week two orientation

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 1/18

Manjunath Mattam

Security Protocols 

Week 2

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 2/18

• Welcome back, after vacation..

• This is week 2, Security protocols

•

Next week new course, Web security.• Did you finish the homework?

 – Reading assignment and ZK Proof

 –

Text book – Completed TLS?

• Security Foundations course result ready.

Administrative issues

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 3/18

Zero Knowledge proof

• Did you pick scenarios during vacation?discussion

• Objective: Show possession of a secret toanother party without disclosing thatsecret.

• This requires:

 – Interactive proofs

 – Require complex, bandwidth intense protocols

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 4/18

Example Scenarios:

• All users in the system keep backup filesencrypted with secret key of users. – Alice wants Bob to send a file, Bob can not open

these encrypted files therefore chances of sending a

wrong file is more. – Alice with out sending the secret key how does she

communicate exact file?

• Alice wants to login her bank account – Alice calls her bank, and for authentication she was

asked to disclose 3rd digit and 9th digit of herpassword/debit card.

• Is this Zero Knowledge proof?

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 5/18

Zero Knowledge proof

• Is it possible to prove a statement withoutyielding anything beyond its validity?

• Such proofs are called zero knowledgeproof.

• What is a proof?

 – Prover

 – Verification process.

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 6/18

ZK Proof

• Features:

 – Verifier cannot learn anything from theprotocol

 – The prover cannot cheat the verifier

 – Verifier cannot cheat the prover

 – The verifier cannot pretend to be prover in a

third party.

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 7/18

Demo

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 8/18

Authentication

• Principal: Legitimate owner of a given identity.• Claimant: Entity attempting to be authenticated

as principal.• Authentication factors:

 – Claimant demonstrates knowledge of something – Claimant demonstrates possession of something

 – Claimant demonstrates some required characteristics(immutable)

 –

Claimant provides evidence that he/she is atparticular place. – Claimant provides proof that he/she is authenticated

by trusted third party.

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 9/18

Authentication

• Weak Authentication – PINs, Passwords, Bio metric, One time pads.

• Challenge response authentication – One party sends the challenge, Second party sends a

response in pre-agreed manner that demonstratesidentity.

 – If communication is monitored, old responses shouldnot provide useful information for futureidentifications.

 – Challenge response with Zero knowledge proof• Use zk proof to allow Alice to demonstrate knowledge of a

secret with out revealing the secret (or any other usefulinformation) to Bob.

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 10/18

Multi-factor authentication

• Reliance on a single factor is ofteninsufficient.

• Multifactor authentication is combination ofmore than one factor.

• Unilateral Authentication: Just one party toa communication activity authenticatesother party (like in TLS).

• Mutual authentication.

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 11/18

How to solve following scenarios?

• Google, MSN, Yahoo.

• Skype, Ebay, Paypal

•

One ecommerce transaction many partiesand many servers.

• Many servers in one network, many

usernames and passwords.• Secure tunnel  – proxy server in between.

• How many passwords can you remember?

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 12/18

NT Lan Manager (NTLM)

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 13/18

Kerberos

• One time authentication for multiple networkservices; developed by MIT in 1980s.

• Strong symmetric cryptography.

•

Usage of tickets, and time stamps.• Kerberos Server (Key distribution Center  – the

KDC). Divided into 2 services – Authentication Service

 – Ticket Granting Service• All network servers treat KDC as trusted third

party.

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 14/18

How it works?

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 15/18

Needham  – Schroeder Protocol

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 16/18

Kerberos in detail

• Authentication server has list of all users andtheir passwords.

• Authentication server also has shared secret keywith ticket granting server.

• Client authenticates himself to AS. Serverresponds with ticket.

• When ever client wants to communicate withother servers, he will have to approach TGS first

with ticket given by AS.• TGS server gives another ticket for

corresponding network server.

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 17/18

Reading Assignment

• Improvements in conventional PKI wisdom

8/3/2019 Week Two Orientation

http://slidepdf.com/reader/full/week-two-orientation 18/18

Thank you.