1Lecture 5

Topics

• Digital Signature (Signed Hashed value)

• Digital Certificate

• User Authentication Mechanisms

• Secure Socket Layer (SSL)

• GSM Security

2Lecture 5

Digital Signature

• Speed and practice consideration

• Sign on Hashed value of the message

3Lecture 5

How can public key been seen

• Store a list of trusted public keys in your storage.

• Public key signed by a authorized unit. (digital Certificate)

4Lecture 5

Digital Certificate

• Digital version of a paper-based passport

• Identifies a person/organization uniquely on the Internet

• Binds a user with its public key

5Lecture 5

Digital Certificate Concept

Fig 5.1

Digital Certificate

“I officially approve the relation between

the holder of this certificate (the user) and this particular

public key.

6Lecture 5

Digital Certificate Contents

• Main contents are the subject name (user), validity and public key

• Signed by a Certification Authority (CA)

• Provides guarantees about a user’s identity

7Lecture 5

Digital Certificate Example

Fig 5.2

Digital Certificate

Subject Name: Atul KahatePublic Key: <Atul’s key>Serial Number: 1029101Other data: Email - akahate@indiatimes.comValid From: 1 Jan 2001Valid To: 31 Dec 2004Issuer Name: VeriSign

…

8Lecture 5

Similarities between a Passport and a Digital Certificate

Fig 5.3

Passport entry Corresponding digital certificate entry

Full name Subject name

Passport number Serial number

Valid from Same

Valid to Same

Issued by Issuer name

Photograph and signature Public key

9Lecture 5

Digital Certificate ContentsVersion

Certificate Serial Number

Signature Algorithm Identifier

Issuer Name

Validity (Not Before / Not After)

Subject Name

Subject Public Key Information

Issuer Unique Identifier

Subject Unique Identifier

Extensions

Certification Authority’s Digital Signature

10Lecture 5

Digital Certificate ContentsField Description

Version Identifies a particular version of the X.509 protocol, which is used for this digital certificate. Currently, this field can contain 1, 2 or 3.

Certificate Serial Number Contains a unique integer number, which is generated by the CA.

Signature Algorithm Identifier

Identifies the algorithm used by the CA to sign this certificate. (We shall examine this later).

Issuer Name Identifies the Distinguished Name (DN) of the CA that created and signed this certificate.

Validity (Not Before/Not After)

Contains two date-time values (Not Before and Not After), which specify the timeframe within which the certificate should be considered as valid. These values generally specify the date and time up to seconds or milliseconds.

Subject Name Identifies the Distinguished Name (DN) of the end entity (i.e. the user or the organization) to whom this certificate refers. This field must contain an entry unless an alternative name is defined in Version 3 extensions.

Subject Public Key Information

Contains the subject’s public key and algorithms related to that key. This field can never be blank.

11Lecture 5

CA Hierarchy

• There can be multiple level CAs

• Useful for delegation of work

• Each higher level CA vouches for its subordinate CA

12Lecture 5

CA Hierarchy

Fig 5.20

Root CA

Second Level CA Second Level CA Second Level CA

Third Level CA Third Level CA Third Level CAThird Level CA…

… …

13Lecture 5

Same Root CA

Fig 5.21

Root CA

Second Level CA (A1)

Second Level CA (A2)

Second Level CA (A3)

Third Level CA(B1)

Third Level CA(B2)

Third Level CA(B11)

Third Level CA(B10)

…

Alice … Bob…

14Lecture 5

How to Verify Root CA?

Fig 5.22

Digital Certificate

…Issuer Name: B11

Subject Name: Bob…

Digital Certificate

…Issuer Name: A3

Subject Name: B11…

Digital Certificate

…Issuer Name: RootSubject Name: A3

…

Digital Certificate

…Issuer Name: ???

