1 lecture 5 topics digital signature (signed hashed value) digital certificate user authentication...
TRANSCRIPT
1Lecture 5
Topics
• Digital Signature (Signed Hashed value)
• Digital Certificate
• User Authentication Mechanisms
• Secure Socket Layer (SSL)
• GSM Security
2Lecture 5
Digital Signature
• Speed and practice consideration
• Sign on Hashed value of the message
3Lecture 5
How can public key been seen
• Store a list of trusted public keys in your storage.
• Public key signed by a authorized unit. (digital Certificate)
4Lecture 5
Digital Certificate
• Digital version of a paper-based passport
• Identifies a person/organization uniquely on the Internet
• Binds a user with its public key
5Lecture 5
Digital Certificate Concept
Fig 5.1
Digital Certificate
“I officially approve the relation between
the holder of this certificate (the user) and this particular
public key.
6Lecture 5
Digital Certificate Contents
• Main contents are the subject name (user), validity and public key
• Signed by a Certification Authority (CA)
• Provides guarantees about a user’s identity
7Lecture 5
Digital Certificate Example
Fig 5.2
Digital Certificate
Subject Name: Atul KahatePublic Key: <Atul’s key>Serial Number: 1029101Other data: Email - [email protected] From: 1 Jan 2001Valid To: 31 Dec 2004Issuer Name: VeriSign
…
8Lecture 5
Similarities between a Passport and a Digital Certificate
Fig 5.3
Passport entry Corresponding digital certificate entry
Full name Subject name
Passport number Serial number
Valid from Same
Valid to Same
Issued by Issuer name
Photograph and signature Public key
9Lecture 5
Digital Certificate ContentsVersion
Certificate Serial Number
Signature Algorithm Identifier
Issuer Name
Validity (Not Before / Not After)
Subject Name
Subject Public Key Information
Issuer Unique Identifier
Subject Unique Identifier
Extensions
Certification Authority’s Digital Signature
10Lecture 5
Digital Certificate ContentsField Description
Version Identifies a particular version of the X.509 protocol, which is used for this digital certificate. Currently, this field can contain 1, 2 or 3.
Certificate Serial Number Contains a unique integer number, which is generated by the CA.
Signature Algorithm Identifier
Identifies the algorithm used by the CA to sign this certificate. (We shall examine this later).
Issuer Name Identifies the Distinguished Name (DN) of the CA that created and signed this certificate.
Validity (Not Before/Not After)
Contains two date-time values (Not Before and Not After), which specify the timeframe within which the certificate should be considered as valid. These values generally specify the date and time up to seconds or milliseconds.
Subject Name Identifies the Distinguished Name (DN) of the end entity (i.e. the user or the organization) to whom this certificate refers. This field must contain an entry unless an alternative name is defined in Version 3 extensions.
Subject Public Key Information
Contains the subject’s public key and algorithms related to that key. This field can never be blank.
11Lecture 5
CA Hierarchy
• There can be multiple level CAs
• Useful for delegation of work
• Each higher level CA vouches for its subordinate CA
12Lecture 5
CA Hierarchy
Fig 5.20
Root CA
Second Level CA Second Level CA Second Level CA
Third Level CA Third Level CA Third Level CAThird Level CA…
… …
13Lecture 5
Same Root CA
Fig 5.21
Root CA
Second Level CA (A1)
Second Level CA (A2)
Second Level CA (A3)
Third Level CA(B1)
Third Level CA(B2)
Third Level CA(B11)
Third Level CA(B10)
…
Alice … Bob…
14Lecture 5
How to Verify Root CA?
Fig 5.22
Digital Certificate
…Issuer Name: B11
Subject Name: Bob…
Digital Certificate
…Issuer Name: A3
Subject Name: B11…
Digital Certificate
…Issuer Name: RootSubject Name: A3
…
Digital Certificate
…Issuer Name: ???
