LectureNote23-Kerberos

LectureNote23-Kerberos - K ERBEROS I DENTIFICATION AND A...

Info iconThis preview shows pages 1–8. Sign up to view the full content.

View Full Document Right Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: K ERBEROS I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 57 / 98 Mutual Authentication I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 58 / 98 a45 a27 a27 a45 Alice Bob { r A } K AB (Bob’s response) r A (Alice’s challenge) r B (Bob’s challenge) { r B } K AB (Alice’s response) Mutual Authentication I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 59 / 98 ● Problem – how to share key ✦ This is more critical than in the case of Secret key based encryption schemes because authentication is a more fundamental issue ● Solution – Mediated Authentication ✦ Secret key based – Needham-Schroeder and Kerberos ✦ Public key based – X.509 Needham–Schroeder Protocol I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 60 / 98 ● Mediated authentication and key exchange protocol based on trusted third party ✦ R M Needham, M D Schroeder, “Using Encryption for Authentication in Large Networks of Computers”, CACM, 21(12), Dec 1978, pp993-998 ● After authentication communicating parties share a secret key that can be used in future secure exchanges Needham-Schroeder Protocol (continued) I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 61 / 98 Message 1: Alice → TP A, B, N A Message 2: TP → Alice { N A , B, K AB , { K AB , A } K BS } K AS Message 3: Alice → Bob { K AB , A } K BS Message 4: Bob → Alice { N B } K AB Message 5: Alice → Bob { N B- 1 } K AB Needham-Schroeder Protocol (continued) I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS K ERBEROS O THER M UTUAL A UTHENTICATION P ROTOCOLS CS 556 - Computer Security - c circlecopyrt 2009 Colorado State University – 62 / 98 ● Problem – suffers from replay attack ✦ Message 3 can be subject to replay attack with an old compromised session key by an active attacker ● Solutions ✦ Include a timestamp in messages 1 to 3, which requires synchronised clocks ✦ Have Alice ask Bob for a random value J B to be sent to S for return in { K AB , A, J B } K BS Kerberos – Improved Needham-Schroeder I DENTIFICATION AND A UTHENTICATION P ASSWORD B ASED A UTHENTICATION O NE T IME P ASSWORDS...
View Full Document

This note was uploaded on 05/29/2010 for the course CS 556 taught by Professor Staff during the Spring '08 term at Colorado State.

Page1 / 42

LectureNote23-Kerberos - K ERBEROS I DENTIFICATION AND A...

This preview shows document pages 1 - 8. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online