Subject Name: Root…

15Lecture 5

Self-signed Certificate

Fig 5.23

Digital Certificate

…Issuer Name: Root

Subject Name: Root…

16Lecture 5

Cross-Certification

• In some cases, even root CAs can be different

• In such cases, they certify each other

• Creates a cross level trust

17Lecture 5

Cross-Certification of CAs

Fig 5.25

Root CA of Japan

Second Level CA (A1)

Second Level CA (P1)

Third Level CA(B1)

Third Level CA(B2)

Third Level CA(Q2)

Third Level CA(Q1)

Alice … Bob…

Root CA of the US

Cross-certified

18Lecture 5

Validity of a Certificate

• It is necessary to check the validity of a certificate before it is used

• Two chief mechanisms:– Online Checks– Offline Checks

19Lecture 5

Authentication

• Who is who?

• Identifies a user or a resource

• Establishes trust before communication can take place

20Lecture 5

Authentication Mechanisms

• Passwords

• Message digests of passwords

• Authentication Tokens

• Certificate-based Authentication

• Biometrics

21Lecture 5

Password Authentication

Alic

e

BobID: Alice, password: fiddle

Problems:

1. Password is clear text

2. How server Bob store users’ password

Id PasswordAlice fiddleAmay wang1123Atul hor{9mn}

22Lecture 5

Message Digests of PasswordsA

lice

BobID: Alice, passwd:Hash( fiddle}

Problems:

1. Replay attacks

Id Hash(Pass)Alice pp*;;Amay werr[};Atul fghppo{

23Lecture 5

Solve the replay attack problem

• Create a secure channel when communicating.

• Challenge/response between User and Server

Alic

e

BobID: Alice, passwd:Hash( fiddle}

Secure channel

Alic

e

Bob

I’m Alice

R signed with Alice’s private key

R

24Lecture 5

Message Digests of Passwords

• Original clear text password is never stored/transmitted

• Message digest of password is stored in the database, and the same is used for authentication

• Problems: replay attacks

25Lecture 5

Message Digests of Passwords

Fig 7.7

tigernewroadapril…

Message digest algorithm

Message digests of passwords

Passwords

G%6$1

Vt^80+1+{:>9mn

Step 1: Calculate the message digests of the passwords on the server-side.

Step 2: Store the user ids and message digests of the passwords in the user database.

Id PasswordJyoti G%6$1Amar Vt^80+1Atul +{:>9mn

User database

Server User creation program

26Lecture 5

Authentication Tokens

• Token and server are synchronized initially

• Token generates fresh passwords periodically

• Same passwords are generated at the server

27Lecture 5

Authentication Token Concept

Id SeedAlice 1123456Amar 415901617Atul 615019191

Id = atulpassWd = 615019191

passWd = 615019191Seed

Seed: 1123456

Alic

e

Bob

28Lecture 5

Certificate-based Authentication

• User’s certificate details need to be stored on the server-side

• CA distributes the certificates to the users also

• Validation between the two takes place at the time of authentication

29Lecture 5

Digital Certificate Storage

Certificate

Certificate Server

Id Public Key Validity…Jyoti1 59010191 June 2003Amar 415901617 May 2002Atul 615019191 July 2003

User databaseCertification Authority

(CA)

Certificate Certificate

To respective users

30Lecture 5

Certificate-based Authentication

Server

8102811291012

ServerLogin request

Id = atulSign = 90184112124832

Step 1: User’s computer encrypts the random challenge with the user’s private key to produce the digital signature.

Step 2: User’s computer sends the digital signature to the server as a part of the login request.

90184112124832

Original random challenge

User’s digital signature

Private key file

Encrypt

31Lecture 5

Smart Card Issues and SolutionsProblem/Issue Emerging solution

Smart card readers are not yet a part of a desktop computer, unlike a hard disk drive or a floppy disk drive

The new versions of computers and mobile devices are expected to come with smart card readers out of the box.

