Network Security Network Security Protocol 1 Network Security Chapter 2. Network Security Protocols.

Network Security Network Security Protocol 1

Network Security

Chapter 2. Network Security Protocols


Key Establishment Technique

Key Authentication

Authenticated Key Establishment Protocol

Key generation in SKC

Kerberos : Key generation in SKC

Key Establishment in PKC

Authentication Protocols

Security of password

Authentication using SKC

Authentication using PKC

Objectives


The three important aspect of network security:– authentication, encryption, message authentication

Key : Central to the idea of cryptography.

Some definitions related to key.– key establishment : a process or protocol where by a shared secret becomes available to two or more parties, for subsequent cryptographic use.

Introduction


Key transport : a key establishment technique where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s).

Key agreement : a key establishment technique in which a shared secret is derived by two (or more) parties as a function of information contributed by, or associated with, each of these, (ideally) such that no part can predetermine the resulting value.

Key establishment technique


Key pre-distribution : key establishment protocols whereby the resulting established keys are

completely determined apriori by initial keying material.

Dynamic key establishment : the key is established by a fixed pair (or group) of users varies on

subsequent executions. Also referred to as session key establishment

Key establishment technique


Key authentication : the property whereby one party is assured that no other party asides from a specifically identified second party( and possibly additional identified trusted parties) may gain access to a particular secret key.

It need not involve any action whatsoever by the second party. For this reason, it is some times referred to more precisely as (implicit) key authentication.

Key conformation : the property whereby one party is assured that a second (possibly unidentified) party actually has possession of particular secret key.

Explicit key authentication : the property obtained when (implicit) key authentication and key conformation hold.

Key authentication


Authentication Summary

Authentication term Central focus

authentication Depends on context of usage

Entity authenticationIdentity of a party, and aliveness at a given instant

Data origin authentication Identity of the source of data

(implicit) key authenticationIdentity of party which may possibly share a key

Key conformationEvidence that a key is possessed by some party

Explicit key authenticationEvidence an identified party possesses a given key


Authentication protocol : to provide to one party some degree of assurance regarding the identity of another with which it is purportedly communicating

Key establishment protocol : to establish a shared secret.

Authenticated key establishment protocol :to establish a shared secret with a party whose identity has been (or can be) collaborated.

Authenticated key establishment protocol


Requirement for a SKC :

- random and long enough to deter a brute force attack.

- practical key size : AES : 128, 192, 256 bits

Key distribution in SKC

- For a network with n nodes, each nodes wish to talk securely to every other node. How many keys would this require?

n = 50 1,225 keys

n = 250 31,125 keys

Key Generation in SKC

2

)1(2

nnCn


Key Generation in SKC

Solutions for key distribution in SKC : Key distribution center (KDC)

KDC stores keys for all nodes in the network

Each node in the network is configured with only one key

How does it work? 1) Alice KDC : request session key for Bob.

2) KDC B, A : send same session key


Entity authentication and session key generation

Based on Needham-Schroeder protocol

Drawback– Bottleneck

– single point of failure

Kerberos : Key Generation in SKC


Public key Cryptography - each entity : (public key, private key) pair.

- Certificate Authority(CA) :

- trusted third party : certifying the owner of a public key

- combine public key with entity’s identity.

- issue certificate = “Alice’s public key is Kwa” +

SignPCA( hash(“Alice’s public key is Kwa”))

- provide certificate verification service

Key Establishment in PKC


Diffie-Hellman Key Exchange

xyxy gS key session Shared

Remember DHP !!!


) (mod ng k

Man-in-the-middle attack against Diffie-Hellman

xpEA gS

kyBE gS

) (mod ng x

) (mod ng y

) (mod ng p

• Alice and Bob think they are talking each other.

• Eve impersonate Alice and Bob to Bob and Alice respectively.

)(mod ng p


Static Diffie Hellman

- g, n is fixed,

- CA Alice :

- CA Bob :

Dynamic Diffie-Hellman

- g, n : ephemeral (established dynamically)

- CA Alice :

- CA Bob :

Enhanced Diffie-Hellman Key Exchange

Alice} n, mod{ xiCA gEK

Bob} n, modyiCA gEK {

Alice} n, mod,,{ xiCA gngEK

Bob} n, modyiCA gngEK ,,{

xyxyAB

xyyxAB gSKgSKAlice )( : Bob ,)(:


RSA encryption

RSA

See the chap. 8 of handbook!!


RSA signing

RSA


PKCS#1

homomorphic property of basic RSA

RSA based cryptographic schemes

see [ this ] for security analysis

RSA based cryptographic schemes


Authentication : the Process of verifying that a node or users is who they claim to be.

