cse443-lecture-10-authentication

cse443-lecture-10-authentication - Lecture 10...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Lecture 10 - Authentication CMPSC 443 - Spring 2012 Introduction Computer and Network Security Professor Jaeger www.cse.psu.edu/~tjae ger/cse443-s12/
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page Kerberos: What to know • Kerberos Properties – Initial Goals: secure communication, mutual authentication – Extra Goal: single signon – Compare result to SSH (and PKI today) • Deployment of Needham-Schroeder – Two-phase protocol – Limited to single administrative domain 2 1) Alice Trent : { Alice + Bob + rand 1 } 2) Trent Alice : { Alice + Bob + rand 1 + K AB + { Alice + K AB } K BT } K AT 3) Alice Bob : { Alice + K AB } K BT 4) Bob Alice : { rand 2 } K AB 5) Alice Bob : { rand 2 - 1 } K AB Alice’s Ticket Bob’s Ticket Replaced by single “authenticator” message {time}K AB
Background image of page 2
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page Public Key Authentication • Public Key Cryptography is the answer – easy to distribute the public key – never give the private key to anyone else – key agreement is easy (sans Needham-Schoeder) – keys can be global • While PK is used, not as broadly as expected • Requires a signifcant inFrastructure – Global systems are diFfcult (impossible) to build 3
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page Public Key Infrastructure • System to “securely distribute public keys” – Q: Why is that hard? • Terminology: – Alice signs a certifcate For Bob ʼ s name and key • Alice is issuer, and Bob is subject – Alice wants to fnd a path to Bob ʼ s key • Alice is verifer, and Bob is target – Anything that has a public key is a principal – Anything trusted to sign certifcates is a trust anchor • Its certifcate is a root certifcate 4
Background image of page 4
CMPSC 443 Introduction to Computer and Network Security - Spring 2012 - Professor Jaeger Page What is a certificate? • A certifcate … – … makes an association between a user identity/job/attribute and a private key – … contains public key inFormation {e,n} – … has a validity period – … is signed by some certifcate authority (CA) • Issued by CA For some purpose – Verisign is in the business oF issuing certifcates – People trust Verisign to vet identity 5
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

Page1 / 23

cse443-lecture-10-authentication - Lecture 10...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online