Scribd Logo
Carica

Benvenuto in Scribd!

  • Mediated Authentication

    Caricato da

    vibha nehra
    44 visualizzazioni11 pagine

    Titolo originale

    Mediated+Authentication.ppt

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PPT, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    44 visualizzazioni11 pagine

    Mediated Authentication

    Caricato da

    vibha nehra

    Copyright:

    © All Rights Reserved
    Scarica in formato PPT, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 11

    Mediated

    Authentication
    Submitted By:
    Vibha Nehra
    10203020
    M.Tech I yr
    Department of Computer Science
    Engg.
    National institute of technology,
    1 Jalandhar. 02/03/20
    Introduction;
     A trusted third party
    mediated the authentication
    process; called the Key
    Distribution Center (KDC).
     Each user & service shares
    a secret key with KDC.
     KDC generates a session
    key, and securely
    distributes it to
    communicating parties.
     Communicating parties
    prove to each other that
    they know the session key

    2 02/03/20
    Establishing Session Key:

    Problem (besides others):


     Bob will not know how to decrypt a message from Alice if the
    message from KDC is late.
     Establishing connection KDC <-> Bob is (somewhat) expensive.

    3 02/03/20
    Establishing Session Key
    (variant):

    Problems:
     No Authentication between Alice and Bob
     No Freshness Guarantee for KAB (what if Alice reuses
    the ticket….???)
    4 02/03/20
    Schroeder
    Protocol:

    5 02/03/20
    Needham-Schroeder
    Protocol
     N1 is
    -for KDC authentication
    -to ensure freshness of KAB
    -attack (without nonce) : Trudy stole KAB from BOB &
    records old KDC’s reply to Alice; Trudy waits for a new
    request to KDC from Alice to talk to Bob and plays back
    old KDC’s reply impersonating KDC
     Reply from KDC
    -strings “Bob” and “Alice” disallows Trudy tampering with
    messages and hijacking the conversation
     N2, N3: For Key confirmation and mutual authentication.
     (minor) issue:
    - ticket is unnecessarily doubly encrypted in message from KDC

    6 02/03/20
    Needham-Schroeder:
    Reflection Attacks
    If message integrity is vulnerable, reflection attack is
    possible

    7 02/03/20
    Expanded Needham
    Schroeder:
    In Standard N-S, Bob doesn’t have freshness guarantee
    for KAB (i.e. can’t detect replays)
    To fix- get a nonce form Bob

    8 02/03/20
    Nonce Types:
     Nonce: a quantity which any given user of a protocol uses
    only once ( a quantity which is guaranteed fresh)
     Nonce Types:
    - sequenced numbers
    -need to keep state, what if trudy can induce crashes
    (DOS attacks?)
    -timestamps
    -need synchronized clocks
    -random numbers
    -freshness guarantee is only probabilistic but if
    number is large it is good enough
    - unpredictable

    9 02/03/20
    Thanks for
    your kind
    Cooperation
    &
    Patience.
    10 02/03/20
    References:
    Network security by Kauffman
    Lecture 10 from www.deneb.cs.kent.edu

    11 02/03/20

    Potrebbero piacerti anche