Subject Name: Root…
15Lecture 5
Self-signed Certificate
Fig 5.23
Digital Certificate
…Issuer Name: Root
Subject Name: Root…
16Lecture 5
Cross-Certification
• In some cases, even root CAs can be different
• In such cases, they certify each other
• Creates a cross level trust
17Lecture 5
Cross-Certification of CAs
Fig 5.25
Root CA of Japan
Second Level CA (A1)
Second Level CA (P1)
Third Level CA(B1)
Third Level CA(B2)
Third Level CA(Q2)
Third Level CA(Q1)
Alice … Bob…
Root CA of the US
Cross-certified
18Lecture 5
Validity of a Certificate
• It is necessary to check the validity of a certificate before it is used
• Two chief mechanisms:– Online Checks– Offline Checks
19Lecture 5
Authentication
• Who is who?
• Identifies a user or a resource
• Establishes trust before communication can take place
20Lecture 5
Authentication Mechanisms
• Passwords
• Message digests of passwords
• Authentication Tokens
• Certificate-based Authentication
• Biometrics
21Lecture 5
Password Authentication
Alic
e
BobID: Alice, password: fiddle
Problems:
1. Password is clear text
2. How server Bob store users’ password
Id PasswordAlice fiddleAmay wang1123Atul hor{9mn}
22Lecture 5
Message Digests of PasswordsA
lice
BobID: Alice, passwd:Hash( fiddle}
Problems:
1. Replay attacks
Id Hash(Pass)Alice pp*;;Amay werr[};Atul fghppo{
23Lecture 5
Solve the replay attack problem
• Create a secure channel when communicating.
• Challenge/response between User and Server
Alic
e
BobID: Alice, passwd:Hash( fiddle}
Secure channel
Alic
e
Bob
I’m Alice
R signed with Alice’s private key
R
24Lecture 5
Message Digests of Passwords
• Original clear text password is never stored/transmitted
• Message digest of password is stored in the database, and the same is used for authentication
• Problems: replay attacks
25Lecture 5
Message Digests of Passwords
Fig 7.7
tigernewroadapril…
Message digest algorithm
Message digests of passwords
Passwords
G%6$1
Vt^80+1+{:>9mn
Step 1: Calculate the message digests of the passwords on the server-side.
Step 2: Store the user ids and message digests of the passwords in the user database.
Id PasswordJyoti G%6$1Amar Vt^80+1Atul +{:>9mn
User database
Server User creation program
26Lecture 5
Authentication Tokens
• Token and server are synchronized initially
• Token generates fresh passwords periodically
• Same passwords are generated at the server
27Lecture 5
Authentication Token Concept
Id SeedAlice 1123456Amar 415901617Atul 615019191
Id = atulpassWd = 615019191
passWd = 615019191Seed
Seed: 1123456
Alic
e
Bob
28Lecture 5
Certificate-based Authentication
• User’s certificate details need to be stored on the server-side
• CA distributes the certificates to the users also
• Validation between the two takes place at the time of authentication
29Lecture 5
Digital Certificate Storage
Certificate
Certificate Server
Id Public Key Validity…Jyoti1 59010191 June 2003Amar 415901617 May 2002Atul 615019191 July 2003
User databaseCertification Authority
(CA)
Certificate Certificate
To respective users
30Lecture 5
Certificate-based Authentication
Server
8102811291012
ServerLogin request
Id = atulSign = 90184112124832
Step 1: User’s computer encrypts the random challenge with the user’s private key to produce the digital signature.
Step 2: User’s computer sends the digital signature to the server as a part of the login request.
90184112124832
Original random challenge
User’s digital signature
Private key file
Encrypt
31Lecture 5
Smart Card Issues and SolutionsProblem/Issue Emerging solution
Smart card readers are not yet a part of a desktop computer, unlike a hard disk drive or a floppy disk drive
The new versions of computers and mobile devices are expected to come with smart card readers out of the box.
