Sec-2 - Take-home points Distributed Systems Security II 15-440 Remember digital signatures From last time Shared key crypto with key KAB Intuition

Info iconThis preview shows pages 1–3. Sign up to view the full content.

View Full Document Right Arrow Icon
Distributed Systems Security II 15-440 Take-home points What does using public-key for our authentication buy us? Compare kerberos (needham-schroeder) and SSL with a certiFcate authority Metrics: Scaling, robustness, timeliness Motivate & understand perfect forward secrecy and difFe-hellman A touch of research: Perspectives SSL auth vs. CA auth Remember digital signatures ±rom last time. .. Shared key crypto with key K AB : Intuition: Hash them together HMAC(K AB , m) = H( (K. .) | H(K . .. | m)) Public key crypto with K A , K -1 A : Intuition: “signing” is encryption using the private key. But pub key operations are expensive: To make it practical, hash Frst so that the message is small, Fxed-size. E(K -1 A , H(m)) Today: Auth protocols Needham-Schroeder - basis of Kerberos authentication Goal: Secure, usable authenticaiton system without needing public-key cryptography Idea: Everyone shares a key with a trusted third party server If A wants to talk to B, on demand, that server generates key K AB and shares it with (and only with) A and B.
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Needham-Schroeder and Kerberos • In following diagrams: –Client C initiates a connection to server S • Authentication server A generates “session key” K SC for them to use to talk to each other. Only A, S, and C will know this key. –Each entity shares a private key with the authentication server: C and A share a secret key K AC S and A share secret key K AS –Nobody else knows either of those two keys. Needham-Schroeder and Kerberos • Messages: 1: C to A: C,S,n Authentication server A Server S Client C 1 A nonce: a “number used once.” In Kerberos this is usually the time. Needham-Schroeder and Kerberos
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/02/2011 for the course CS 440 taught by Professor Anderson during the Spring '11 term at Carnegie Mellon.

Page1 / 5

Sec-2 - Take-home points Distributed Systems Security II 15-440 Remember digital signatures From last time Shared key crypto with key KAB Intuition

This preview shows document pages 1 - 3. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online