Authentication in Distributed Systems

Authentication in Distributed Systems - Computer Security...

Info iconThis preview shows pages 1–9. Sign up to view the full content.

View Full Document Right Arrow Icon
11/07/11 1 Computer Security Authentication in Distributed Systems
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
2 Introduction Crypto transforms (communications) security problems into key management problems. To use encryption, digital signatures, or MACs, the parties involved have to hold the “right” cryptographic keys. With public key algorithms, parties need authentic public keys. With symmetric key algorithms, parties need shared secret keys.
Background image of page 2
3 Session Keys Public key algorithms tend to be more expensive than symmetric key algorithm. Cost factors: key length, computation time, bandwidth. It is desirable to use long-term keys only sparingly to reduce the “attack surface”. Potential problem: attacks that collect a large amount of encrypted material. Solution: long-term keys establish short term session keys .
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
4 Key Usage It is good cryptographic practice to restrict the use of keys to a specific purpose. In key management, we may use key encrypting keys and data encrypting keys. Examples for key usages: Encryption Decryption Signature Non-repudiation Master key Transaction key With RSA, we don’t use a single key pair both for encryption and for digital signatures.
Background image of page 4
5 Agenda Remote user authentication Definitions for key establishment Diffie-Hellman key agreement Man-in-the-middle attacks STS – station-to-station protocol AKEP Needham-Schroeder Perfect forward secrecy Kerberos
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
6 Using Passwords Remotely Sending passwords over the network HTTP Basic Access Authentication (http protocol) —password in clear HTTP Digest Access Authentication (http protocol) —digest of password Password sniffers Challenge-response protocols Off-line dictionary attacks Remote Authentication Dial-In User Service (RADIUS), RFC 2865 [RFC = Request for Comments, an Internet Engineering Task Force (IETF) memorandum on Internet systems and standards]
Background image of page 6
7 HTTP Basic Authentication Client: GET /index.html HTTP/1.0 Server: HTTP/1.1 401 Unauthorized WWW-authenticate Basic realm="SecureArea" Client: GET /index.html HTTP/1.0} Authorization: Basic am9ldXNlcjphLmIuQy5E Server: HTTP/1.1 200 Ok (plus document) Password sent in the clear, base64 encoded. Not really secure: anybody who can see the user’s reply learns the password. [NB: GET /index.html HTTP/1.0 is a client request for a specified resource HTTP/1.1 401 is a status code that indicates a provisional response; 401 indicates unauthorized. ]
Background image of page 7

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
HTTP Digest Authentication Challenge-response protocol (RFC 2617). Server sends random challenge ( nonce ) to user. User replies with hash ( digest ) of username+password+nonce+uri: request-digest = h ( h (username:realm:password): nonce: h (method:digest-uri)) Better security but still vulnerable to off-line dictionary attacks. [uri = uniform resource identifier of abstract or physical resource]
Background image of page 8
Image of page 9
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/07/2011 for the course CIS 4360 taught by Professor Mikeburmester during the Fall '11 term at FSU.

Page1 / 46

Authentication in Distributed Systems - Computer Security...

This preview shows document pages 1 - 9. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online