Non-availability of smart card reader driver software
Microsoft has made the PC/SC smart card framework an integral part of the Windows 2000 operating system. Most smart card reader manufacturers ship the PC/SC compliant reader drivers, making the process of adding a reader hardware to the computer a plug-and-play operation.
Non availability of smart card aware cryptographic services software
Smart-card aware software such as Microsoft Crypto API (MS-CAPI) comes free with Internet Explorer.
Cost of smart cards and card readers is high
This is reducing now. Smart cards are available for about $5, and the card readers for about $20.
32Lecture 5
Authentication in Wireless Communication
• 802.11i
• GSM (Global System for Mobible Communications)
• DECT (Digital Eurpean Cordless Telephone)
33Lecture 5
GSM
• Handset with SIM card , HLR(Home Location Register), VLR(Visitor Location Register)
• Handset HLR has IMSI (International Mobile Subscriber Identity) and Ki (an Authentication Key)
• Three functions are used: A3, A5,A8 :– A3 and A8 are one way function like hash but much
simpler, – A5 is the one key encrypted/decrypted function like
RC4,
34Lecture 5
Handset VLR HLRIMSI
IMSI
IMSI, RAND, Kc, SRES
RAND
SRES
A5Kc(TMSI)
Kc=A8(Ki//RAND)SRES=A3(Ki//RAND)
ACK
35Lecture 5
Secure Socket Layer (SSL)
• World’s most widely used security mechanism on the Internet
• Secures communication between a client and a server
• Located between the Application and Transport Layers of TCP/IP protocol suite
36Lecture 5
Position of SSL in TCP/IP
Fig 6.9
Application Layer
Transport Layer
Internet Layer
Data Link Layer
Physical Layer
SSL Layer
37Lecture 5
Data Exchange including SSL
Fig 6.10
X
LA data
010101010100010101010010
Transmission medium
H4Performed LA data+SH
H3Performed LA data+SH+H4
Application
Transport
Internet
Physical
Performed
LA data
SSLSH
H2Performed LA data+SH+H4+H3 Data Link
Y
L5 data
010101010100010101010010
H4Performed LA data+SH
H3Performed LA data+SH+H4
Performed
LA data SH
H2Performed LA data+SH+H4+H3
38Lecture 5
SSL Sub-Protocols
• Handshake Protocol
• Record Protocol
• Alert Protocol
39Lecture 5
SSL Handshake Message Format
Fig 6.11
Type Length Content
1 byte 3 bytes 1 or more bytes
40Lecture 5
SSL Handshake MessagesMessage Type Parameters
Hello request None
Client hello Version, Random number, Session id, Cipher suite, Compression method
Server hello Version, Random number, Session id, Cipher suite, Compression method
Certificate Chain of X.509V3 certificates
Server key exchange Parameters, signature
Certificate request Type, authorities
Server hello done None
Certificate verify Signature
Client key exchange Parameters, signature
Finished Hash value
41Lecture 5
SSL Handshake Process
Web Browse
r
Web Server
1. Establish security capabilities
2. Server authentication and key exchange
3. Client authentication and key exchange
4. Finish
42Lecture 5
SSL Handshake – Phase 1
Web Brows
er
Web ServerStep 1: Client hello
Step 2: Server hello
43Lecture 5
SSL Handshake – Phase 2
Web Brows
er
Web Server
Step 1: Certificate
Step 2: Server key exchange
Step 3: Certificate request
Step 4: Server hello done
44Lecture 5
SSL Handshake – Phase 3
Web Browse
r
Web Server
Step 1: Certificate
Step 2: Client key exchange
Step 3: Certificate verify
45Lecture 5
SSL Handshake – Phase 4
Web Brows
er
Web Server
Step 3: Change cipher specs
Step 4: Finished
1. Change cipher specs
2. Finished
46Lecture 5
SSL Record Protocol
Application data
Fragmentation
Compression
Addition of MAC
Encryption
Append header
PerformedAction on Application data