Non-availability of smart card reader driver software

Microsoft has made the PC/SC smart card framework an integral part of the Windows 2000 operating system. Most smart card reader manufacturers ship the PC/SC compliant reader drivers, making the process of adding a reader hardware to the computer a plug-and-play operation.

Non availability of smart card aware cryptographic services software

Smart-card aware software such as Microsoft Crypto API (MS-CAPI) comes free with Internet Explorer.

Cost of smart cards and card readers is high

This is reducing now. Smart cards are available for about $5, and the card readers for about $20.

32Lecture 5

Authentication in Wireless Communication

• 802.11i

• GSM (Global System for Mobible Communications)

• DECT (Digital Eurpean Cordless Telephone)

33Lecture 5

GSM

• Handset with SIM card , HLR(Home Location Register), VLR(Visitor Location Register)

• Handset HLR has IMSI (International Mobile Subscriber Identity) and Ki (an Authentication Key)

• Three functions are used: A3, A5,A8 :– A3 and A8 are one way function like hash but much

simpler, – A5 is the one key encrypted/decrypted function like

RC4,

34Lecture 5

Handset VLR HLRIMSI

IMSI

IMSI, RAND, Kc, SRES

RAND

SRES

A5Kc(TMSI)

Kc=A8(Ki//RAND)SRES=A3(Ki//RAND)

ACK

35Lecture 5

Secure Socket Layer (SSL)

• World’s most widely used security mechanism on the Internet

• Secures communication between a client and a server

• Located between the Application and Transport Layers of TCP/IP protocol suite

36Lecture 5

Position of SSL in TCP/IP

Fig 6.9

Application Layer

Transport Layer

Internet Layer

Data Link Layer

Physical Layer

SSL Layer

37Lecture 5

Data Exchange including SSL

Fig 6.10

X

LA data

010101010100010101010010

Transmission medium

H4Performed LA data+SH

H3Performed LA data+SH+H4

Application

Transport

Internet

Physical

Performed

LA data

SSLSH

H2Performed LA data+SH+H4+H3 Data Link

Y

L5 data

010101010100010101010010

H4Performed LA data+SH

H3Performed LA data+SH+H4

Performed

LA data SH

H2Performed LA data+SH+H4+H3

38Lecture 5

SSL Sub-Protocols

• Handshake Protocol

• Record Protocol

• Alert Protocol

39Lecture 5

SSL Handshake Message Format

Fig 6.11

Type Length Content

1 byte 3 bytes 1 or more bytes

40Lecture 5

SSL Handshake MessagesMessage Type Parameters

Hello request None

Client hello Version, Random number, Session id, Cipher suite, Compression method

Server hello Version, Random number, Session id, Cipher suite, Compression method

Certificate Chain of X.509V3 certificates

Server key exchange Parameters, signature

Certificate request Type, authorities

Server hello done None

Certificate verify Signature

Client key exchange Parameters, signature

Finished Hash value

41Lecture 5

SSL Handshake Process

Web Browse

r

Web Server

1. Establish security capabilities

2. Server authentication and key exchange

3. Client authentication and key exchange

4. Finish

42Lecture 5

SSL Handshake – Phase 1

Web Brows

er

Web ServerStep 1: Client hello

Step 2: Server hello

43Lecture 5

SSL Handshake – Phase 2

Web Brows

er

Web Server

Step 1: Certificate

Step 2: Server key exchange

Step 3: Certificate request

Step 4: Server hello done

44Lecture 5

SSL Handshake – Phase 3

Web Browse

r

Web Server

Step 1: Certificate

Step 2: Client key exchange

Step 3: Certificate verify

45Lecture 5

SSL Handshake – Phase 4

Web Brows

er

Web Server

Step 3: Change cipher specs

Step 4: Finished

1. Change cipher specs

2. Finished

46Lecture 5

SSL Record Protocol

Application data

Fragmentation

Compression

Addition of MAC

Encryption

Append header

PerformedAction on Application data