tailieunhanh - Authentication Applications

key concerns are confidentiality and timeliness to provide confidentiality must encrypt identification and session key info which requires the use of previously shared private or public keys need timeliness to prevent replay attacks provided by using sequence numbers or timestamps or challenge/response | Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden Henric Johnson Outline Security Concerns Kerberos Authentication Service Recommended reading and Web Sites Henric Johnson Security Concerns key concerns are confidentiality and timeliness to provide confidentiality must encrypt identification and session key info which requires the use of previously shared private or public keys need timeliness to prevent replay attacks provided by using sequence numbers or timestamps or challenge/response Henric Johnson KERBEROS In Greek mythology, a many headed dog, the guardian of the entrance of Hades Henric Johnson KERBEROS Users wish to access services on servers. Three threats exist: User pretend to be another user. User alter the network address of a workstation. User eavesdrop on exchanges and use a replay attack. Henric Johnson KERBEROS Provides a centralized . | Chapter 4 Authentication Applications Henric Johnson Blekinge Institute of Technology,Sweden Henric Johnson Outline Security Concerns Kerberos Authentication Service Recommended reading and Web Sites Henric Johnson Security Concerns key concerns are confidentiality and timeliness to provide confidentiality must encrypt identification and session key info which requires the use of previously shared private or public keys need timeliness to prevent replay attacks provided by using sequence numbers or timestamps or challenge/response Henric Johnson KERBEROS In Greek mythology, a many headed dog, the guardian of the entrance of Hades Henric Johnson KERBEROS Users wish to access services on servers. Three threats exist: User pretend to be another user. User alter the network address of a workstation. User eavesdrop on exchanges and use a replay attack. Henric Johnson KERBEROS Provides a centralized authentication server to authenticate users to servers and servers to users. Relies on conventional encryption, making no use of public-key encryption Two versions: version 4 and 5 Version 4 makes use of DES Henric Johnson Kerberos Version 4 Terms: C = Client AS = authentication server V = server IDc = identifier of user on C IDv = identifier of V Pc = password of user on C ADc = network address of C Kv = secret encryption key shared by AS an V TS = timestamp || = concatenation Henric Johnson A Simple Authentication Dialogue C AS: IDc || Pc || IDv AS C: Ticket C V: IDc || Ticket Ticket = EKv[IDc || Pc || IDv] Henric Johnson Version 4 Authentication Dialogue Problems: Lifetime associated with the ticket-granting ticket If to short repeatedly asked for password If to long greater opportunity to replay The threat is that an opponent will steal the ticket and use it before it expires Henric Johnson Version 4 Authentication Dialogue Authentication Service Exhange: To obtain .