Usage in network : access control

Access control : primary defense mechanisms in network security and computer security.

Authentication Protocol


Use the address of the node in the network.

MAC address or IP address

Allows only a preconfigured set of MAC or IP address to access the network.

Usually implemented in the switch or router

Loop holes : – Simple one-to-one mapping between a node and a user.

– So does not really authenticate the user

– Weak to MAC spoofing and IP spoofing attack.

Address-Based Authentication


Storing <username, password> pair list in a file on the server machine.

– If the password file is compromised, all user passwords are compromised.

Machine store <username, hash(password)> pair– Even though the file is compromised, the passwords are still secure.

– But still open to dictionary attack.

Password for Local Authentication (Login)


Human generated passwords– Come from a small domain– Easy to guess – dictionary attacks

Stronger passwords– Computer generated or verified– Not user friendly– Hard to remember

Insecurity of Passwords


Eavesdropping. (Solution: encrypt the channel, e.g. using SSL or SSH.)

Offline dictionary attacks. – Attacker compute < word, hash(word)> pair list – Attacker get password file and search hash(password) in his

stored list.– (Solution: limit access to password file, use salt.)

< word, hash(word+salt), salt>

• Online dictionary attacks: Attacker guesses a username/password pair and tries to login. Real time.

• Case study : e-Bay user account hacking [ link ]

Possible attacks on passwords


Countermeasures against online dictionary attacks

Username / pwd-1

Username / pwd-2

Username / pwd-5

Answer 2 (No)

Answer 1 (No)

Answer 5 (No)

Delayed answer

Account locked


Risks of locking accounts

• eBay experiences dictionary attacks, but does not implement account locking.

• Denial of service attacks: To lock a user, try to login into his account with random passwords. (auctions, corporates…)

• Customer service costs: Users whose accounts are locked call a customer service center – impose call cost


Password for network authentication differ from local login.

Hashed password can not be sent over the network.

Captured hashed password can be used for offline dictionary attack

Using Salt (transmit in plain text) still weak to offline attack.

Password for Network Authentication


In a network authentication, use password for deriving shared keys to be used in challenge response system.

Key = part of hash(password)

One-way authentication using SKC

Authentication using SKC


One-way Authentication using SKC-variation


One-way Authentication using SKC-variation

Bob : state-less prevent Denial of Service(DoS) attack

timestamp : require time synchronization, not trivial in a

large network.

if stream cipher is used, 1 bit flip in the cipher text flips

1 bit in the plain text.

Eve may get an approximate time stamp by flipping the millisecond

bits.


Authenticate each other.

(Reduced Massages)

Mutual Authentication using SKC


Mutual authentication using SKC-Reflection Attack

How to prevent the reflection attack

(1) Unique format for each direction – even and odd challenge

(2) Different symmetric key for each direction


Bob(server) saves (username, )

After one authentication, Bob sets raise to (m-1)

When m=1, reconfigure new password.

How to avoid new password reconfiguration when m=1

use salt with password

Lamport’s Hash

: (m-1) times hash of R1.


One-way authentication Mutual Authentication

Key Database compromise does not compromise the security of the System.

Authentication using PKC


SKC

(Advantages)– less computation intensive

– more resilient to DoS Attacks.

(Disadvantages)– Key database compromise security of whole system is compromised.

– Eve can collect < plaintext, ciphertext> pairs launch dictionary attack.

How to: Eve claims to be Bob and send challenge to A, then collect the cipher text for the challenge.

What to use for authentication : SKC or PKC?


PKC

(advantages)–Key database compromise does not compromise the security of whole system

– dictionary attack is not applicable.

(Disadvantages)– computation intensive

– weak to DoS Attacks.

What to use for authentication: SKC or PKC?


Instead of trying to break the authentication protocol, it circumvent it completely.

Cause : authentication result is not linked to the rest of the session.

Solution : Use authenticated key agreement protocol.

Session Hijacking


SKC-based mutual authentication and key establishment

Needham Schroeder


Kerberos


[B. Pinkas] Securing Passwords against Dictionary attack

http://www.pinkas.net/PAPERS/pwdweb.pdf

[e-bay case] http://news.com.com/2100-1017-868278.html?tag=yt

Collin Boyd, Anish Mathuria, Protocols for Authentication and Key Establishment, Springer-Verlag

Evaluation of RSA cryptographic Schemes, http://www.ipa.go.jp/security/enc/CRYPTREC/fy15/doc/1011_rsa.pdf

Resources

Network Security Network Security Protocol 1 Network Security Chapter 2. Network Security Protocols.

Documents