentication Server which authenticates user. A Ticket Granting Server which allows usage of multiple resources on network. How it works ? • Introduction • Needs & Necessity User AS KDC • Standard Protocols • An Example • Looking Back 1 2 … N TGS Realms • Introduction KDC • Needs & Necessity • Standard Protocols • An Example Network 2 TGS TGS Network 1 • Looking Back AS AS AS User TGS Network 3 AS Network N TGS SSL/HTTPS • Introduction • Needs & Necessity • Standard Protocols • An Example • Looking Back It’s a session or application level protocol to ensure security. SSL is Secure Socket Layer and HTTPS is Secure Hyper Text Transfer Protocol. Components • Introduction • Needs & Necessity • Standard Protocols • An Example A User who wishes to use some resources or communicate with other user. • Looking Back A User or Server who wishes to communicate (to provide some service) with above user needs to prove his identity. A Hacker How it works ? • Introduction Hello • Needs & Necessity Cert • Standard Protocols Prove MAC • An Example • Looking Back User Server Hacker • Introduction • Needs & Necessity 1. • Standard Protocols 2. • An Example 3. • Looking Back A user needs to carry information on the go from incumbent system. Information needs to be authenticated before it leaves incumbent system. A component in system provides mechanism of authenticating information after scrutiny based upon following measures: 1. Ask information bearer of the source of information. 2. Scrutinize based upon information at hand and their persistent knowledge. How it works ? • Introduction • Needs & Necessity 2 • Standard Protocols User • An Example 3 • Looking Back 1 Authenticating component Policy Implementer • Introduction • Needs & Necessity • Standard Protocols • An Example • Looking Back Are you familiar with the protocol in previous slide ?
